[1/2] hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive
Updated Branches:
refs/heads/branch-2 2bcab1467 -> d3908524d
HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by
Thejas Nair)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/c803e962
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/c803e962
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/c803e962
Branch: refs/heads/branch-2
Commit: c803e962104d9c0e80f61e9c5afc236113e4987e
Parents: 2bcab14
Author: Daniel Dai
Authored: Fri Mar 2 15:36:36 2018 -0800
Committer: Daniel Dai
Committed: Fri Mar 2 16:33:55 2018 -0800
--
.../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++
.../apache/hive/jdbc/HivePreparedStatement.java | 28 +---
2 files changed, 45 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hive/blob/c803e962/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
--
diff --git
a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
index 7223fcb..6572931 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
@@ -45,6 +45,7 @@ import org.junit.rules.ExpectedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.Exception;
import java.lang.Object;
@@ -491,6 +492,25 @@ public class TestJdbcDriver2 {
expectedException);
}
+ @Test
+ public void testPrepareStatementWithSetBinaryStream() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col
<> 0".getBytes()));
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
+ @Test
+ public void testPrepareStatementWithSetString() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setString(1, "val_238\\' or under_col <> 0 --");
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+stmt.setString(1, "anyStringHere\\' or 1=1 --");
+res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
private PreparedStatement createPreapredStatementUsingSetObject(String sql)
throws SQLException {
PreparedStatement ps = con.prepareStatement(sql);
http://git-wip-us.apache.org/repos/asf/hive/blob/c803e962/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
--
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
index b842634..a455a6d 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
@@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
public void setBinaryStream(int parameterIndex, InputStream x) throws
SQLException {
String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next();
-this.parameters.put(parameterIndex, str);
+setString(parameterIndex, str);
}
/*
@@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
this.parameters.put(parameterIndex,""+x);
}
+ private String replaceBackSlashSingleQuote(String x) {
+// scrutinize escape pair, specifically, replace \' to '
+StringBuffer newX = new StringBuffer();
+for (int i = 0; i < x.length(); i++) {
+ char c = x.charAt(i);
+ if (c == '\\' && i < x.length()-1) {
+char c1 = x.charAt(i+1);
+if (c1 == '\'') {
+ newX.append(c1);
+} else {
+ newX.append(c);
+ newX.append(c1);
+}
+i++;
+ } else {
+newX.append(c);
+ }
+}
+return newX.toString();
+ }
+
/*
* (non-Javadoc)
*
@@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
*/
public void setString(int parameterIndex, String x) throws SQLException {
- x=x.replace("'", "\\'");
- this.parameters.put(parameterIndex,"'"+x+"'");
+x = replaceBackSlashSingleQuote(x);
+x=x.replace("'", "\\'");
+this.parameters.put(parameterIndex, "'"+x+"'");
}
/*
hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive
Updated Branches:
refs/heads/branch-2.3 de82776f7 -> 63df42966
HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by
Thejas Nair)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/63df4296
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/63df4296
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/63df4296
Branch: refs/heads/branch-2.3
Commit: 63df42966cf44ffdd20d3fcdcfb70738c0432aba
Parents: de82776
Author: Daniel Dai
Authored: Fri Mar 2 15:36:36 2018 -0800
Committer: Daniel Dai
Committed: Fri Mar 2 15:36:36 2018 -0800
--
.../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++
.../apache/hive/jdbc/HivePreparedStatement.java | 28 +---
2 files changed, 45 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hive/blob/63df4296/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
--
diff --git
a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
index 6e9223a..c2b4ce4 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
@@ -45,6 +45,7 @@ import org.junit.rules.ExpectedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.Exception;
import java.lang.Object;
@@ -491,6 +492,25 @@ public class TestJdbcDriver2 {
expectedException);
}
+ @Test
+ public void testPrepareStatementWithSetBinaryStream() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col
<> 0".getBytes()));
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
+ @Test
+ public void testPrepareStatementWithSetString() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setString(1, "val_238\\' or under_col <> 0 --");
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+stmt.setString(1, "anyStringHere\\' or 1=1 --");
+res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
private PreparedStatement createPreapredStatementUsingSetObject(String sql)
throws SQLException {
PreparedStatement ps = con.prepareStatement(sql);
http://git-wip-us.apache.org/repos/asf/hive/blob/63df4296/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
--
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
index b842634..a455a6d 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
@@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
public void setBinaryStream(int parameterIndex, InputStream x) throws
SQLException {
String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next();
-this.parameters.put(parameterIndex, str);
+setString(parameterIndex, str);
}
/*
@@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
this.parameters.put(parameterIndex,""+x);
}
+ private String replaceBackSlashSingleQuote(String x) {
+// scrutinize escape pair, specifically, replace \' to '
+StringBuffer newX = new StringBuffer();
+for (int i = 0; i < x.length(); i++) {
+ char c = x.charAt(i);
+ if (c == '\\' && i < x.length()-1) {
+char c1 = x.charAt(i+1);
+if (c1 == '\'') {
+ newX.append(c1);
+} else {
+ newX.append(c);
+ newX.append(c1);
+}
+i++;
+ } else {
+newX.append(c);
+ }
+}
+return newX.toString();
+ }
+
/*
* (non-Javadoc)
*
@@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
*/
public void setString(int parameterIndex, String x) throws SQLException {
- x=x.replace("'", "\\'");
- this.parameters.put(parameterIndex,"'"+x+"'");
+x = replaceBackSlashSingleQuote(x);
+x=x.replace("'", "\\'");
+this.parameters.put(parameterIndex, "'"+x+"'");
}
/*
hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive
Updated Branches:
refs/heads/master b7b3f881f -> 0330c1c0b
HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by
Thejas Nair)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/0330c1c0
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/0330c1c0
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/0330c1c0
Branch: refs/heads/master
Commit: 0330c1c0b62f3c2e6a4744048578dea55193b62c
Parents: b7b3f88
Author: Daniel Dai
Authored: Thu Mar 1 14:34:03 2018 -0800
Committer: Daniel Dai
Committed: Thu Mar 1 14:34:03 2018 -0800
--
.../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++
.../apache/hive/jdbc/HivePreparedStatement.java | 28 +---
2 files changed, 45 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/hive/blob/0330c1c0/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
--
diff --git
a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
index f6f64ee..4e8c5bf 100644
--- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
+++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java
@@ -46,6 +46,7 @@ import org.junit.rules.ExpectedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.Exception;
import java.lang.Object;
@@ -492,6 +493,25 @@ public class TestJdbcDriver2 {
expectedException);
}
+ @Test
+ public void testPrepareStatementWithSetBinaryStream() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col
<> 0".getBytes()));
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
+ @Test
+ public void testPrepareStatementWithSetString() throws SQLException {
+PreparedStatement stmt = con.prepareStatement("select under_col from " +
tableName + " where value=?");
+stmt.setString(1, "val_238\\' or under_col <> 0 --");
+ResultSet res = stmt.executeQuery();
+assertFalse(res.next());
+stmt.setString(1, "anyStringHere\\' or 1=1 --");
+res = stmt.executeQuery();
+assertFalse(res.next());
+ }
+
private PreparedStatement createPreapredStatementUsingSetObject(String sql)
throws SQLException {
PreparedStatement ps = con.prepareStatement(sql);
http://git-wip-us.apache.org/repos/asf/hive/blob/0330c1c0/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
--
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
index 4bb7398..77a1797 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java
@@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
public void setBinaryStream(int parameterIndex, InputStream x) throws
SQLException {
String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next();
-this.parameters.put(parameterIndex, str);
+setString(parameterIndex, str);
}
/*
@@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
this.parameters.put(parameterIndex,""+x);
}
+ private String replaceBackSlashSingleQuote(String x) {
+// scrutinize escape pair, specifically, replace \' to '
+StringBuffer newX = new StringBuffer();
+for (int i = 0; i < x.length(); i++) {
+ char c = x.charAt(i);
+ if (c == '\\' && i < x.length()-1) {
+char c1 = x.charAt(i+1);
+if (c1 == '\'') {
+ newX.append(c1);
+} else {
+ newX.append(c);
+ newX.append(c1);
+}
+i++;
+ } else {
+newX.append(c);
+ }
+}
+return newX.toString();
+ }
+
/*
* (non-Javadoc)
*
@@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement
implements PreparedStat
*/
public void setString(int parameterIndex, String x) throws SQLException {
- x=x.replace("'", "\\'");
- this.parameters.put(parameterIndex,"'"+x+"'");
+x = replaceBackSlashSingleQuote(x);
+x=x.replace("'", "\\'");
+this.parameters.put(parameterIndex, "'"+x+"'");
}
/*
