disable DBG Invoker on default

[SchrodingerZhu]

Signed-off-by: Schrodinger ZHU Yifan [email protected]

What problem does this PR solve?

Issue Number: close #xxx

Problem Summary:

What is changed and how it works?

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Performance regression: Consumes more CPU
• Performance regression: Consumes more Memory
• Breaking backward compatibility

Documentation

• Affects user behaviors
• Contains syntax changes
• Contains variable changes
• Contains experimental features
• Changes MySQL compatibility

Release note

disable DBG Invoker on default

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has not been approved.

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[SchrodingerZhu]

/run-integration-tests

[JaySon-Huang]

Configuration in Settings can be automatically reloaded once the config file is changed. IMO, this is not a "security enough" way to disable DBGInvoker methods.

[SchrodingerZhu]

so maybe a more appropriate way is to put the switch to the stable area of configs?

[SchrodingerZhu]

/run-integration-tests

[SchrodingerZhu]

/run-unit-tests

[sre-bot]

Coverage detail: https://ci-internal.pingcap.net/job/tics_ghpr_unit_test/921/cobertura/
(Coverage detail url is limited office network access)

lines: 43.7% (49840 out of 113995)
branches: 6.4% (81061 out of 1261472)

[JaySon-Huang]

"dangerous" does not only mean we can invoke "DBGInvoke" methods. Malicious users can invoke any CK's SQL-like queries statements through its TCP/HTTP port. For example, use "drop table xxx" to drop data, use "insert into" to pollute data.
Only disable invoking "DBGInvoke" methods doesn't help to make TiFlash security enough...

[JaySon-Huang]

Ref #1527

[solotzg]

We'd better disable all entries towards data manipulation methods.

[JaySon-Huang]

Related issue for tiflash-ctl: JaySon-Huang/tiflash-ctl#7

[SchrodingerZhu]

/run-all-tests

[sre-bot]

Coverage for changed files

Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover    Branches   Missed Branches     Cover
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Debug/DBGInvoker.cpp               33                32     3.03%          10                 9    10.00%         139                79    43.17%          16                16     0.00%
Interpreters/Context.h             15                10    33.33%          15                10    33.33%          15                10    33.33%           0                 0         -
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                              48                42    12.50%          25                19    24.00%         154                89    42.21%          16                16     0.00%

Coverage summary

Functions  MissedFunctions  Executed  Lines   MissedLines  Cover
16254      9690             40.38%    177898  98249        44.77%

full coverage report (for internal network access only)

[ti-chi-bot]

@SchrodingerZhu: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.