// Bugzilla Bug 27246 // PreparedStatement cache should be different depending on the Catalog @Test public void testPStmtCatalog() throws Exception { Connection conn = getConnection(); conn.setCatalog("catalog1"); DelegatingPreparedStatement stmt1 = (DelegatingPreparedStatement) conn.prepareStatement("select 'a' from dual"); TesterPreparedStatement inner1 = (TesterPreparedStatement) stmt1.getInnermostDelegate(); assertEquals("catalog1", inner1.getCatalog()); stmt1.close(); conn.setCatalog("catalog2"); DelegatingPreparedStatement stmt2 = (DelegatingPreparedStatement) conn.prepareStatement("select 'a' from dual"); TesterPreparedStatement inner2 = (TesterPreparedStatement) stmt2.getInnermostDelegate(); assertEquals("catalog2", inner2.getCatalog()); stmt2.close(); conn.setCatalog("catalog1"); DelegatingPreparedStatement stmt3 = (DelegatingPreparedStatement) conn.prepareStatement("select 'a' from dual"); TesterPreparedStatement inner3 = (TesterPreparedStatement) stmt3.getInnermostDelegate(); assertEquals("catalog1", inner3.getCatalog()); stmt3.close(); assertNotSame(inner1, inner2); assertSame(inner1, inner3); }
/** * Execute a SQL INSERT, UPDATE or DELETE statement. In addition SQL statements that return * nothing such as SQL DDL statements can be executed * * <p>Any IDs generated for AUTO_INCREMENT fields can be retrieved by casting this Statement to * org.gjt.mm.mysql.Statement and calling the getLastInsertID() method. * * @param Sql a SQL statement * @return either a row count, or 0 for SQL commands * @exception java.sql.SQLException if a database access error occurs */ public int executeUpdate(String Sql) throws java.sql.SQLException { if (Driver.trace) { Object[] Args = {Sql}; Debug.methodCall(this, "executeUpdate", Args); } if (_escapeProcessing) { Sql = _Escaper.escapeSQL(Sql); } if (Sql.indexOf("||") != -1) { Sql = _Escaper.doConcat(Sql); } // The checking and changing of catalogs // must happen in sequence, so synchronize // on the same mutex that _Conn is using ResultSet RS = null; synchronized (_Conn.getMutex()) { String OldCatalog = null; if (!_Conn.getCatalog().equals(_Catalog)) { OldCatalog = _Conn.getCatalog(); _Conn.setCatalog(_Catalog); } RS = _Conn.execSQL(Sql, -1); RS.setConnection(_Conn); if (OldCatalog != null) { _Conn.setCatalog(OldCatalog); } } if (RS.reallyResult()) { throw new java.sql.SQLException("Results returned for UPDATE ONLY.", "01S03"); } else { _update_count = RS.getUpdateCount(); int truncated_update_count = 0; if (_update_count > Integer.MAX_VALUE) { truncated_update_count = Integer.MAX_VALUE; } else { truncated_update_count = (int) _update_count; } _last_insert_id = RS.getUpdateID(); return truncated_update_count; } }
/* goodG2B1() - use goodsource and badsink by setting the static variable to false instead of true */ private void goodG2B1() throws Throwable { String data; goodG2B1PublicStatic = false; data = (new CWE15_External_Control_of_System_or_Configuration_Setting__PropertiesFile_22b()) .goodG2B1Source(); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B1() - use goodsource and badsink by setting the variable to false instead of true */ private void goodG2B1(HttpServletRequest request, HttpServletResponse response) throws Throwable { String data; goodG2B1_private = false; data = goodG2B1_source(request, response); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B2() - use goodsource and badsink by reversing statements in if */ private void goodG2B2() throws Throwable { String data; if (PRIVATE_STATIC_FINAL_FIVE == 5) { /* FIX: Use a hardcoded string */ data = "foo"; } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; /* get system property user.home */ /* POTENTIAL FLAW: Read data from a system property */ data = System.getProperty("user.home"); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/* goodG2B() - uses goodsource and badsink */ private void goodG2B() throws Throwable { String data; /* FIX: Use a hardcoded string */ data = "foo"; Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
@Override public void setCatalog(String catalog) throws SQLException { checkState(); try { conn.setCatalog(catalog); } catch (SQLException ex) { handleException(ex); } }
public void setCatalog(String catalog) throws SQLException { String methodCall = "setCatalog(" + catalog + ")"; try { realConnection.setCatalog(catalog); } catch (SQLException s) { reportException(methodCall, s); throw s; } reportReturn(methodCall); }
/* goodG2B() - use goodsource and badsink */ public void goodG2BSink(byte[] dataSerialized) throws Throwable { /* unserialize data */ ByteArrayInputStream streamByteArrayInput = null; ObjectInputStream streamObjectInput = null; try { streamByteArrayInput = new ByteArrayInputStream(dataSerialized); streamObjectInput = new ObjectInputStream(streamByteArrayInput); String data = (String) streamObjectInput.readObject(); Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "IOException in deserialization", exceptIO); } catch (ClassNotFoundException exceptClassNotFound) { IO.logger.log( Level.WARNING, "ClassNotFoundException in deserialization", exceptClassNotFound); } finally { /* clean up stream reading objects */ try { if (streamObjectInput != null) { streamObjectInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ObjectInputStream", exceptIO); } try { if (streamByteArrayInput != null) { streamByteArrayInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing ByteArrayInputStream", exceptIO); } } }
private void trySetConnectionProperties(Query query, Connection connection) throws SQLException { // Required for jdbc drivers that do not implement all/some of these functions (eg. impala jdbc // driver) // For these drivers, set the database default values in the query database try { connection.setClientInfo("ApplicationName", "verifier-test:" + queryPair.getName()); connection.setCatalog(query.getCatalog()); connection.setSchema(query.getSchema()); } catch (SQLClientInfoException ignored) { // Do nothing } }
private void reset(boolean known_resolved_txn) throws SQLException { ensureOkay(); C3P0ImplUtils.resetTxnState( physicalConnection, forceIgnoreUnresolvedTransactions, autoCommitOnClose, known_resolved_txn); if (isolation_lvl_nondefault) { physicalConnection.setTransactionIsolation(dflt_txn_isolation); isolation_lvl_nondefault = false; } if (catalog_nondefault) { physicalConnection.setCatalog(dflt_catalog); catalog_nondefault = false; } if (holdability_nondefault) // we don't test if holdability is supported, 'cuz it can never go // nondefault if it's not. { physicalConnection.setHoldability(dflt_holdability); holdability_nondefault = false; } try { physicalConnection.setReadOnly(false); } catch (Throwable t) { if (logger.isLoggable(MLevel.FINE)) logger.log( MLevel.FINE, "A Throwable occurred while trying to reset the readOnly property of our Connection to false!", t); } try { if (supports_setTypeMap) physicalConnection.setTypeMap(Collections.EMPTY_MAP); } catch (Throwable t) { if (logger.isLoggable(MLevel.FINE)) logger.log( MLevel.FINE, "A Throwable occurred while trying to reset the typeMap property of our Connection to Collections.EMPTY_MAP!", t); } }
/** * Creates a result set to be used by the loading logic. The SQL statement is: * * <pre> * select c.name from syscolumns c where id = ? order by c.colid * </pre> */ protected ResultSet createResultSet() throws SQLException { Table table = this.getTable(); String query = null; String catalog = table.getSchema().getCatalog().getName(); int tableId = ((ICatalogTable) table).getTableId(); conn = ((ICatalogObject) table).getConnection(); query = ASESQLs.QUERY_TABLE_COLUMNS; ResultSet rs = null; oldCatalog = conn.getCatalog(); conn.setCatalog(catalog); stmt = conn.prepareStatement(query); stmt.setInt(1, tableId); try { rs = stmt.executeQuery(); } catch (SQLException e) { JDBCASEPlugin.getDefault().log(e); throw e; } return rs; }
protected void closeResultSet(ResultSet rs) { try { if (rs != null) { rs.close(); } } catch (SQLException e) { JDBCASEPlugin.getDefault().log(e); } try { if (stmt != null) stmt.close(); } catch (SQLException e) { JDBCASEPlugin.getDefault().log(e); } try { if (oldCatalog != null) { conn.setCatalog(oldCatalog); } } catch (SQLException e) { JDBCASEPlugin.getDefault().log(e); } }
public void badSink(String data) throws Throwable { Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
public void badSink() throws Throwable { String data = CWE15_External_Control_of_System_or_Configuration_Setting__Property_68a.data; Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
@Setter public void setCatalog(String value) throws SQLException { connection.setCatalog(value); }
@Override public void onCheckOut(Connection arg0, String arg1) throws Exception { arg0.setCatalog("cherokeedictionary"); arg0.setAutoCommit(true); arg0.setTransactionIsolation(Connection.TRANSACTION_READ_COMMITTED); }
/* uses badsource and badsink - see how tools report flaws that don't always occur */ public void bad() throws Throwable { String data; if (IO.staticReturnsTrueOrFalse()) { data = ""; /* Initialize data */ /* Read data from a database */ { Connection connection = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; try { /* setup the connection */ connection = IO.getDBConnection(); /* prepare and execute a (hardcoded) query */ preparedStatement = connection.prepareStatement("select name from users where id=0"); resultSet = preparedStatement.executeQuery(); /* POTENTIAL FLAW: Read data from a database query resultset */ data = resultSet.getString(1); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error with SQL statement", exceptSql); } finally { /* Close database objects */ try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (preparedStatement != null) { preparedStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (connection != null) { connection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } } else { /* FIX: Use a hardcoded string */ data = "foo"; } Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
/** * Pass thru method to the wrapped jdbc 1.x {@link java.sql.Connection}. * * @exception SQLException if this connection is closed or an error occurs in the wrapped * connection. */ public void setCatalog(String catalog) throws SQLException { assertOpen(); connection.setCatalog(catalog); }
/* uses badsource and badsink */ public void bad() throws Throwable { String data; if (PRIVATE_STATIC_FINAL_FIVE == 5) { data = ""; /* Initialize data */ { File file = new File("C:\\data.txt"); FileInputStream streamFileInput = null; InputStreamReader readerInputStream = null; BufferedReader readerBuffered = null; try { /* read string from file into data */ streamFileInput = new FileInputStream(file); readerInputStream = new InputStreamReader(streamFileInput, "UTF-8"); readerBuffered = new BufferedReader(readerInputStream); /* POTENTIAL FLAW: Read data from a file */ /* This will be reading the first "line" of the file, which * could be very long if there are little or no newlines in the file */ data = readerBuffered.readLine(); } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO); } finally { /* Close stream reading objects */ try { if (readerBuffered != null) { readerBuffered.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO); } try { if (readerInputStream != null) { readerInputStream.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO); } try { if (streamFileInput != null) { streamFileInput.close(); } } catch (IOException exceptIO) { IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO); } } } } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } Connection dbConnection = null; try { dbConnection = IO.getDBConnection(); /* POTENTIAL FLAW: Set the catalog name with the value of data * allowing a nonexistent catalog name or unauthorized access to a portion of the DB */ dbConnection.setCatalog(data); } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
@Test public void testUnsupportedOperations() throws Exception { Connection conn = getConnection(); try { conn.prepareCall(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setReadOnly(false); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setCatalog(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.getCatalog(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.prepareCall(null, 0, 0); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setTypeMap(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.getTypeMap(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setSavepoint(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setSavepoint(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.rollback(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.releaseSavepoint(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.prepareCall(null, 0, 0, 0); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createClob(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createBlob(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createNClob(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createSQLXML(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createArrayOf(null, (Object[]) null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.createStruct(null, (Object[]) null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setSchema(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.getSchema(); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.abort(null); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.setNetworkTimeout(null, 0); fail(); } catch (UnsupportedOperationException ignore) { } try { conn.getNetworkTimeout(); fail(); } catch (UnsupportedOperationException ignore) { } }
public void setCatalog(String catalog) throws SQLException { con.setCatalog(catalog); }
@Override public void setCatalog(String s) throws SQLException { conn.setCatalog(s); }
public void setCatalog(String catalog) throws SQLException { _isReuse = false; _conn.setCatalog(catalog); }
@Override public void setCatalog(String catalog) throws SQLException { checkState(); conn.setCatalog(catalog); }
/** * Execute a SQL statement that may return multiple results. We don't have to worry about this * since we do not support multiple ResultSets. You can use getResultSet or getUpdateCount to * retrieve the result. * * @param sql any SQL statement * @return true if the next result is a ResulSet, false if it is an update count or there are no * more results * @exception java.sql.SQLException if a database access error occurs */ public boolean execute(String Sql) throws java.sql.SQLException { if (Driver.trace) { Object[] Args = {Sql}; Debug.methodCall(this, "execute", Args); } if (_escapeProcessing) { Sql = _Escaper.escapeSQL(Sql); } if (Sql.indexOf("||") != -1) { Sql = _Escaper.doConcat(Sql); } if (_Results != null) { _Results.close(); } ResultSet RS = null; // If there isn't a limit clause in the SQL // then limit the number of rows to return in // an efficient manner. Only do this if // setMaxRows() hasn't been used on any Statements // generated from the current Connection (saves // a query, and network traffic). synchronized (_Conn.getMutex()) { String OldCatalog = null; if (!_Conn.getCatalog().equals(_Catalog)) { OldCatalog = _Conn.getCatalog(); _Conn.setCatalog(_Catalog); } if (_Conn.useMaxRows()) { if (Sql.toUpperCase().indexOf("LIMIT") != -1) { RS = _Conn.execSQL(Sql, _max_rows); } else { if (_max_rows <= 0) { _Conn.execSQL("SET OPTION SQL_SELECT_LIMIT=" + MysqlDefs.MAX_ROWS, -1); } else { _Conn.execSQL("SET OPTION SQL_SELECT_LIMIT=" + _max_rows, -1); } RS = _Conn.execSQL(Sql, -1); } } else { RS = _Conn.execSQL(Sql, -1); } if (OldCatalog != null) { _Conn.setCatalog(OldCatalog); } } _last_insert_id = RS.getUpdateID(); if (RS != null) { _Results = RS; } RS.setConnection(_Conn); return (RS != null && RS.reallyResult()); }
/** * Execute a SQL statement that retruns a single ResultSet * * @param Sql typically a static SQL SELECT statement * @return a ResulSet that contains the data produced by the query * @exception java.sql.SQLException if a database access error occurs */ public java.sql.ResultSet executeQuery(String Sql) throws java.sql.SQLException { if (Driver.trace) { Object[] Args = {Sql}; Debug.methodCall(this, "executeQuery", Args); } if (_escapeProcessing) { Sql = _Escaper.escapeSQL(Sql); } if (Sql.indexOf("||") != -1) { Sql = _Escaper.doConcat(Sql); } if (_Results != null) { _Results.close(); } // If there isn't a limit clause in the SQL // then limit the number of rows to return in // an efficient manner. Only do this if // setMaxRows() hasn't been used on any Statements // generated from the current Connection (saves // a query, and network traffic). synchronized (_Conn.getMutex()) { String OldCatalog = null; if (!_Conn.getCatalog().equals(_Catalog)) { OldCatalog = _Conn.getCatalog(); _Conn.setCatalog(_Catalog); } if (_Conn.useMaxRows()) { // We need to execute this all together // So synchronize on the Connection's mutex (because // even queries going through there synchronize // on the connection if (Sql.toUpperCase().indexOf("LIMIT") != -1) { _Results = _Conn.execSQL(Sql, _max_rows); } else { if (_max_rows <= 0) { _Conn.execSQL("SET OPTION SQL_SELECT_LIMIT=" + MysqlDefs.MAX_ROWS, -1); } else { _Conn.execSQL("SET OPTION SQL_SELECT_LIMIT=" + _max_rows, -1); } _Results = _Conn.execSQL(Sql, -1); if (OldCatalog != null) { _Conn.setCatalog(OldCatalog); } } } else { _Results = _Conn.execSQL(Sql, -1); } if (OldCatalog != null) { _Conn.setCatalog(OldCatalog); } } _last_insert_id = _Results.getUpdateID(); _NextResults = _Results; _Results.setConnection(_Conn); return _Results; }
@Override public void setCatalog(String catalog) throws SQLException { _wrapped.setCatalog(catalog); }