• Jeff Sharkey's avatar
    DO NOT MERGE. Execute "strict" queries with extra parentheses. · 1a161653
    Jeff Sharkey authored
    SQLiteQueryBuilder has a setStrict() mode which can be used to
    detect SQL attacks from untrusted sources, which it does by running
    each query twice: once with an extra set of parentheses, and if that
    succeeds, it runs the original query verbatim.
    
    This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
    creates valid statements for both tests above, but the final executed
    query ends up leaking data due to SQLite operator precedence.
    
    Instead, we need to continue compiling both variants, but we need
    to execute the query with the additional parentheses to ensure
    data won't be leaked.
    
    Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
    Bug: 111085900
    Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
    Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
    (cherry picked from commit 5a55a72f)
    1a161653
Name
Last commit
Last update
apct-tests/perftests Loading commit data...
api Loading commit data...
cmds Loading commit data...
config Loading commit data...
core Loading commit data...
data Loading commit data...
docs Loading commit data...
drm Loading commit data...
graphics/java/android Loading commit data...
keystore Loading commit data...
legacy-test Loading commit data...
libs Loading commit data...
location Loading commit data...
lowpan Loading commit data...
media Loading commit data...
native Loading commit data...
nfc-extras Loading commit data...
obex Loading commit data...
opengl/java Loading commit data...
packages Loading commit data...
proto Loading commit data...
rs Loading commit data...
samples/training/network-usage Loading commit data...
sax Loading commit data...
services Loading commit data...
telecomm/java Loading commit data...
telephony/java Loading commit data...
test-runner Loading commit data...
tests Loading commit data...
tools Loading commit data...
vr Loading commit data...
wifi Loading commit data...
Android.bp Loading commit data...
Android.mk Loading commit data...
CleanSpec.mk Loading commit data...
MODULE_LICENSE_APACHE2 Loading commit data...
NOTICE Loading commit data...
PREUPLOAD.cfg Loading commit data...
pathmap.mk Loading commit data...