[MIR] mysql-router (mysql-8.0)

[Summary]
- MIR Team ack
- needs no subscriber as it is part of mysql-8 which has the server Team subscribed already
@Security
- Security check of the subdir router/* requested
@Server
- While security is working on the review the server Team should try to enable the tests in router/test/* in either build or autopkgtest
- should we add a service file or something or is this intentionally up to the users and/or the mentioned charms thereof?
- d/copyright could get an update lintian yells about it all over the place

[Background]
This is the request to review a new binary of a package otherwise already in main.
But since the functionality wasn't in the source long ago when it was accepted and since functionally it is rather (security) critical a re-review was requested.
Going forward it is important to understand that we are not (re-)reviewing all of mysql but the subdir router/* and its associated snippets in the build system and debian directory.

[Duplication]
There is no other package that provides the function of mysql-router.
There are other DB-proxies like postgresql-12-pgpool2 mariadb maxscale, ... there is none for mysql yet and none in main.

[Embedded sources and static linking]
- no embedded libs
- no golang

[Security]
- no history of CVEs
- does not use webkit1,2
- does not use lib*v8 directly
- does not processe arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

Ok, but worth to look at:
- while it does not run a daemon as root (we only provide the binary, no service)
  That still means for deployment people will have to use it in such a way or similar
  => https://dev.mysql.com/doc/mysql-router/8.0/en/mysql-router-general-using-deploying.html
- while only redirecting instead of handling the requests it does parses data formats
- it opens a port or sockets depending on setup
- technically a proxy is itself a "man in the middle" so attacks like that get more attack surface to work with

While being under the same strict coverage like mysql8 itself being part of the same source feels good I think this is worth a check by the security Team.

[Common blockers]
- builds fine atm
- already has a bug subscriber
- translations are not present (for this componentn) but it isn't user facing
- not a python package, so no further checks on that needed

Not perfect, but acceptable for now:
- router has an own test section in the code at router/tests
  But I see none of them run at build or autopkgtest time:
  => https://launchpadlibrarian.net/452198941/buildlog_ubuntu-focal-amd64.mysql-8.0_8.0.18-0ubuntu3_BUILDING.txt.gz
  => https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-focal/focal/amd64/m/mysql-8.0/20191119_213042_010c3@/log.gz
  Adding that would be great for QA

[Packaging red flags]
- Ubuntu carries delta in general but nothing massive and nothing on router
- it has a bunch of "internal" libs in /usr/lib/mysql-router/ not meant for external usage.
  While tracking symbols is nice in this case it isn't strictly required
  Also once bug 1845661 is fixed ...

TODOs for me:

- enable tests from router/test/* in either build or autopkgtest -> for QA and regressions.
- check if service is needed (based on charm usage as well).
- d/copyright changes so lintian is satisfied.

Rest is with security team I guess. Thanks a lot for reviewing this @paelzer.

I reviewed mysql-router 8.0.19-0ubuntu2 as checked into focal (when this review
started). This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

mysql-router is a binary package from mysql-8.0 that is responsible for routing
connections from MySQL clients to MySQL servers. As mentioned previously, only
mysql-router is missing in main from mysql-8.0 source package.

- No CVE History:
- Build-Depends
  - libc6 (>= 2.28)
  - libevent-core-2.1-7 (>= 2.1.8-stable)
  - libevent-extra-2.7-7 (>= 2.1.8-stable)
  - libevent-openssl-2.7-7 (>= 2.1.8-stable)
  - libgcc1
  - liblz4-1
  - libssl1.1
  - libstdc++6
  - zlib1g
- No pre/post rm and pre/post inst scripts.
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH
  - /usr/bin/mysqlrouter
  - /usr/bin/mysqlrouter_keyring
  - /usr/bin/mysqlrouter_passwd
  - /usr/bin/mysqlrouter_plugin_info
- No sudo fragments
- No polkit files
- No udev rules
- unit tests / autopkgtests
  - As mentioned previously, router has its own test section in the code at
    router/tests, but it's not available during build or in autopkgtest.
- No cron jobs
- Build logs:
  - Apparently no relevant issues on router build log.

- Processes spawned
  - Some bash scripts are created on router. We don't like the sudo commands but
    it looks unlikely to be used in an automated way:
    - router/src/router/src/config_generator.cc:2781
  - router/src/http/src/posix_re.h:173: Posix extended regular expressions.
     C++11 has std::regex, by gcc-4.x throws exceptions when it it used. Instead
     mysql-router implements a subset of std::regex. It looks like they didn't
     try to recreate the wheel on this, so looks fine.
  - router/src/harness/src/utilities-posix.cc:49
  - router/src/harness/src/process_launcher.cc:448
  - router/src/harness/src/hostname_validator.cc:51
  - All above look fine
- Memory management
  - Lots of memory management, hard to say just by looking if anything is
    wrong, so will dig into it during cppcheck.
- File IO
  - Lots of file IO, but looks ok.
- Logging
  - router/src/json_schema_embedder/json_schema_embedder.cc: logs to in_filename
    and out_filename that the user passed as argument.
  - the rest of the code seems to be covered by mysql-router logging feature
    e.g.: https://dev.mysql.com/doc/mysql-router/8.0/en/mysql-router-server-logging.html
- Environment variable usage
  - router uses some environment variables in its tests.
  - other than that:
   - router/src/router/src/router_app.cc:117: std::string path(std::getenv("PATH"));
   - router/src/router/src/router_app.cc:585: auto pid_file_env = std::getenv("ROUTER_PID");
   - router/src/router/src/config_generator.cc:1761: std::string path(std::getenv("PATH"));
   - router/src/router/src/common/mysql_session.cc:290: getenv("MYSQL_ROUTER_RECORD_MOCK") ? getenv("MYSQL_ROUTER_RECORD_MOCK")
   - router/src/router/src/common/mysql_session.cc:297: const char *outfile = std::getenv("MYSQL_ROUTER_RECORD_MOCK");
   - router/src/router/src/keyring_info.cc:179: err_code = ::setenv("ROUTER_ID", std::to_string(router_id).c_str(), 1);
   - router/src/router/src/utils.c...

This is ready, all it needs are the tasks mentioned in
   https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1852367/comments/2
to be resolved.

Other than that this would be ready for promotion to main.

There has been not further update for too long, for now we consider it invalid.
Feel free to re-open if there is effort backing it up and motivation to bring it to main.