This is an automated email from the ASF dual-hosted git repository.
sruehl pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/plc4x.git
The following commit(s) were added to refs/heads/develop by this push:
new 4a9a744 plc4j: fix sql injection issues
4a9a744 is described below
commit 4a9a744d4467bcf8cfcb51974936d5b8ec5d4989
Author: Sebastian Rühl <[email protected]>
AuthorDate: Mon Jun 7 17:25:24 2021 +0200
plc4j: fix sql injection issues
---
.../integration/iotdb/IoTDBWriterWithJDBC.java | 39 +++++++++++-----------
1 file changed, 19 insertions(+), 20 deletions(-)
diff --git
a/plc4j/examples/hello-integration-iotdb/src/main/java/org/apache/plc4x/java/examples/integration/iotdb/IoTDBWriterWithJDBC.java
b/plc4j/examples/hello-integration-iotdb/src/main/java/org/apache/plc4x/java/examples/integration/iotdb/IoTDBWriterWithJDBC.java
index 9f446b9..e3b8cb3 100644
---
a/plc4j/examples/hello-integration-iotdb/src/main/java/org/apache/plc4x/java/examples/integration/iotdb/IoTDBWriterWithJDBC.java
+++
b/plc4j/examples/hello-integration-iotdb/src/main/java/org/apache/plc4x/java/examples/integration/iotdb/IoTDBWriterWithJDBC.java
@@ -19,35 +19,30 @@
package org.apache.plc4x.java.examples.integration.iotdb;
-import java.sql.Connection;
-import java.sql.DriverManager;
-import java.sql.SQLException;
-import java.sql.Statement;
+import java.sql.*;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class IoTDBWriterWithJDBC implements IIoTDBWriter{
- private static Logger LOGGER =
LoggerFactory.getLogger(IoTDBWriterWithJDBC.class);
+public class IoTDBWriterWithJDBC implements IIoTDBWriter {
+ private static final Logger LOGGER =
LoggerFactory.getLogger(IoTDBWriterWithJDBC.class);
//IoTDB JDBC connection
- Connection connection;
-
- //IoTDB JDBC Statement
- Statement statement;
+ private final Connection connection;
public IoTDBWriterWithJDBC(String ipPort, String username, String password)
throws ClassNotFoundException, SQLException {
// Get IoTDB connection
Class.forName("org.apache.iotdb.jdbc.IoTDBDriver");
- connection = DriverManager.getConnection("jdbc:iotdb://" + ipPort+"/",
+ connection = DriverManager.getConnection("jdbc:iotdb://" + ipPort +
"/",
username, password);
- statement = connection.createStatement();
}
@Override
public void initStorageGroup(String storageGroup) {
- try {
- statement.execute("SET STORAGE GROUP TO root." + storageGroup);
+ try (PreparedStatement statement = connection.prepareStatement("SET
STORAGE GROUP TO root.?")) {
+ statement.setObject(1, storageGroup);
+ statement.execute();
} catch (SQLException e) {
//from v0.9.0, you can use the error code to check whether the sg
exists.
LOGGER.error(e.getMessage());
@@ -57,10 +52,12 @@ public class IoTDBWriterWithJDBC implements IIoTDBWriter{
@Override
public void writeData(String deviceId, String field, long timestamp,
Integer value) {
//please modify this method if you want to write multiple fields once.
- try {
- String sql = String.format("insert into %s (timestamp, %s) values
(%d, %s)",
- deviceId, field, timestamp, value + "");
- statement.execute(sql);
+ try (PreparedStatement statement = connection.prepareStatement("INSERT
INTO ? (TIMESTAMP, ?) VALUES (?, ?)")) {
+ statement.setString(1, deviceId);
+ statement.setString(2, field);
+ statement.setLong(3, timestamp);
+ statement.setInt(4, value);
+ statement.execute();
} catch (SQLException e) {
LOGGER.error("Error storing data.", e);
}
@@ -77,8 +74,10 @@ public class IoTDBWriterWithJDBC implements IIoTDBWriter{
@Override
public void createTimeseries(String timeseries, String dataType) {
- try {
- statement.execute("create timeseries " + timeseries + " with
dataType=" + dataType +",encoding=RLE");
+ try (PreparedStatement statement = connection.prepareStatement("CREATE
TIMESERIES ? WITH DATATYPE = ?, ENCODING = RLE")) {
+ statement.setString(1, timeseries);
+ statement.setString(2, dataType);
+ statement.execute();
} catch (SQLException e) {
//from v0.9.0, you can use the error code to check whether the sg
exists.
LOGGER.error(e.getMessage());
