MariaDB metadata skipping + test stability improvement

[rusher]

Description

This PR contains different things, separated in multiple commits.

Test stability improvement.

• ensuring performance schema is enabled when testing some performance schema results
• Added logic to check if the default collation is overridden by the server character_set_collations
• ensure using IANA timezone in test, since tzinfo depending on system won't have deprecated tz like "US/Central" and "US/Pacific"

Implement MariaDB metadata skipping.

Refactor handshake packet handling to support extended capabilities

Updated the readHandshakePacket and writeHandshakeResponsePacket functions to include server capabilities and extended capabilities. Adjusted related tests and connection logic to accommodate these changes, ensuring compatibility with MariaDB and improved handling of client capabilities.

Packet parsing small improvement

• correct packet readLengthEncodedString that was returning byte array to readLengthEncodedBytes
• have an readLengthEncodedString that effectively return string
• faster column parsing: MariaDB/MySQL have an identifier limitation of 64 characters (https://dev.mysql.com/doc/refman/8.4/en/identifier-length.html)

before:
BenchmarkReceiveMetadata-16 1846 650394 ns/op 138776 B/op 3024 allocs/op
after:
BenchmarkReceiveMetadata-16 1772 639809 ns/op 138776 B/op 3024 allocs/op

Implement clientDeprecateEOF flag. (not real performance improvement, but will permit further enhancement)

Checklist

• Code compiles correctly
• Created tests which fail without the change (if possible)
• All tests passing
• Extended the README / documentation, if necessary
• Added myself / the copyright holder to the AUTHORS file

Summary by CodeRabbit

• New Features

  • Enhanced connection handshake and compression negotiation for more reliable, robust database connectivity.
  • Improved query execution with advanced metadata parsing for more accurate results.

• Bug Fixes

  • Updated timezone and collation handling to ensure better locale compatibility.

• Refactor

  • Optimized data parsing and result set processing for improved performance and efficiency.

• Chores

  • Contributor list updated.

[coderabbitai]

Walkthrough

This pull request introduces multiple updates across the MySQL driver codebase. A new author entry is added in the AUTHORS file. Test files are modified to update handshake response calls to include additional parameters and adjust collation/timezone checks. The handshake and connection processes have been refactored by introducing new capability flag types and updating method signatures, while result set and metadata handling has been improved using skip methods. A new benchmark function for metadata retrieval is added, and utility functions for processing length-encoded strings are updated.

Changes

File(s)	Change Summary
AUTHORS	Added new author: "Diego Dupin <diego.dupin at gmail.com>" in alphabetical order.
auth_test.go, packets_test.go	Modified handshake response calls to include two extra integer parameters; updated tests to validate new handshake parameters (serverCapabilities and serverExtendedCapabilities).
connection.go, connector.go, const.go, packets.go	Introduced new types and constants for capability flags; updated handshake packet reading/writing, compression logic, and MySQL connection handling to use serverCapabilities and serverExtendedCapabilities.
driver_test.go	Enhanced collation override logic and updated timezone identifiers in tests.
rows.go, statement.go	Revised result set handling by replacing readUntilEOF with skip methods; added column metadata support in mysqlStmt via a new "columns" field.
benchmark_test.go	Added BenchmarkReceiveMetadata to measure performance of metadata retrieval on a large integer table.
utils.go	Updated length-encoded string functions: added readLengthEncodedString returning a string and adjusted readLengthEncodedBytes signature.

Sequence Diagram(s)

sequenceDiagram
    participant Connector
    participant MySQLConn
    participant Server
    Connector->>MySQLConn: Connect(ctx)
    MySQLConn->>Server: readHandshakePacket()
    Server-->>MySQLConn: Returns handshake packet (data, serverCapabilities, serverExtendedCapabilities, plugin)
    MySQLConn->>Connector: Return handshake info
    Connector->>MySQLConn: writeHandshakeResponsePacket(authResp, serverCapabilities, serverExtendedCapabilities, plugin)
    MySQLConn->>Server: Send handshake response

Loading

sequenceDiagram
    participant Stmt as mysqlStmt
    participant MySQLConn
    Stmt->>MySQLConn: readResultSetHeaderPacket()
    MySQLConn-->>Stmt: Return header and metadata flag
    alt Metadata Follows
        Stmt->>MySQLConn: readColumns(...)
    else No Metadata
        Stmt->>MySQLConn: skipEof()/skipResultSetRows()
    end

Loading

Possibly related PRs

• Fix for issue #1666 #1667: Involves modifications to the AUTHORS file by adding new entries, similar to the new author addition in this PR.

Suggested reviewers

• methane
• shogo82148

Poem

Hoppin’ through the fields of code,
I’ve added a carrot—new authors bestowed!
Handshakes and flags now dance in the night,
Tests and benchmarks shining bright.
In rows and bytes I skip with glee,
Coding magic from a bunny like me!
🐇🥕 Happy hops to all in our dev spree!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

packets.go (1)

177-268: 💡 Verification agent

🧩 Analysis chain

Refactor boundary checks and consider fallback safety in readHandshakePacket

• [Lines 230-234] Potential out-of-bounds risk during extended capabilities extraction
  When reading the additional 4 bytes for serverExtendedCapabilities, there is no explicit check ensuring pos+4 <= len(data). A malformed or truncated packet could cause a slice out-of-range error.

  if serverCapabilities&clientMySQL == 0 {

• if pos+4 > len(data) {
  

•     return nil, serverCapabilities, 0, "", fmt.Errorf("malformed packet: insufficient bytes for extended capabilities")
  

• }
  serverExtendedCapabilities = extendedCapabilityFlag(binary.LittleEndian.Uint32(data[pos : pos+4]))
  

  }

• [Lines 211-216] Fallback to plaintext
  The fallback mechanism (if mc.cfg.AllowFallbackToPlaintext) is logically correct. However, confirm that a downgrade from TLS to plaintext meets your security requirements, especially in production environments.

• Overall
  Returning zero values for (serverCapabilities, serverExtendedCapabilities, plugin) upon errors (e.g., line 184) is reasonable. The updated signature properly propagates capabilities outward for subsequent usage. Aside from the boundary check issue, the rest of the handshake logic looks consistent.

---

Update safety checks and verify TLS fallback in readHandshakePacket

• Boundary Check for Extended Capabilities [Lines ~230-234]:
  There is currently no explicit check that ensures pos+4 is within bounds before reading the next 4 bytes for serverExtendedCapabilities. This omission can lead to a slice out-of-range error with malformed or truncated packets. Please add a boundary verification similar to the diff snippet below:

  if serverCapabilities&clientMySQL == 0 {
  +    if pos+4 > len(data) {
  +         return nil, serverCapabilities, 0, "", fmt.Errorf("malformed packet: insufficient bytes for extended capabilities")
  +    }
       serverExtendedCapabilities = extendedCapabilityFlag(binary.LittleEndian.Uint32(data[pos : pos+4]))
  }

• Fallback to Plaintext:
  The mechanism that allows downgrading from TLS to plaintext (via mc.cfg.AllowFallbackToPlaintext) is functionally correct. However, please verify that this fallback behavior aligns with your overall security requirements, especially in production environments.

---

🏁 Script executed:

#!/bin/bash
# Check for the usage of 'Uint32' on data slice without a boundary check
rg "Uint32\\(data\\[pos : pos\\+4\\]\\)" -n packets.go

# Check if there's any boundary check for 'pos+4' before the extended capabilities extraction
rg "if\\s+pos\\+4\\s*>\\s*len\\(data\\)" -n packets.go

Length of output: 517

---

Critical: Fix out-of-bound risk & confirm TLS fallback behavior in readHandshakePacket

• Boundary Check for Extended Capabilities (around line 232):
  The code extracts 4 bytes for serverExtendedCapabilities using

  serverExtendedCapabilities = extendedCapabilityFlag(binary.LittleEndian.Uint32(data[pos : pos+4]))

  without verifying that pos+4 is within the bounds of data. This could lead to a slice out-of-range error if the packet is malformed. Please add a boundary check as in the following diff:

  if serverCapabilities&clientMySQL == 0 {
  +    if pos+4 > len(data) {
  +         return nil, serverCapabilities, 0, "", fmt.Errorf("malformed packet: insufficient bytes for extended capabilities")
  +    }
       serverExtendedCapabilities = extendedCapabilityFlag(binary.LittleEndian.Uint32(data[pos : pos+4]))
  }

• TLS Fallback Behavior:
  The fallback mechanism that disables TLS when mc.cfg.AllowFallbackToPlaintext is enabled appears functionally correct. However, please verify that downgrading from TLS to plaintext complies with your overall security requirements, especially in production.

🧹 Nitpick comments (3)

benchmark_test.go (2)

479-484: Consider deriving column count dynamically.

Instead of hardcoding 1000 for the slice sizes, consider using rows.Columns() to dynamically determine the number of columns in the result set. This would make the code more maintainable if the table structure changes.

- values := make([]interface{}, 1000)
- valuePtrs := make([]interface{}, 1000)
- for j := range values {
-   valuePtrs[j] = &values[j]
- }
+ cols, err := rows.Columns()
+ tb.check(err)
+ values := make([]interface{}, len(cols))
+ valuePtrs := make([]interface{}, len(cols))
+ for j := range values {
+   valuePtrs[j] = &values[j]
+ }

---

465-465: Consider using a helper function for generating repeated values.

The string repetition for generating placeholder values could be improved with a helper function, especially if similar patterns are used elsewhere.

- strings.Repeat("0,", 999)+"0)"
+ strings.Repeat("0,", 999)+"0)"

Alternatively, a more reusable approach:

func generatePlaceholders(count int, value string) string {
    if count <= 0 {
        return ""
    }
    values := make([]string, count)
    for i := range values {
        values[i] = value
    }
    return strings.Join(values, ",")
}

// Usage
"INSERT INTO large_integer_table VALUES (" + generatePlaceholders(1000, "0") + ")"

const.go (1)

76-86: Good addition of extended capability flags

The introduction of extendedCapabilityFlag type and its constants supports MariaDB's extended capabilities model. The clientCacheMetadata flag is particularly important as it's used in the connection code to determine column reading behavior.

Consider adding documentation comments for each new flag explaining its purpose and behavior, especially for clientCacheMetadata which is used in conditional logic elsewhere.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1fbafa8 and 9908c10.

📒 Files selected for processing (12)

• AUTHORS (1 hunks)
• auth_test.go (14 hunks)
• benchmark_test.go (1 hunks)
• connection.go (5 hunks)
• connector.go (3 hunks)
• const.go (2 hunks)
• driver_test.go (4 hunks)
• packets.go (18 hunks)
• packets_test.go (1 hunks)
• rows.go (3 hunks)
• statement.go (4 hunks)
• utils.go (4 hunks)

🧰 Additional context used

🧬 Code Definitions (2)

packets.go (2)

errors.go (2)

• ErrOldProtocol (27-27)
• ErrNoTLS (22-22)

dsn.go (1)

• Config (37-84)

connection.go (1)

dsn.go (1)

• Config (37-84)

🔇 Additional comments (41)

AUTHORS (1)

40-40: LGTM! Proper author addition.

The new author has been correctly added in alphabetical order, following the file's guidelines.

benchmark_test.go (1)

444-492: Well-structured benchmark for metadata reception performance.

This benchmark provides a good way to measure metadata reception performance, which aligns with the PR objectives of improving packet parsing and metadata handling. The function creates a table with 1000 columns, inserts a single row, and measures the performance of retrieving that row's metadata.

driver_test.go (4)

1633-1658: Good improvement to handle collation overrides by server settings

This change adds a more robust mechanism to handle cases where the default collation is overridden by server character set collations. By querying @@character_set_collations and mapping charset prefixes to their collations, the test can now properly validate expectations even when server-specific overrides are in place.

---

1721-1721: Replaced deprecated timezone identifiers with IANA standard ones

Good change to replace the deprecated timezone identifiers (US/Central, US/Pacific) with IANA standard ones (America/New_York, Asia/Hong_Kong). This improves future compatibility as older timezone identifiers might be removed in newer systems.

---

1729-1730: Updated timezone references in test implementation

Properly updated the timezone references within the test implementation to use the new IANA standard timezone (America/New_York instead of US/Central), and updated the error message to match.

Also applies to: 1749-1749

---

3577-3585: Added check to ensure performance schema is enabled

This is an important improvement that ensures tests dependent on performance schema are only run when the feature is actually enabled in the MySQL server. This prevents false test failures when running against servers where performance schema is disabled.

statement.go (6)

23-23: Added field to store column metadata.

This new field allows the statement to retain column information, which is necessary for implementing the clientDeprecateEOF protocol feature. This will enable reusing column metadata across subsequent result sets.

---

67-68: Signature update to support the deprecateEOF protocol.

The function call has been updated to capture the new metadataFollows return value from readResultSetHeaderPacket(), which is important for determining whether column metadata follows in the result set.

---

74-76: Changed to use skipColumns method instead of previous approach.

Updated to use a more descriptive method name that better represents the intent of the code. This improves code clarity and is part of the larger change to support the clientDeprecateEOF flag.

---

79-80: Changed to use skipResultSetRows method instead of previous approach.

Similar to the above change, this improves code clarity by using a method name that better describes the operation being performed.

---

110-111: Updated to support metadata follows flag.

The method call now captures the additional metadataFollows return value which indicates whether column metadata follows in the result set.

---

119-130: Implemented conditional column handling based on metadata flag.

This is a key part of implementing the clientDeprecateEOF feature. When metadataFollows is true, it reads the columns from the connection. When false, it skips the EOF packet and reuses the previously stored columns, potentially reducing network traffic.

auth_test.go (1)

92-92: Updated function signature to include server capabilities parameters.

The writeHandshakeResponsePacket method now accepts two additional integer parameters for server capabilities and server extended capabilities. This is consistent with changes to the handshake protocol implementation to support extended capabilities, particularly for MariaDB.

Also applies to: 137-137, 179-179, 235-235, 287-287, 347-347, 403-403, 462-462, 505-505, 547-547, 596-596, 644-644, 681-681, 1346-1346

packets_test.go (2)

335-335: Updated to capture additional server capability information.

The function call now captures serverCapabilities and serverExtendedCapabilities from the handshake packet, which is necessary for proper protocol handling, especially with MariaDB.

---

340-346: Added assertions for server capability values.

These new assertions verify that the server capabilities and extended capabilities are correctly parsed from the handshake packet. This helps ensure the protocol implementation is working as expected.

rows.go (3)

116-116: Updated to use the new skipResultSetRows method.

Changed from mc.readUntilEOF() to mc.skipResultSetRows(), which improves code clarity and is part of the implementation of the clientDeprecateEOF protocol feature. This method better describes the intent of the operation.

---

146-146: Updated to use the new skipResultSetRows method.

Changed from rows.mc.readUntilEOF() to rows.mc.skipResultSetRows(), consistent with the change in the Close() method above, to better represent the intended operation.

---

159-159: Updated to handle additional metadata flag.

The readResultSetHeaderPacket() call now returns three values instead of two, with the middle value (likely metadataFollows) being discarded with _. This is consistent with the protocol changes for clientDeprecateEOF support.

connection.go (7)

26-51: Addition of new capability fields enhances connection management

The introduction of clientCapabilities and clientExtCapabilities fields to the mysqlConn struct aligns well with the PR objective of implementing the clientDeprecateEOF flag. These fields provide a clear structure for managing client capabilities.

---

227-241: Good optimization based on client capabilities

The conditional logic based on clientExtCapabilities allows the driver to either cache or skip column metadata based on capabilities. This creates a performance optimization path when metadata caching isn't needed.

---

382-383: Update to handle result set header reading

This change is part of adapting the code to handle the EOF deprecation model, updating how result set headers are processed.

---

389-396: Improved column and row handling

Replacing readUntilEOF() with skipColumns() and skipResultSetRows() methods is a good refactoring that supports the EOF deprecation model while potentially improving performance by avoiding unnecessary data reads.

---

431-432: Consistent update for query method

This change maintains consistency with the updates made to the exec method, ensuring a uniform approach to handling result set headers.

---

465-466: Consistent implementation for system variables

The change to getSystemVar follows the same pattern as other methods, ensuring consistency throughout the codebase.

---

473-480: Efficient handling of system variable results

Good implementation of column skipping and result set row handling that maintains consistency with other similar methods.

const.go (2)

46-47: Type renaming improves clarity

Renaming clientFlag to capabilityFlag better represents the purpose of this type, as it handles both client and server capabilities.

---

49-50: Updated constant name for better semantics

Renaming clientLongPassword to clientMySQL broadens the scope of this constant, which appears to be the first flag in the capability flags enumeration.

connector.go (3)

134-135: Enhanced handshake packet reading

The updated method signature now captures additional server capability information, which aligns with the PR objective of improving the handshake process to support extended capabilities.

---

156-157: Improved handshake response with capabilities

The handshake response now includes server capabilities information, allowing for better communication of supported features between client and server.

---

170-171: More explicit capability checking

The condition for enabling compression has been updated to check if clientCompress is present in clientCapabilities using a greater-than comparison instead of a bitwise AND. This is functionally equivalent but more aligned with how capability flags are conventionally checked.

utils.go (4)

527-541: Renamed method preserves original behavior

The original readLengthEncodedString has been renamed to readLengthEncodedBytes while maintaining its functionality of returning a byte slice. This rename clarifies the method's purpose.

---

543-560: Added string-specific helper function

The new readLengthEncodedString function efficiently returns a string directly instead of a byte slice, avoiding unnecessary conversions when a string is needed. This aligns with the PR objective of improving packet parsing.

---

586-588: Simplified handling of small integers

The optimization for handling values less than 251 reduces the overhead of going through the switch statement for common cases. This is a good performance enhancement.

---

603-605: Consolidated handling for large integers

The removal of the explicit case for 254 and using a default handler simplifies the code without changing functionality. All values that would have hit the 254 case now go through the default path, which is correct.

packets.go (7)

270-306: Validate initClientCapabilities logic for newly added clientDeprecateEOF

Your approach of initializing default client flags (lines 273-285), then masking them against the server’s supported flags (line 305) is appropriate to ensure only mutually supported capabilities are in effect. The inclusion of clientDeprecateEOF (line 285) matches the rest of your new logic. This portion looks good.

---

308-426: Examine extended capabilities handling within writeHandshakeResponsePacket

• [Lines 311-314] Initialization of client capabilities
  Passing serverCapabilities into mc.initClientCapabilities(...) and selectively enabling mc.clientExtCapabilities is straightforward. If future extended capabilities need partial enablement, you may consider a more granular approach than a single “&” operation (line 313).

• [Lines 363-374] Writing extended capabilities
  The current code zeroes out a 23-byte filler region for standard MySQL, or writes a 4-byte extended capability field for MariaDB. This is consistent with the handshake specification. Just ensure the filler usage remains valid if future protocol changes require more than 4 bytes for extended flags.

Overall, the handshake response logic, including SSL handling and user credential packing, appears correct.

---

559-590: Verify new boolean return in readResultSetHeaderPacket for additional metadata checks

• The return signature now includes a bool (lines 559-560) to denote whether more results exist, or if cached metadata applies (lines 585-587).
• [Lines 585-589]: When clientCacheMetadata is set, the data[len] check determines the “more results” boolean. Otherwise, the function defaults to true. Confirm that this logic correctly covers all server responses to avoid erroneously perpetuating more-results states.

---

709-783: readColumns updates to use skipEof() for deprecating EOF

• [Lines 778-780]: The call to mc.skipEof() ensures EOF is read or skipped depending on the clientDeprecateEOF flag. This maintains backward compatibility with servers that still send traditional EOF packets.
• The rest of the column-reading logic (lines 714-776) remains consistent, managing length-encoded strings for table/column names.

No functional issues noted.

---

800-815: Text-row reading logic aligned with clientDeprecateEOF

• [Lines 800-805]: Properly differentiates between actual EOF vs. “OK packet with an 0xFE header” when clientDeprecateEOF is set, avoiding confusion for older servers.
• The short-circuit with return io.EOF at line 813 is aligned with typical row iteration patterns.

---

884-935: Skip logic methods (skipPackets, skipEof, skipColumns, skipResultSetRows)

• [Lines 893-900]: skipEof() gracefully checks the clientDeprecateEOF flag, only reading a packet if EOF is not deprecated.
• [Lines 902-907]: skipColumns() calls skipPackets(resLen) and then skipEof(), centralizing logic for skipping column metadata.
• [Lines 909-935]: skipResultSetRows() similarly checks for iERR or iEOF and updates mc.status accordingly. This looks consistent and keeps the code DRY.

---

1249-1272: Check for EOF or Error in binaryRows.readRow

• [Lines 1250-1269]: The changed logic ensures that an iEOF packet is interpreted according to whether clientDeprecateEOF is set (line 1252). The code properly updates rows.rs.done, sets rows.mc to nil if no next result set is pending, and returns io.EOF.
• The error handling at lines 1268-1271 is standard, returning mc.handleErrorPacket(data) if the packet indicates iERR.

All changes are consistent with your deprecate-EOF approach.

[coveralls]

coverage: 83.05% (+0.09%) from 82.959%
when pulling 9908c10 on rusher:clientDeprecateEOF
into 1fbafa8 on go-sql-driver:master.

[Copilot]

Copilot reviewed 11 out of 12 changed files in this pull request and generated 1 comment.

Files not reviewed (1)

• AUTHORS: Language not supported

Comments suppressed due to low confidence (3)

packets.go:229

• The change in reserved bytes from 11 to 7 (plus an additional 4 bytes for extended capabilities) should be verified against the protocol specification to ensure correct packet parsing.

// reserved (all [00]) [10 bytes]

packets.go:722

• Directly using data[pos] as the length for field values may not handle multi-byte length encodings correctly; verify that this approach conforms to the protocol's length-encoded string specification.

pos += int(data[pos]) + 1

auth_test.go:92

• [nitpick] Passing static zeros for serverCapabilities and serverExtendedCapabilities in authentication tests might not validate the full handshake response logic; consider adding tests with non-zero values to ensure comprehensive coverage.

err = mc.writeHandshakeResponsePacket(authResp, 0, 0, plugin)

[Copilot]

Since clientMySQL is unconditionally set in initClientCapabilities, the branch that writes clientExtendedCapabilities (lines 366-370) will never be triggered. Consider revising the condition to allow proper handling of MariaDB extended capabilities.