[1/2] hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive Updated Branches: refs/heads/branch-2 2bcab1467 -> d3908524d HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/c803e962 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/c803e962 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/c803e962 Branch: refs/heads/branch-2 Commit: c803e962104d9c0e80f61e9c5afc236113e4987e Parents: 2bcab14 Author: Daniel Dai Authored: Fri Mar 2 15:36:36 2018 -0800 Committer: Daniel Dai Committed: Fri Mar 2 16:33:55 2018 -0800 -- .../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++ .../apache/hive/jdbc/HivePreparedStatement.java | 28 +--- 2 files changed, 45 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hive/blob/c803e962/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java -- diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java index 7223fcb..6572931 100644 --- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java +++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java @@ -45,6 +45,7 @@ import org.junit.rules.ExpectedException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.ByteArrayInputStream; import java.io.InputStream; import java.lang.Exception; import java.lang.Object; @@ -491,6 +492,25 @@ public class TestJdbcDriver2 { expectedException); } + @Test + public void testPrepareStatementWithSetBinaryStream() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col <> 0".getBytes())); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); + } + + @Test + public void testPrepareStatementWithSetString() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setString(1, "val_238\\' or under_col <> 0 --"); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); +stmt.setString(1, "anyStringHere\\' or 1=1 --"); +res = stmt.executeQuery(); +assertFalse(res.next()); + } + private PreparedStatement createPreapredStatementUsingSetObject(String sql) throws SQLException { PreparedStatement ps = con.prepareStatement(sql); http://git-wip-us.apache.org/repos/asf/hive/blob/c803e962/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java -- diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java index b842634..a455a6d 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java @@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat public void setBinaryStream(int parameterIndex, InputStream x) throws SQLException { String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next(); -this.parameters.put(parameterIndex, str); +setString(parameterIndex, str); } /* @@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat this.parameters.put(parameterIndex,""+x); } + private String replaceBackSlashSingleQuote(String x) { +// scrutinize escape pair, specifically, replace \' to ' +StringBuffer newX = new StringBuffer(); +for (int i = 0; i < x.length(); i++) { + char c = x.charAt(i); + if (c == '\\' && i < x.length()-1) { +char c1 = x.charAt(i+1); +if (c1 == '\'') { + newX.append(c1); +} else { + newX.append(c); + newX.append(c1); +} +i++; + } else { +newX.append(c); + } +} +return newX.toString(); + } + /* * (non-Javadoc) * @@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat */ public void setString(int parameterIndex, String x) throws SQLException { - x=x.replace("'", "\\'"); - this.parameters.put(parameterIndex,"'"+x+"'"); +x = replaceBackSlashSingleQuote(x); +x=x.replace("'", "\\'"); +this.parameters.put(parameterIndex, "'"+x+"'"); } /*
hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive Updated Branches: refs/heads/branch-2.3 de82776f7 -> 63df42966 HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/63df4296 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/63df4296 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/63df4296 Branch: refs/heads/branch-2.3 Commit: 63df42966cf44ffdd20d3fcdcfb70738c0432aba Parents: de82776 Author: Daniel Dai Authored: Fri Mar 2 15:36:36 2018 -0800 Committer: Daniel Dai Committed: Fri Mar 2 15:36:36 2018 -0800 -- .../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++ .../apache/hive/jdbc/HivePreparedStatement.java | 28 +--- 2 files changed, 45 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hive/blob/63df4296/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java -- diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java index 6e9223a..c2b4ce4 100644 --- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java +++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java @@ -45,6 +45,7 @@ import org.junit.rules.ExpectedException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.ByteArrayInputStream; import java.io.InputStream; import java.lang.Exception; import java.lang.Object; @@ -491,6 +492,25 @@ public class TestJdbcDriver2 { expectedException); } + @Test + public void testPrepareStatementWithSetBinaryStream() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col <> 0".getBytes())); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); + } + + @Test + public void testPrepareStatementWithSetString() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setString(1, "val_238\\' or under_col <> 0 --"); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); +stmt.setString(1, "anyStringHere\\' or 1=1 --"); +res = stmt.executeQuery(); +assertFalse(res.next()); + } + private PreparedStatement createPreapredStatementUsingSetObject(String sql) throws SQLException { PreparedStatement ps = con.prepareStatement(sql); http://git-wip-us.apache.org/repos/asf/hive/blob/63df4296/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java -- diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java index b842634..a455a6d 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java @@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat public void setBinaryStream(int parameterIndex, InputStream x) throws SQLException { String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next(); -this.parameters.put(parameterIndex, str); +setString(parameterIndex, str); } /* @@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat this.parameters.put(parameterIndex,""+x); } + private String replaceBackSlashSingleQuote(String x) { +// scrutinize escape pair, specifically, replace \' to ' +StringBuffer newX = new StringBuffer(); +for (int i = 0; i < x.length(); i++) { + char c = x.charAt(i); + if (c == '\\' && i < x.length()-1) { +char c1 = x.charAt(i+1); +if (c1 == '\'') { + newX.append(c1); +} else { + newX.append(c); + newX.append(c1); +} +i++; + } else { +newX.append(c); + } +} +return newX.toString(); + } + /* * (non-Javadoc) * @@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat */ public void setString(int parameterIndex, String x) throws SQLException { - x=x.replace("'", "\\'"); - this.parameters.put(parameterIndex,"'"+x+"'"); +x = replaceBackSlashSingleQuote(x); +x=x.replace("'", "\\'"); +this.parameters.put(parameterIndex, "'"+x+"'"); } /*
hive git commit: HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair)
Repository: hive Updated Branches: refs/heads/master b7b3f881f -> 0330c1c0b HIVE-18788: Clean up inputs in JDBC PreparedStatement (Daniel Dai, reviewed by Thejas Nair) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/0330c1c0 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/0330c1c0 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/0330c1c0 Branch: refs/heads/master Commit: 0330c1c0b62f3c2e6a4744048578dea55193b62c Parents: b7b3f88 Author: Daniel Dai Authored: Thu Mar 1 14:34:03 2018 -0800 Committer: Daniel Dai Committed: Thu Mar 1 14:34:03 2018 -0800 -- .../org/apache/hive/jdbc/TestJdbcDriver2.java | 20 ++ .../apache/hive/jdbc/HivePreparedStatement.java | 28 +--- 2 files changed, 45 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hive/blob/0330c1c0/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java -- diff --git a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java index f6f64ee..4e8c5bf 100644 --- a/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java +++ b/itests/hive-unit/src/test/java/org/apache/hive/jdbc/TestJdbcDriver2.java @@ -46,6 +46,7 @@ import org.junit.rules.ExpectedException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.ByteArrayInputStream; import java.io.InputStream; import java.lang.Exception; import java.lang.Object; @@ -492,6 +493,25 @@ public class TestJdbcDriver2 { expectedException); } + @Test + public void testPrepareStatementWithSetBinaryStream() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setBinaryStream(1, new ByteArrayInputStream("'val_238' or under_col <> 0".getBytes())); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); + } + + @Test + public void testPrepareStatementWithSetString() throws SQLException { +PreparedStatement stmt = con.prepareStatement("select under_col from " + tableName + " where value=?"); +stmt.setString(1, "val_238\\' or under_col <> 0 --"); +ResultSet res = stmt.executeQuery(); +assertFalse(res.next()); +stmt.setString(1, "anyStringHere\\' or 1=1 --"); +res = stmt.executeQuery(); +assertFalse(res.next()); + } + private PreparedStatement createPreapredStatementUsingSetObject(String sql) throws SQLException { PreparedStatement ps = con.prepareStatement(sql); http://git-wip-us.apache.org/repos/asf/hive/blob/0330c1c0/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java -- diff --git a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java index 4bb7398..77a1797 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HivePreparedStatement.java @@ -276,7 +276,7 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat public void setBinaryStream(int parameterIndex, InputStream x) throws SQLException { String str = new Scanner(x, "UTF-8").useDelimiter("\\A").next(); -this.parameters.put(parameterIndex, str); +setString(parameterIndex, str); } /* @@ -696,6 +696,27 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat this.parameters.put(parameterIndex,""+x); } + private String replaceBackSlashSingleQuote(String x) { +// scrutinize escape pair, specifically, replace \' to ' +StringBuffer newX = new StringBuffer(); +for (int i = 0; i < x.length(); i++) { + char c = x.charAt(i); + if (c == '\\' && i < x.length()-1) { +char c1 = x.charAt(i+1); +if (c1 == '\'') { + newX.append(c1); +} else { + newX.append(c); + newX.append(c1); +} +i++; + } else { +newX.append(c); + } +} +return newX.toString(); + } + /* * (non-Javadoc) * @@ -703,8 +724,9 @@ public class HivePreparedStatement extends HiveStatement implements PreparedStat */ public void setString(int parameterIndex, String x) throws SQLException { - x=x.replace("'", "\\'"); - this.parameters.put(parameterIndex,"'"+x+"'"); +x = replaceBackSlashSingleQuote(x); +x=x.replace("'", "\\'"); +this.parameters.put(parameterIndex, "'"+x+"'"); } /*