Hi everyone!
Given the following playbook: http://hastebin.com/pibujawasi - I’ve found
that the mysql_user module is not escaping properly database names with
wildcards in it, e.g.: foobar_version%
This is the output of the playbook previously mentioned,
including the Python traceback: http://hastebin.com/fafepiseda
mysql_user tries to remove any privilege from the user if it doesn’t appear in
the new specification. privileges_revoke() is invoked, which produces a query
where the database name is not escaped as expected as it has a wildcard in it.
This is how the query looks like:
REVOKE ALL PRIVILEGES ON foobar_version%.* FROM ‘username’@‘localhost’;
For some reason privileges_get() removes the grave accent (`) from the database
name, which is read from the output of SHOW GRANTS. That happens in the
line 222:
db = res.group(2).replace(‘`’, ‘’)
If I remove the call to replace(), the module works as expected as the query
produced is:
REVOKE ALL PRIVILEGES ON foobar\_version%.* FROM ‘username’@‘localhost’;
Do you know why is the grave accent being removed by mysql_user?
Is safe to stop doing that?
Thank you in advance!
