Skip to content
Snippets Groups Projects
Commit 42124426 authored by brinn's avatar brinn
Browse files

[BIS-260] Fix SQL injections for custom queries 

Add support for getting the index of a token.

SVN: 27602
parent 39034656
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
common/source/java/ch/systemsx/cisd/common/string/Template.java
+ 30
4
View file @ 42124426
...@@ -94,12 +94,15 @@ public class Template ...@@ -94,12 +94,15 @@ public class Template
{ {
private final String variableName; private final String variableName;
private final int variableIndex;
private String value; private String value;
VariableToken(String variablePlaceHolder) VariableToken(String variablePlaceHolder, int variableIndex)
{ {
assert variablePlaceHolder != null : "Unspecified variable place holder."; assert variablePlaceHolder != null : "Unspecified variable place holder.";
this.variableName = variablePlaceHolder; this.variableName = variablePlaceHolder;
this.variableIndex = variableIndex;
} }
@Override @Override
...@@ -122,6 +125,11 @@ public class Template ...@@ -122,6 +125,11 @@ public class Template
{ {
this.value = v; this.value = v;
} }
int getVariableIndex()
{
return variableIndex;
}
} }
private static enum State private static enum State
...@@ -221,6 +229,8 @@ public class Template ...@@ -221,6 +229,8 @@ public class Template
private final StringBuilder builder; private final StringBuilder builder;
private int index;
TokenBuilder(Map<String, VariableToken> variableTokens, List<IToken> tokens) TokenBuilder(Map<String, VariableToken> variableTokens, List<IToken> tokens)
{ {
this.variableTokens = variableTokens; this.variableTokens = variableTokens;
...@@ -253,7 +263,7 @@ public class Template ...@@ -253,7 +263,7 @@ public class Template
VariableToken token = variableTokens.get(variableName); VariableToken token = variableTokens.get(variableName);
if (token == null) if (token == null)
{ {
token = new VariableToken(variableName); token = new VariableToken(variableName, index++);
variableTokens.put(variableName, token); variableTokens.put(variableName, token);
} }
tokens.add(token); tokens.add(token);
...@@ -303,8 +313,9 @@ public class Template ...@@ -303,8 +313,9 @@ public class Template
LinkedHashMap<String, VariableToken> map = new LinkedHashMap<String, VariableToken>(); LinkedHashMap<String, VariableToken> map = new LinkedHashMap<String, VariableToken>();
for (VariableToken variableToken : variableTokens.values()) for (VariableToken variableToken : variableTokens.values())
{ {
String variableName = variableToken.getVariableName(); final String variableName = variableToken.getVariableName();
map.put(variableName, new VariableToken(variableName)); final int variableIndex = variableToken.getVariableIndex();
map.put(variableName, new VariableToken(variableName, variableIndex));
} }
ArrayList<IToken> list = new ArrayList<IToken>(); ArrayList<IToken> list = new ArrayList<IToken>();
for (IToken token : tokens) for (IToken token : tokens)
...@@ -361,6 +372,21 @@ public class Template ...@@ -361,6 +372,21 @@ public class Template
return true; return true;
} }
/**
* Returns index (position, starting with 0) of the <var>placeholderName</var>, or -1, if the
* place holder name cannot be found in the template.
*/
public int tryGetIndex(String placeholderName)
{
assert placeholderName != null : "Unspecified placeholder name.";
VariableToken variableToken = variableTokens.get(placeholderName);
if (variableToken == null)
{
return -1;
}
return variableToken.getVariableIndex();
}
/** /**
* Creates the text by using all placeholder bindings. * Creates the text by using all placeholder bindings.
* *
......
common/sourceTest/java/ch/systemsx/cisd/common/string/TemplateTest.java
+ 4
0
View file @ 42124426
...@@ -49,6 +49,7 @@ public class TemplateTest ...@@ -49,6 +49,7 @@ public class TemplateTest
{ {
Template template = new Template("hello ${name}!"); Template template = new Template("hello ${name}!");
template.bind("name", "world"); template.bind("name", "world");
assertEquals(0, template.tryGetIndex("name"));
assertEquals("hello world!", template.createText()); assertEquals("hello world!", template.createText());
} }
...@@ -69,6 +70,7 @@ public class TemplateTest ...@@ -69,6 +70,7 @@ public class TemplateTest
Template template = new Template("hello ${name}${name}"); Template template = new Template("hello ${name}${name}");
template.bind("name", "world"); template.bind("name", "world");
assertEquals(1, template.getPlaceholderNames().size()); assertEquals(1, template.getPlaceholderNames().size());
assertEquals(0, template.tryGetIndex("name"));
assertEquals("hello worldworld", template.createText()); assertEquals("hello worldworld", template.createText());
} }
...@@ -82,6 +84,8 @@ public class TemplateTest ...@@ -82,6 +84,8 @@ public class TemplateTest
assertEquals(true, placeholderNames.contains("name")); assertEquals(true, placeholderNames.contains("name"));
assertEquals(true, placeholderNames.contains("name2")); assertEquals(true, placeholderNames.contains("name2"));
assertEquals(2, placeholderNames.size()); assertEquals(2, placeholderNames.size());
assertEquals(0, template.tryGetIndex("name"));
assertEquals(1, template.tryGetIndex("name2"));
assertEquals("hello world, do you know Albert Einstein?", template.createText()); assertEquals("hello world, do you know Albert Einstein?", template.createText());
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment