improve SQL mutation statements#575
Open
cportele wants to merge 1 commit into
Open
Conversation
Mutation SQL is assembled by string concatenation, and numeric-typed columns inlined the value's raw text: SqlMutationSession.encodeLiteral returned value.asText() for INTEGER/FLOAT, and FeatureEncoderSql.onValue only quoted STRING/DATE/DATETIME. A client sending a JSON string (or a wfs:Value) for a numeric column could therefore inject arbitrary SQL into the generated INSERT/UPDATE (e.g. "0 WHERE 1=1; DROP TABLE x --"), without requiring handling=strict. FeatureEncoderSql.onValue also inlined BOOLEAN values raw, and the role-override UPDATE path (formatRoleOverrideValue) had the same shape. Centralize inline-literal rendering in SqlLiterals and route all three sinks through it: - integers are re-rendered from a parsed BigDecimal.toBigIntegerExact() - floats are re-rendered via BigDecimal.toPlainString() (also avoids non-portable scientific notation) - booleans are normalized to the TRUE/FALSE keywords - strings/dates and any unmapped column type are single-quoted with quote-doubling (safe default: never inline raw input) - null is preserved A value that does not match its column type is now rejected with IllegalArgumentException instead of being inlined verbatim, consistent with the existing geometry-literal validation. This is a slightly stricter contract: a malformed numeric/boolean value now fails the write rather than being silently coerced. Oracle shares this path (FeatureProviderOracle extends FeatureProviderSql and reuses SqlMutationSession/FeatureEncoderSql; SqlDialectOras.escapeString matches the standard quote-doubling), so the guard applies there too. Adds SqlLiteralsSpec covering quote-doubling, numeric/boolean validation, injection rejection, NULL, and the quoted fallback.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mutation SQL is assembled by string concatenation, and numeric-typed columns inlined the value's raw text: SqlMutationSession.encodeLiteral returned value.asText() for INTEGER/FLOAT, and FeatureEncoderSql.onValue only quoted STRING/DATE/DATETIME. A client sending a JSON string (or a wfs:Value) for a numeric column could therefore inject arbitrary SQL into the generated INSERT/UPDATE (e.g. "0 WHERE 1=1; DROP TABLE x --"), without requiring handling=strict. FeatureEncoderSql.onValue also inlined BOOLEAN values raw, and the role-override UPDATE path (formatRoleOverrideValue) had the same shape.
Centralize inline-literal rendering in SqlLiterals and route all three sinks through it:
A value that does not match its column type is now rejected with IllegalArgumentException instead of being inlined verbatim, consistent with the existing geometry-literal validation. This is a slightly stricter contract: a malformed numeric/boolean value now fails the write rather than being silently coerced.
Oracle shares this path (FeatureProviderOracle extends FeatureProviderSql and reuses SqlMutationSession/FeatureEncoderSql; SqlDialectOras.escapeString matches the standard quote-doubling), so the guard applies there too.
Adds SqlLiteralsSpec covering quote-doubling, numeric/boolean validation, injection rejection, NULL, and the quoted fallback.