mirror of
https://github.com/nextcloud/android.git
synced 2024-11-25 06:35:48 +03:00
Merge pull request from GHSA-vjp2-f63v-w479
Harden FileContentProvider's public Uri paths
This commit is contained in:
commit
98465ab3fb
7 changed files with 593 additions and 53 deletions
|
@ -0,0 +1,115 @@
|
|||
/*
|
||||
*
|
||||
* Nextcloud Android client application
|
||||
*
|
||||
* @author Tobias Kaminsky
|
||||
* Copyright (C) 2021 Tobias Kaminsky
|
||||
* Copyright (C) 2021 Nextcloud GmbH
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
package com.owncloud.android.providers
|
||||
|
||||
import java.lang.IllegalArgumentException
|
||||
import com.owncloud.android.db.ProviderMeta
|
||||
import android.content.ContentValues
|
||||
import com.owncloud.android.utils.MimeTypeUtil
|
||||
import org.junit.Test
|
||||
|
||||
@Suppress("FunctionNaming")
|
||||
class FileContentProviderVerificationIT {
|
||||
|
||||
companion object {
|
||||
private const val INVALID_COLUMN = "Invalid column"
|
||||
private const val FILE_LENGTH = 120
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifyColumnName_Exception() {
|
||||
FileContentProvider.VerificationUtils.verifyColumnName(INVALID_COLUMN)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun verifyColumnName_OK() {
|
||||
FileContentProvider.VerificationUtils.verifyColumnName(ProviderMeta.ProviderTableMeta.FILE_NAME)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun verifyColumn_ContentValues_OK() {
|
||||
// with valid columns
|
||||
val contentValues = ContentValues()
|
||||
contentValues.put(ProviderMeta.ProviderTableMeta.FILE_CONTENT_LENGTH, FILE_LENGTH)
|
||||
contentValues.put(ProviderMeta.ProviderTableMeta.FILE_CONTENT_TYPE, MimeTypeUtil.MIMETYPE_TEXT_MARKDOWN)
|
||||
FileContentProvider.VerificationUtils.verifyColumns(contentValues)
|
||||
|
||||
// empty
|
||||
FileContentProvider.VerificationUtils.verifyColumns(ContentValues())
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifyColumn_ContentValues_invalidColumn() {
|
||||
// with invalid columns
|
||||
val contentValues = ContentValues()
|
||||
contentValues.put(INVALID_COLUMN, FILE_LENGTH)
|
||||
contentValues.put(ProviderMeta.ProviderTableMeta.FILE_CONTENT_TYPE, MimeTypeUtil.MIMETYPE_TEXT_MARKDOWN)
|
||||
FileContentProvider.VerificationUtils.verifyColumns(contentValues)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun verifySortOrder_OK() {
|
||||
// null
|
||||
FileContentProvider.VerificationUtils.verifySortOrder(null)
|
||||
|
||||
// empty
|
||||
FileContentProvider.VerificationUtils.verifySortOrder("")
|
||||
|
||||
// valid sort
|
||||
FileContentProvider.VerificationUtils.verifySortOrder(ProviderMeta.ProviderTableMeta.FILE_DEFAULT_SORT_ORDER)
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifySortOrder_InvalidColumn() {
|
||||
// with invalid column
|
||||
FileContentProvider.VerificationUtils.verifySortOrder("$INVALID_COLUMN desc")
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifySortOrder_InvalidGrammar() {
|
||||
// with invalid grammar
|
||||
FileContentProvider.VerificationUtils.verifySortOrder("${ProviderMeta.ProviderTableMeta._ID} ;--foo")
|
||||
}
|
||||
|
||||
@Test
|
||||
fun verifyWhere_OK() {
|
||||
FileContentProvider.VerificationUtils.verifyWhere(null)
|
||||
FileContentProvider.VerificationUtils.verifyWhere(
|
||||
"${ProviderMeta.ProviderTableMeta._ID}=? AND ${ProviderMeta.ProviderTableMeta.FILE_ACCOUNT_OWNER}=?"
|
||||
)
|
||||
FileContentProvider.VerificationUtils.verifyWhere(
|
||||
"${ProviderMeta.ProviderTableMeta._ID} = 1" +
|
||||
" AND (1 = 1)" +
|
||||
" AND ${ProviderMeta.ProviderTableMeta.FILE_ACCOUNT_OWNER} LIKE ?"
|
||||
)
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifyWhere_InvalidColumnName() {
|
||||
FileContentProvider.VerificationUtils.verifyWhere("$INVALID_COLUMN= ?")
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException::class)
|
||||
fun verifyWhere_InvalidGrammar() {
|
||||
FileContentProvider.VerificationUtils.verifyWhere("1=1 -- SELECT * FROM")
|
||||
}
|
||||
}
|
|
@ -76,7 +76,9 @@ public class ExternalLinksProvider {
|
|||
* @return numbers of rows deleted
|
||||
*/
|
||||
public int deleteAllExternalLinks() {
|
||||
return mContentResolver.delete(ProviderMeta.ProviderTableMeta.CONTENT_URI_EXTERNAL_LINKS, " 1 = 1 ", null);
|
||||
return mContentResolver.delete(ProviderMeta.ProviderTableMeta.CONTENT_URI_EXTERNAL_LINKS,
|
||||
null,
|
||||
null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -554,6 +554,10 @@ public class FileDataStorageManager {
|
|||
// ""+file.getFileId());
|
||||
Uri file_uri = ContentUris.withAppendedId(ProviderTableMeta.CONTENT_URI_FILE, ocFile.getFileId());
|
||||
String where = ProviderTableMeta.FILE_ACCOUNT_OWNER + AND + ProviderTableMeta.FILE_PATH + "=?";
|
||||
|
||||
// TODO switch to string array with fixed keys in it
|
||||
// file_owner = ? and path =?
|
||||
// String[] { "file_owner", "path"}
|
||||
String[] whereArgs = new String[]{user.getAccountName(), ocFile.getRemotePath()};
|
||||
int deleted = 0;
|
||||
if (getContentProviderClient() != null) {
|
||||
|
@ -905,7 +909,7 @@ public class FileDataStorageManager {
|
|||
ProviderTableMeta.FILE_PARENT + "=?",
|
||||
new String[]{String.valueOf(parentId)},
|
||||
null
|
||||
);
|
||||
);
|
||||
}
|
||||
|
||||
if (cursor != null) {
|
||||
|
|
|
@ -112,12 +112,12 @@ public class SyncedFolderProvider extends Observable {
|
|||
*/
|
||||
public List<SyncedFolder> getSyncedFolders() {
|
||||
Cursor cursor = mContentResolver.query(
|
||||
ProviderMeta.ProviderTableMeta.CONTENT_URI_SYNCED_FOLDERS,
|
||||
null,
|
||||
"1=1",
|
||||
null,
|
||||
null
|
||||
);
|
||||
ProviderMeta.ProviderTableMeta.CONTENT_URI_SYNCED_FOLDERS,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
null
|
||||
);
|
||||
|
||||
if (cursor != null) {
|
||||
List<SyncedFolder> list = new ArrayList<>(cursor.getCount());
|
||||
|
|
|
@ -122,6 +122,7 @@ public class ProviderMeta {
|
|||
_ID,
|
||||
FILE_PARENT,
|
||||
FILE_NAME,
|
||||
FILE_ENCRYPTED_NAME,
|
||||
FILE_CREATION,
|
||||
FILE_MODIFIED,
|
||||
FILE_MODIFIED_AT_LAST_SYNC_FOR_DATA,
|
||||
|
@ -129,9 +130,11 @@ public class ProviderMeta {
|
|||
FILE_CONTENT_TYPE,
|
||||
FILE_STORAGE_PATH,
|
||||
FILE_PATH,
|
||||
FILE_PATH_DECRYPTED,
|
||||
FILE_ACCOUNT_OWNER,
|
||||
FILE_LAST_SYNC_DATE,
|
||||
FILE_LAST_SYNC_DATE_FOR_DATA,
|
||||
FILE_KEEP_IN_SYNC,
|
||||
FILE_ETAG,
|
||||
FILE_ETAG_ON_SERVER,
|
||||
FILE_SHARED_VIA_LINK,
|
||||
|
@ -146,6 +149,9 @@ public class ProviderMeta {
|
|||
FILE_MOUNT_TYPE,
|
||||
FILE_HAS_PREVIEW,
|
||||
FILE_UNREAD_COMMENTS_COUNT,
|
||||
FILE_OWNER_ID,
|
||||
FILE_OWNER_DISPLAY_NAME,
|
||||
FILE_NOTE,
|
||||
FILE_SHAREES,
|
||||
FILE_RICH_WORKSPACE));
|
||||
|
||||
|
|
|
@ -64,7 +64,11 @@ import java.util.Locale;
|
|||
import javax.inject.Inject;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
import androidx.annotation.VisibleForTesting;
|
||||
import dagger.android.AndroidInjection;
|
||||
import third_parties.aosp.SQLiteTokenizer;
|
||||
|
||||
|
||||
/**
|
||||
* The ContentProvider for the ownCloud App.
|
||||
|
@ -125,6 +129,14 @@ public class FileContentProvider extends ContentProvider {
|
|||
return -1;
|
||||
}
|
||||
|
||||
// verify where for public paths
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
case SINGLE_FILE:
|
||||
case DIRECTORY:
|
||||
VerificationUtils.verifyWhere(where);
|
||||
}
|
||||
|
||||
int count;
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case SINGLE_FILE:
|
||||
|
@ -169,7 +181,6 @@ public class FileContentProvider extends ContentProvider {
|
|||
|
||||
private int deleteDirectory(SQLiteDatabase db, Uri uri, String where, String... whereArgs) {
|
||||
int count = 0;
|
||||
|
||||
Cursor children = query(uri, null, null, null, null);
|
||||
if (children != null) {
|
||||
if (children.moveToFirst()) {
|
||||
|
@ -194,9 +205,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
if (uri.getPathSegments().size() > MINIMUM_PATH_SEGMENTS_SIZE) {
|
||||
count += db.delete(ProviderTableMeta.FILE_TABLE_NAME,
|
||||
ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1)
|
||||
+ (!TextUtils.isEmpty(where) ? " AND (" + where + ")" : ""), whereArgs);
|
||||
count += deleteWithuri(db, uri, where, whereArgs);
|
||||
}
|
||||
|
||||
return count;
|
||||
|
@ -215,9 +224,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
if (remoteId == null) {
|
||||
return 0;
|
||||
} else {
|
||||
count = db.delete(ProviderTableMeta.FILE_TABLE_NAME,
|
||||
ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1)
|
||||
+ (!TextUtils.isEmpty(where) ? " AND (" + where + ")" : ""), whereArgs);
|
||||
count = deleteWithuri(db, uri, where, whereArgs);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
Log_OC.d(TAG, "DB-Error removing file!", e);
|
||||
|
@ -230,6 +237,13 @@ public class FileContentProvider extends ContentProvider {
|
|||
return count;
|
||||
}
|
||||
|
||||
private int deleteWithuri(SQLiteDatabase db, Uri uri, String where, String[] whereArgs) {
|
||||
final String[] argsWithUri = VerificationUtils.prependUriFirstSegmentToSelectionArgs(whereArgs, uri);
|
||||
return db.delete(ProviderTableMeta.FILE_TABLE_NAME,
|
||||
ProviderTableMeta._ID + "=?"
|
||||
+ (!TextUtils.isEmpty(where) ? " AND (" + where + ")" : ""), argsWithUri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getType(@NonNull Uri uri) {
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
|
@ -262,6 +276,16 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
private Uri insert(SQLiteDatabase db, Uri uri, ContentValues values) {
|
||||
// verify only for those requests that are not internal (files table)
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
case SINGLE_FILE:
|
||||
case DIRECTORY:
|
||||
VerificationUtils.verifyColumns(values);
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
case SINGLE_FILE:
|
||||
|
@ -483,81 +507,66 @@ public class FileContentProvider extends ContentProvider {
|
|||
return result;
|
||||
}
|
||||
|
||||
private Cursor query(SQLiteDatabase db, Uri uri, String[] projectionArray, String selection, String[] selectionArgs,
|
||||
private Cursor query(SQLiteDatabase db,
|
||||
Uri uri,
|
||||
String[] projectionArray,
|
||||
String selection,
|
||||
String[] selectionArgs,
|
||||
String sortOrder) {
|
||||
|
||||
// verify only for those requests that are not internal
|
||||
final int uriMatch = mUriMatcher.match(uri);
|
||||
|
||||
SQLiteQueryBuilder sqlQuery = new SQLiteQueryBuilder();
|
||||
|
||||
sqlQuery.setTables(ProviderTableMeta.FILE_TABLE_NAME);
|
||||
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
switch (uriMatch) {
|
||||
case ROOT_DIRECTORY:
|
||||
break;
|
||||
case DIRECTORY:
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta.FILE_PARENT + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case SINGLE_FILE:
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
VerificationUtils.verifyWhere(selection); // prevent injection in public paths
|
||||
sqlQuery.setTables(ProviderTableMeta.FILE_TABLE_NAME);
|
||||
break;
|
||||
case SHARES:
|
||||
sqlQuery.setTables(ProviderTableMeta.OCSHARES_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case CAPABILITIES:
|
||||
sqlQuery.setTables(ProviderTableMeta.CAPABILITIES_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case UPLOADS:
|
||||
sqlQuery.setTables(ProviderTableMeta.UPLOADS_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case SYNCED_FOLDERS:
|
||||
sqlQuery.setTables(ProviderTableMeta.SYNCED_FOLDERS_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case EXTERNAL_LINKS:
|
||||
sqlQuery.setTables(ProviderTableMeta.EXTERNAL_LINKS_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case ARBITRARY_DATA:
|
||||
sqlQuery.setTables(ProviderTableMeta.ARBITRARY_DATA_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case VIRTUAL:
|
||||
sqlQuery.setTables(ProviderTableMeta.VIRTUAL_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
case FILESYSTEM:
|
||||
sqlQuery.setTables(ProviderTableMeta.FILESYSTEM_TABLE_NAME);
|
||||
if (uri.getPathSegments().size() > SINGLE_PATH_SEGMENT) {
|
||||
sqlQuery.appendWhere(ProviderTableMeta._ID + "=" + uri.getPathSegments().get(1));
|
||||
}
|
||||
break;
|
||||
default:
|
||||
throw new IllegalArgumentException("Unknown uri id: " + uri);
|
||||
}
|
||||
|
||||
|
||||
// add ID to arguments if Uri has more than one segment
|
||||
if (uriMatch != ROOT_DIRECTORY && uri.getPathSegments().size() > SINGLE_PATH_SEGMENT ) {
|
||||
String idColumn = uriMatch == DIRECTORY ? ProviderTableMeta.FILE_PARENT : ProviderTableMeta._ID;
|
||||
sqlQuery.appendWhere(idColumn + "=?");
|
||||
selectionArgs = VerificationUtils.prependUriFirstSegmentToSelectionArgs(selectionArgs, uri);
|
||||
}
|
||||
|
||||
|
||||
String order;
|
||||
if (TextUtils.isEmpty(sortOrder)) {
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
switch (uriMatch) {
|
||||
case SHARES:
|
||||
order = ProviderTableMeta.OCSHARES_DEFAULT_SORT_ORDER;
|
||||
break;
|
||||
|
@ -587,6 +596,9 @@ public class FileContentProvider extends ContentProvider {
|
|||
break;
|
||||
}
|
||||
} else {
|
||||
if (uriMatch == ROOT_DIRECTORY || uriMatch == SINGLE_FILE || uriMatch == DIRECTORY) {
|
||||
VerificationUtils.verifySortOrder(sortOrder);
|
||||
}
|
||||
order = sortOrder;
|
||||
}
|
||||
|
||||
|
@ -594,8 +606,8 @@ public class FileContentProvider extends ContentProvider {
|
|||
db.execSQL("PRAGMA case_sensitive_like = true");
|
||||
|
||||
// only file list is accessible via content provider, so only this has to be protected with projectionMap
|
||||
if ((mUriMatcher.match(uri) == ROOT_DIRECTORY || mUriMatcher.match(uri) == SINGLE_FILE ||
|
||||
mUriMatcher.match(uri) == DIRECTORY) && projectionArray != null) {
|
||||
if ((uriMatch == ROOT_DIRECTORY || uriMatch == SINGLE_FILE ||
|
||||
uriMatch == DIRECTORY) && projectionArray != null) {
|
||||
HashMap<String, String> projectionMap = new HashMap<>();
|
||||
|
||||
for (String projection : ProviderTableMeta.FILE_ALL_COLUMNS) {
|
||||
|
@ -637,6 +649,15 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
private int update(SQLiteDatabase db, Uri uri, ContentValues values, String selection, String... selectionArgs) {
|
||||
// verify contentValues and selection for public paths to prevent injection
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
case SINGLE_FILE:
|
||||
case DIRECTORY:
|
||||
VerificationUtils.verifyColumns(values);
|
||||
VerificationUtils.verifyWhere(selection);
|
||||
}
|
||||
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case DIRECTORY:
|
||||
return 0;
|
||||
|
@ -1034,6 +1055,106 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
static class VerificationUtils {
|
||||
|
||||
private static boolean isValidColumnName(@NonNull String columnName) {
|
||||
return ProviderTableMeta.FILE_ALL_COLUMNS.contains(columnName);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
public static void verifyColumns(@Nullable ContentValues contentValues) {
|
||||
if (contentValues == null || contentValues.keySet().size() == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
for (String name : contentValues.keySet()) {
|
||||
verifyColumnName(name);
|
||||
}
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
public static void verifyColumnName(@NonNull String columnName) {
|
||||
if (!isValidColumnName(columnName)) {
|
||||
throw new IllegalArgumentException(String.format("Column name \"%s\" is not allowed", columnName));
|
||||
}
|
||||
}
|
||||
|
||||
public static String[] prependUriFirstSegmentToSelectionArgs(@Nullable final String[] originalArgs, final Uri uri) {
|
||||
String[] args;
|
||||
if (originalArgs == null) {
|
||||
args = new String[1];
|
||||
} else {
|
||||
args = new String[originalArgs.length + 1];
|
||||
System.arraycopy(originalArgs, 0, args, 1, originalArgs.length);
|
||||
}
|
||||
args[0] = uri.getPathSegments().get(1);
|
||||
return args;
|
||||
}
|
||||
|
||||
public static void verifySortOrder(@Nullable String sortOrder) {
|
||||
if (sortOrder == null) {
|
||||
return;
|
||||
}
|
||||
SQLiteTokenizer.tokenize(sortOrder, SQLiteTokenizer.OPTION_NONE, VerificationUtils::verifySortToken);
|
||||
}
|
||||
|
||||
private static void verifySortToken(String token){
|
||||
// accept empty tokens and valid column names
|
||||
if (TextUtils.isEmpty(token) || isValidColumnName(token)) {
|
||||
return;
|
||||
}
|
||||
// accept only a small subset of keywords
|
||||
if(SQLiteTokenizer.isKeyword(token)){
|
||||
switch (token.toUpperCase(Locale.ROOT)) {
|
||||
case "ASC":
|
||||
case "DESC":
|
||||
case "COLLATE":
|
||||
case "NOCASE":
|
||||
return;
|
||||
}
|
||||
}
|
||||
// if none of the above, invalid token
|
||||
throw new IllegalArgumentException("Invalid token " + token);
|
||||
}
|
||||
|
||||
public static void verifyWhere(@Nullable String where) {
|
||||
if (where == null) {
|
||||
return;
|
||||
}
|
||||
SQLiteTokenizer.tokenize(where, SQLiteTokenizer.OPTION_NONE, VerificationUtils::verifyWhereToken);
|
||||
}
|
||||
|
||||
private static void verifyWhereToken(String token) {
|
||||
// allow empty, valid column names, functions (min,max,count) and types
|
||||
if (TextUtils.isEmpty(token) || isValidColumnName(token)
|
||||
|| SQLiteTokenizer.isFunction(token) || SQLiteTokenizer.isType(token)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Disallow dangerous keywords, allow others
|
||||
if (SQLiteTokenizer.isKeyword(token)) {
|
||||
switch (token.toUpperCase(Locale.ROOT)) {
|
||||
case "SELECT":
|
||||
case "FROM":
|
||||
case "WHERE":
|
||||
case "GROUP":
|
||||
case "HAVING":
|
||||
case "WINDOW":
|
||||
case "VALUES":
|
||||
case "ORDER":
|
||||
case "LIMIT":
|
||||
throw new IllegalArgumentException("Invalid token " + token);
|
||||
default:
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// if none of the above: invalid token
|
||||
throw new IllegalArgumentException("Invalid token " + token);
|
||||
}
|
||||
}
|
||||
|
||||
class DataBaseHelper extends SQLiteOpenHelper {
|
||||
DataBaseHelper(Context context) {
|
||||
super(context, ProviderMeta.DB_NAME, null, ProviderMeta.DB_VERSION);
|
||||
|
|
292
src/main/java/third_parties/aosp/SQLiteTokenizer.java
Normal file
292
src/main/java/third_parties/aosp/SQLiteTokenizer.java
Normal file
|
@ -0,0 +1,292 @@
|
|||
package third_parties.aosp;
|
||||
|
||||
/*
|
||||
* Copyright (C) 2019 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
||||
import androidx.annotation.NonNull;
|
||||
import androidx.annotation.Nullable;
|
||||
import androidx.core.util.Consumer;
|
||||
|
||||
/**
|
||||
* SQL Tokenizer specialized to extract tokens from SQL (snippets).
|
||||
*
|
||||
* Originally from AOSP: https://github.com/aosp-mirror/platform_frameworks_base/blob/0e66ea6f3221aa8ccbb78ce38fbcaa67d8ea94f9/core/java/android/database/sqlite/SQLiteQueryBuilder.java
|
||||
* Backported to be usable with AndroidX under api 24.
|
||||
*/
|
||||
public class SQLiteTokenizer {
|
||||
private static boolean isAlpha(char ch) {
|
||||
return ('a' <= ch && ch <= 'z') || ('A' <= ch && ch <= 'Z') || (ch == '_');
|
||||
}
|
||||
|
||||
private static boolean isNum(char ch) {
|
||||
return ('0' <= ch && ch <= '9');
|
||||
}
|
||||
|
||||
private static boolean isAlNum(char ch) {
|
||||
return isAlpha(ch) || isNum(ch);
|
||||
}
|
||||
|
||||
private static boolean isAnyOf(char ch, String set) {
|
||||
return set.indexOf(ch) >= 0;
|
||||
}
|
||||
|
||||
private static IllegalArgumentException genException(String message, String sql) {
|
||||
throw new IllegalArgumentException(message + " in '" + sql + "'");
|
||||
}
|
||||
|
||||
private static char peek(String s, int index) {
|
||||
return index < s.length() ? s.charAt(index) : '\0';
|
||||
}
|
||||
|
||||
public static final int OPTION_NONE = 0;
|
||||
|
||||
/**
|
||||
* Require that SQL contains only tokens; any comments or values will result
|
||||
* in an exception.
|
||||
*/
|
||||
public static final int OPTION_TOKEN_ONLY = 1 << 0;
|
||||
|
||||
/**
|
||||
* Tokenize the given SQL, returning the list of each encountered token.
|
||||
*
|
||||
* @throws IllegalArgumentException if invalid SQL is encountered.
|
||||
*/
|
||||
public static List<String> tokenize(@Nullable String sql, int options) {
|
||||
final ArrayList<String> res = new ArrayList<>();
|
||||
tokenize(sql, options, res::add);
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tokenize the given SQL, sending each encountered token to the given
|
||||
* {@link Consumer}.
|
||||
*
|
||||
* @throws IllegalArgumentException if invalid SQL is encountered.
|
||||
*/
|
||||
public static void tokenize(@Nullable String sql, int options, Consumer<String> checker) {
|
||||
if (sql == null) {
|
||||
return;
|
||||
}
|
||||
int pos = 0;
|
||||
final int len = sql.length();
|
||||
while (pos < len) {
|
||||
final char ch = peek(sql, pos);
|
||||
|
||||
// Regular token.
|
||||
if (isAlpha(ch)) {
|
||||
final int start = pos;
|
||||
pos++;
|
||||
while (isAlNum(peek(sql, pos))) {
|
||||
pos++;
|
||||
}
|
||||
final int end = pos;
|
||||
|
||||
final String token = sql.substring(start, end);
|
||||
checker.accept(token);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
// Handle quoted tokens
|
||||
if (isAnyOf(ch, "'\"`")) {
|
||||
final int quoteStart = pos;
|
||||
pos++;
|
||||
|
||||
for (;;) {
|
||||
pos = sql.indexOf(ch, pos);
|
||||
if (pos < 0) {
|
||||
throw genException("Unterminated quote", sql);
|
||||
}
|
||||
if (peek(sql, pos + 1) != ch) {
|
||||
break;
|
||||
}
|
||||
// Quoted quote char -- e.g. "abc""def" is a single string.
|
||||
pos += 2;
|
||||
}
|
||||
final int quoteEnd = pos;
|
||||
pos++;
|
||||
|
||||
if (ch != '\'') {
|
||||
// Extract the token
|
||||
final String tokenUnquoted = sql.substring(quoteStart + 1, quoteEnd);
|
||||
|
||||
final String token;
|
||||
|
||||
// Unquote if needed. i.e. "aa""bb" -> aa"bb
|
||||
if (tokenUnquoted.indexOf(ch) >= 0) {
|
||||
token = tokenUnquoted.replaceAll(
|
||||
String.valueOf(ch) + ch, String.valueOf(ch));
|
||||
} else {
|
||||
token = tokenUnquoted;
|
||||
}
|
||||
checker.accept(token);
|
||||
} else {
|
||||
if ((options &= OPTION_TOKEN_ONLY) != 0) {
|
||||
throw genException("Non-token detected", sql);
|
||||
}
|
||||
}
|
||||
continue;
|
||||
}
|
||||
// Handle tokens enclosed in [...]
|
||||
if (ch == '[') {
|
||||
final int quoteStart = pos;
|
||||
pos++;
|
||||
|
||||
pos = sql.indexOf(']', pos);
|
||||
if (pos < 0) {
|
||||
throw genException("Unterminated quote", sql);
|
||||
}
|
||||
final int quoteEnd = pos;
|
||||
pos++;
|
||||
|
||||
final String token = sql.substring(quoteStart + 1, quoteEnd);
|
||||
|
||||
checker.accept(token);
|
||||
continue;
|
||||
}
|
||||
if ((options &= OPTION_TOKEN_ONLY) != 0) {
|
||||
throw genException("Non-token detected", sql);
|
||||
}
|
||||
|
||||
// Detect comments.
|
||||
if (ch == '-' && peek(sql, pos + 1) == '-') {
|
||||
pos += 2;
|
||||
pos = sql.indexOf('\n', pos);
|
||||
if (pos < 0) {
|
||||
// We disallow strings ending in an inline comment.
|
||||
throw genException("Unterminated comment", sql);
|
||||
}
|
||||
pos++;
|
||||
|
||||
continue;
|
||||
}
|
||||
if (ch == '/' && peek(sql, pos + 1) == '*') {
|
||||
pos += 2;
|
||||
pos = sql.indexOf("*/", pos);
|
||||
if (pos < 0) {
|
||||
throw genException("Unterminated comment", sql);
|
||||
}
|
||||
pos += 2;
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
// Semicolon is never allowed.
|
||||
if (ch == ';') {
|
||||
throw genException("Semicolon is not allowed", sql);
|
||||
}
|
||||
|
||||
// For this purpose, we can simply ignore other characters.
|
||||
// (Note it doesn't handle the X'' literal properly and reports this X as a token,
|
||||
// but that should be fine...)
|
||||
pos++;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if given token is a
|
||||
* <a href="https://www.sqlite.org/lang_keywords.html">SQLite reserved
|
||||
* keyword</a>.
|
||||
*/
|
||||
public static boolean isKeyword(@NonNull String token) {
|
||||
switch (token.toUpperCase(Locale.US)) {
|
||||
case "ABORT": case "ACTION": case "ADD": case "AFTER":
|
||||
case "ALL": case "ALTER": case "ANALYZE": case "AND":
|
||||
case "AS": case "ASC": case "ATTACH": case "AUTOINCREMENT":
|
||||
case "BEFORE": case "BEGIN": case "BETWEEN": case "BINARY":
|
||||
case "BY": case "CASCADE": case "CASE": case "CAST":
|
||||
case "CHECK": case "COLLATE": case "COLUMN": case "COMMIT":
|
||||
case "CONFLICT": case "CONSTRAINT": case "CREATE": case "CROSS":
|
||||
case "CURRENT": case "CURRENT_DATE": case "CURRENT_TIME": case "CURRENT_TIMESTAMP":
|
||||
case "DATABASE": case "DEFAULT": case "DEFERRABLE": case "DEFERRED":
|
||||
case "DELETE": case "DESC": case "DETACH": case "DISTINCT":
|
||||
case "DO": case "DROP": case "EACH": case "ELSE":
|
||||
case "END": case "ESCAPE": case "EXCEPT": case "EXCLUDE":
|
||||
case "EXCLUSIVE": case "EXISTS": case "EXPLAIN": case "FAIL":
|
||||
case "FILTER": case "FOLLOWING": case "FOR": case "FOREIGN":
|
||||
case "FROM": case "FULL": case "GLOB": case "GROUP":
|
||||
case "GROUPS": case "HAVING": case "IF": case "IGNORE":
|
||||
case "IMMEDIATE": case "IN": case "INDEX": case "INDEXED":
|
||||
case "INITIALLY": case "INNER": case "INSERT": case "INSTEAD":
|
||||
case "INTERSECT": case "INTO": case "IS": case "ISNULL":
|
||||
case "JOIN": case "KEY": case "LEFT": case "LIKE":
|
||||
case "LIMIT": case "MATCH": case "NATURAL": case "NO":
|
||||
case "NOCASE": case "NOT": case "NOTHING": case "NOTNULL":
|
||||
case "NULL": case "OF": case "OFFSET": case "ON":
|
||||
case "OR": case "ORDER": case "OTHERS": case "OUTER":
|
||||
case "OVER": case "PARTITION": case "PLAN": case "PRAGMA":
|
||||
case "PRECEDING": case "PRIMARY": case "QUERY": case "RAISE":
|
||||
case "RANGE": case "RECURSIVE": case "REFERENCES": case "REGEXP":
|
||||
case "REINDEX": case "RELEASE": case "RENAME": case "REPLACE":
|
||||
case "RESTRICT": case "RIGHT": case "ROLLBACK": case "ROW":
|
||||
case "ROWS": case "RTRIM": case "SAVEPOINT": case "SELECT":
|
||||
case "SET": case "TABLE": case "TEMP": case "TEMPORARY":
|
||||
case "THEN": case "TIES": case "TO": case "TRANSACTION":
|
||||
case "TRIGGER": case "UNBOUNDED": case "UNION": case "UNIQUE":
|
||||
case "UPDATE": case "USING": case "VACUUM": case "VALUES":
|
||||
case "VIEW": case "VIRTUAL": case "WHEN": case "WHERE":
|
||||
case "WINDOW": case "WITH": case "WITHOUT":
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if given token is a
|
||||
* <a href="https://www.sqlite.org/lang_corefunc.html">SQLite reserved
|
||||
* function</a>.
|
||||
*/
|
||||
public static boolean isFunction(@NonNull String token) {
|
||||
switch (token.toLowerCase(Locale.US)) {
|
||||
case "abs": case "avg": case "char": case "coalesce":
|
||||
case "count": case "glob": case "group_concat": case "hex":
|
||||
case "ifnull": case "instr": case "length": case "like":
|
||||
case "likelihood": case "likely": case "lower": case "ltrim":
|
||||
case "max": case "min": case "nullif": case "random":
|
||||
case "randomblob": case "replace": case "round": case "rtrim":
|
||||
case "substr": case "sum": case "total": case "trim":
|
||||
case "typeof": case "unicode": case "unlikely": case "upper":
|
||||
case "zeroblob":
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if given token is a
|
||||
* <a href="https://www.sqlite.org/datatype3.html">SQLite reserved type</a>.
|
||||
*/
|
||||
public static boolean isType(@NonNull String token) {
|
||||
switch (token.toUpperCase(Locale.US)) {
|
||||
case "INT": case "INTEGER": case "TINYINT": case "SMALLINT":
|
||||
case "MEDIUMINT": case "BIGINT": case "INT2": case "INT8":
|
||||
case "CHARACTER": case "VARCHAR": case "NCHAR": case "NVARCHAR":
|
||||
case "TEXT": case "CLOB": case "BLOB": case "REAL":
|
||||
case "DOUBLE": case "FLOAT": case "NUMERIC": case "DECIMAL":
|
||||
case "BOOLEAN": case "DATE": case "DATETIME":
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue