Merge pull request #636 from jmrenouard/master

New actions for MySQL tuner

.github/workflows/generate_examples.yml

@@ -1,15 +1,9 @@
 # This is a basic workflow to help you get started with Actions
 
-name: CI for MySQL Tuner
+name: Compile MT examples
 
 # Controls when the workflow will run
 on:
-  # Triggers the workflow on push or pull request events but only for the master branch
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
@@ -50,14 +44,6 @@ jobs:
           cd -
           rm -rf test_db
       # Runs a single command using the runners shell
-      - name: Run help mode
-        run: perl ./mysqltuner.pl --help
-
-      # Runs a single command using the runners shell
-      - name: Run verbose mode
-        run: sudo perl ./mysqltuner.pl --user=root --pass=root --protocol tcp --verbose
-
-      # Runs a single command using the runners shell
       - name: Run verbose mode with dumpdir result
         run: |
           mkdir -p ./examples/github/result
@@ -69,5 +55,5 @@ jobs:
           git config --global user.name "Jean-Marie Renouard"
           git config --global user.email "jmrenouard@gmail.com"
           git add .
-          git commit -m "Commit example result"
+          git commit -m "Commit example result for employees database for Actions"
           git push

.github/workflows/pull_request.yml

@@ -0,0 +1,42 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI for MySQL Tuner
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the master branch
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Setup MySQL Tuner repository
+        uses: actions/checkout@v3
+
+      - name: Set up MySQL
+        uses: mirromutth/mysql-action@v1.1
+        with:
+          mysql root password: "root"
+          mysql version: "8.0"
+
+      - name: Run help mode
+        run: |
+          sleep 20s
+          sudo perl ./mysqltuner.pl --help
+
+      # Runs a single command using the runners shell
+      - name: Run verbose mode
+        run: sudo perl ./mysqltuner.pl --user=root --pass=root --protocol tcp --verbose

.github/workflows/run_mt_with_db.yml

@@ -0,0 +1,52 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Test with databases
+
+# Controls when the workflow will run
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Setup MySQL Tuner repository
+        uses: actions/checkout@v3
+
+      - name: Set up MySQL
+        uses: mirromutth/mysql-action@v1.1
+        with:
+          mysql root password: "root"
+          mysql version: "8.0"
+      - name: Injecting credentials
+        run: |
+          echo -e "[client]\nuser=root\npassword=root\nhost=127.0.0.1\nprotocol=TCP" > $HOME/.my.cnf
+      
+      - name: Cloning test_db dataset
+        run: |
+          git clone https://github.com/datacharmer/test_db.git
+
+      - name: Injecting test_db dataset
+        run: |
+          sleep 5s
+          cd test_db
+          netstat -ltpn
+          mysql -e 'select version();'
+          mysql -e 'CREATE DATABASE data;'
+          mysql data< ./employees.sql
+          cd -
+          rm -rf test_db
+      # Runs a single command using the runners shell
+      - name: Run help mode
+        run: perl ./mysqltuner.pl --help
+
+      # Runs a single command using the runners shell
+      - name: Run verbose mode
+        run: sudo perl ./mysqltuner.pl --user=root --pass=root --protocol tcp --verbose

.github/workflows/update_cve_and_docs.yml

@@ -0,0 +1,45 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CVE and Docs update
+
+# Controls when the workflow will run
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Setup MySQL Tuner repository
+        uses: actions/checkout@v3
+
+      - name: Install dependencies
+        run: |
+          pwd
+          cd build
+          pwd
+          sudo bash ./installStaff.sh
+
+      - name: Update CVE and docs
+        run: |
+          pwd
+          cd ./build
+          pwd
+          sudo bash ./updateStaff.sh
+
+      # Runs a single command using the runners shell
+      - name: Commit CVE result to repo
+        run: |
+          pwd
+          sudo git config --global user.name "Jean-Marie Renouard"
+          sudo git config --global user.email "jmrenouard@gmail.com"
+          sudo git add ./vulnerabilities.csv ./mysqltuner.pl ./USAGE.md
+          sudo git commit -m "Updates CVE and docs (via Actions) - $(date +'%Y-%m-%d')"
+          sudo git push

build/updateStaff.sh

@@ -10,6 +10,6 @@ echo "* Update CVE list"
 perl updateCVElist.pl
 dos2unix ../mysqltuner.pl
 git add ../vulnerabilities.csv ../mysqltuner.pl ../USAGE.md
-git commit -m 'Update Vulnerabilities list
-Indenting mysqltuner
-Update Usage information'
+#git commit -m 'Update Vulnerabilities list
+#Indenting mysqltuner
+#Update Usage information'

mysqltuner.pl

@@ -212,7 +212,7 @@ if ( $opt{verbose} ) {
 $opt{nocolor} = 1 if defined( $opt{outputfile} );
 $opt{tbstat}  = 0 if ( $opt{notbstat} == 1 );    # Don't print table information
 $opt{colstat} = 0 if ( $opt{nocolstat} == 1 );  # Don't print column information
-$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 );  # Don't print database information
+$opt{dbstat}  = 0 if ( $opt{nodbstat} == 1 ); # Don't print database information
 $opt{noprocess} = 0
   if ( $opt{noprocess} == 1 );                # Don't print process information
 $opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't print sysstat information
@@ -1309,8 +1309,8 @@ sub get_all_vars {
     my @lineitems = ();
     foreach my $line (@mysqlslaves) {
         debugprint "L: $line ";
-        @lineitems = split /\s+/, $line;
-        $myslaves{ $lineitems[0] } = $line;
+        @lineitems                                        = split /\s+/, $line;
+        $myslaves{ $lineitems[0] }                        = $line;
         $result{'Replication'}{'Slaves'}{ $lineitems[0] } = $lineitems[4];
     }
 }
@@ -1461,7 +1461,7 @@ sub log_file_recommendations {
         $numLi++;
         debugprint "$numLi: $logLi"
           if $logLi =~ /warning|error/i and $logLi !~ /Logging to/;
-        $nbErrLog++  if $logLi =~ /error/i and $logLi !~ /Logging to/;
+        $nbErrLog++ if $logLi =~ /error/i and $logLi !~ /Logging to/;
         $nbWarnLog++ if $logLi =~ /warning/i;
         push @lastShutdowns, $logLi
           if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i;
@@ -2225,7 +2225,7 @@ sub get_replication_status {
           "This replication slave is not running but seems to be configured.";
     }
     if (   defined($io_running)
-        && $io_running =~ /yes/i
+        && $io_running  =~ /yes/i
         && $sql_running =~ /yes/i )
     {
         if ( $myvar{'read_only'} eq 'OFF' ) {

vulnerabilities.csv

@@ -1713,7 +1713,8 @@
 8.0.30;8;0;30;CVE-2022-39408;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";""
 8.0.30;8;0;30;CVE-2022-39410;Candidate;"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:https://security.netapp.com/advisory/ntap-20221028-0013/   |   FEDORA:FEDORA-2023-d332f0b6a3   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EG3VBUHKCUXVWBSCD2FHCWIAMZO4X3PR/   |   FEDORA:FEDORA-2023-e449235964   |   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGZ4B5IQJEZQFSXGCZKSJ6GO3HLQ6URQ/   |   MISC:https://www.oracle.com/security-alerts/cpuoct2022.html   |   URL:https://www.oracle.com/security-alerts/cpuoct2022.html";Assigned (20220902);"None (candidate not yet proposed)";""
 1.3.0;1;3;0;CVE-2022-40955;Candidate;"In versions of Apache InLong prior to 1.3.0; an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database; could cause this data to be deserialized by Apache InLong; potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.";"MISC:[oss-security] 20220922 CVE-2022-40955: Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC   |   URL:http://www.openwall.com/lists/oss-security/2022/09/22/5   |   MISC:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1   |   URL:https://lists.apache.org/thread/r1r34y7bchrpmp9jhfdoohzdmk7pj1q1";Assigned (20220919);"None (candidate not yet proposed)";""
-1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J; an authenticated attacker could read arbitrary local file by connecting a rogue mysql server; By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore; the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
+1.3.0;1;3;0;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
+1.3.1;1;3;1;CVE-2022-44644;Candidate;"In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module; an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server; By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore; the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1";"MISC:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h   |   URL:https://lists.apache.org/thread/hwq9ytq6y1kdh9lz5znptkcrdll9x85h";Assigned (20221103);"None (candidate not yet proposed)";""
 3.17.0;3;17;0;CVE-2022-45136;Candidate;"** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.";"MISC:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   URL:https://lists.apache.org/thread/mc77cdl5stgjtjoldk467gdf756qjt31   |   MLIST:[oss-security] 20221114 CVE-2022-45136: JDBC Deserialisation in Apache Jena SDB   |   URL:http://www.openwall.com/lists/oss-security/2022/11/14/5";Assigned (20221110);"None (candidate not yet proposed)";""
 10.3.33;10;3;33;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";""
 10.9.2;10;9;2;CVE-2022-47015;Candidate;"MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.";"CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0009/   |   MISC:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954   |   URL:https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954";Assigned (20221212);"None (candidate not yet proposed)";""