Browse Source

Merge pull request #10429 in CORE/base-third from release/11.0 to bugfix/11.0

* commit 'faca6e0eb05465901aa767fbcd622faefa7bc7dc':
  REPORT-113277 Hibernate组件修复CVE漏洞
bugfix/11.0
superman 9 months ago
parent
commit
1265af8054
  1. 13
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/dialect/Dialect.java
  2. 40
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/jpa/criteria/expression/LiteralExpression.java
  3. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.java
  4. 4
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Delete.java
  5. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Insert.java
  6. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/InsertSelect.java
  7. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/QuerySelect.java
  8. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Select.java
  9. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/SimpleSelect.java
  10. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Update.java

13
fine-hibernate/src/main/java/com/fr/third/org/hibernate/dialect/Dialect.java

@ -24,6 +24,7 @@ import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.Properties; import java.util.Properties;
import java.util.Set; import java.util.Set;
import java.util.regex.Pattern;
import com.fr.third.org.hibernate.HibernateException; import com.fr.third.org.hibernate.HibernateException;
import com.fr.third.org.hibernate.LockMode; import com.fr.third.org.hibernate.LockMode;
@ -140,6 +141,10 @@ public abstract class Dialect implements ConversionContext {
*/ */
public static final String CLOSED_QUOTE = "`\"]"; public static final String CLOSED_QUOTE = "`\"]";
private static final Pattern ESCAPE_CLOSING_COMMENT_PATTERN = Pattern.compile("\\*/");
private static final Pattern ESCAPE_OPENING_COMMENT_PATTERN = Pattern.compile("/\\*");
private final TypeNames typeNames = new TypeNames(); private final TypeNames typeNames = new TypeNames();
private final TypeNames hibernateTypeNames = new TypeNames(); private final TypeNames hibernateTypeNames = new TypeNames();
@ -2738,6 +2743,14 @@ public abstract class Dialect implements ConversionContext {
return StandardCallableStatementSupport.NO_REF_CURSOR_INSTANCE; return StandardCallableStatementSupport.NO_REF_CURSOR_INSTANCE;
} }
public static String escapeComment(String comment) {
if (StringHelper.isNotEmpty(comment)) {
final String escaped = ESCAPE_CLOSING_COMMENT_PATTERN.matcher(comment).replaceAll("*\\\\/");
return ESCAPE_OPENING_COMMENT_PATTERN.matcher(escaped).replaceAll("/\\\\*");
}
return comment;
}
/** /**
* By default interpret this based on DatabaseMetaData. * By default interpret this based on DatabaseMetaData.
* *

40
fine-hibernate/src/main/java/com/fr/third/org/hibernate/jpa/criteria/expression/LiteralExpression.java

@ -58,19 +58,35 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
return ':' + parameterName; return ':' + parameterName;
} }
@SuppressWarnings({ "unchecked" }) /**
public String renderProjection(RenderingContext renderingContext) { * Inline String literal.
// some drivers/servers do not like parameters in the select clause *
final ValueHandlerFactory.ValueHandler handler = * @return escaped String
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() ); */
if ( ValueHandlerFactory.isCharacter( literal ) ) { private String inlineLiteral(String literal) {
return '\'' + handler.render( literal ) + '\''; return String.format("\'%s\'", escapeLiteral(literal));
} }
else {
return handler.render( literal ); /**
} * Escape String literal.
} *
* @return escaped String
*/
private String escapeLiteral(String literal) {
return literal.replace("'", "''");
}
@SuppressWarnings({"unchecked"})
public String renderProjection(RenderingContext renderingContext) {
if (ValueHandlerFactory.isCharacter(literal)) {
// In case literal is a Character, pass literal.toString() as the argument.
return inlineLiteral(literal.toString());
}
// some drivers/servers do not like parameters in the select clause
final ValueHandlerFactory.ValueHandler handler =
ValueHandlerFactory.determineAppropriateHandler(literal.getClass());
return handler.render(literal);
}
@Override @Override
@SuppressWarnings({ "unchecked" }) @SuppressWarnings({ "unchecked" })
protected void resetJavaType(Class targetType) { protected void resetJavaType(Class targetType) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.java

@ -187,7 +187,7 @@ public class SelectStatementBuilder {
StringBuilder buf = new StringBuilder( guesstimatedBufferSize ); StringBuilder buf = new StringBuilder( guesstimatedBufferSize );
if ( StringHelper.isNotEmpty( comment ) ) { if ( StringHelper.isNotEmpty( comment ) ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append( "select " ) buf.append( "select " )

4
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Delete.java

@ -5,6 +5,8 @@
* See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>. * See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
*/ */
package com.fr.third.org.hibernate.sql; package com.fr.third.org.hibernate.sql;
import com.fr.third.org.hibernate.dialect.Dialect;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
@ -36,7 +38,7 @@ public class Delete {
public String toStatementString() { public String toStatementString() {
StringBuilder buf = new StringBuilder( tableName.length() + 10 ); StringBuilder buf = new StringBuilder( tableName.length() + 10 );
if ( comment!=null ) { if ( comment!=null ) {
buf.append( "/* " ).append(comment).append( " */ " ); buf.append( "/* " ).append(Dialect.escapeComment(comment)).append( " */ " );
} }
buf.append( "delete from " ).append(tableName); buf.append( "delete from " ).append(tableName);
if ( where != null || !primaryKeyColumns.isEmpty() || versionColumnName != null ) { if ( where != null || !primaryKeyColumns.isEmpty() || versionColumnName != null ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Insert.java

@ -90,7 +90,7 @@ public class Insert {
public String toStatementString() { public String toStatementString() {
StringBuilder buf = new StringBuilder( columns.size()*15 + tableName.length() + 10 ); StringBuilder buf = new StringBuilder( columns.size()*15 + tableName.length() + 10 );
if ( comment != null ) { if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append("insert into ") buf.append("insert into ")
.append(tableName); .append(tableName);

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/InsertSelect.java

@ -65,7 +65,7 @@ public class InsertSelect {
StringBuilder buf = new StringBuilder( (columnNames.size() * 15) + tableName.length() + 10 ); StringBuilder buf = new StringBuilder( (columnNames.size() * 15) + tableName.length() + 10 );
if ( comment!=null ) { if ( comment!=null ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append( "insert into " ).append( tableName ); buf.append( "insert into " ).append( tableName );
if ( !columnNames.isEmpty() ) { if ( !columnNames.isEmpty() ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/QuerySelect.java

@ -126,7 +126,7 @@ public class QuerySelect {
public String toQueryString() { public String toQueryString() {
StringBuilder buf = new StringBuilder( 50 ); StringBuilder buf = new StringBuilder( 50 );
if ( comment != null ) { if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append( "select " ); buf.append( "select " );
if ( distinct ) { if ( distinct ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Select.java

@ -40,7 +40,7 @@ public class Select {
public String toStatementString() { public String toStatementString() {
StringBuilder buf = new StringBuilder(guesstimatedBufferSize); StringBuilder buf = new StringBuilder(guesstimatedBufferSize);
if ( StringHelper.isNotEmpty(comment) ) { if ( StringHelper.isNotEmpty(comment) ) {
buf.append("/* ").append(comment).append(" */ "); buf.append("/* ").append(Dialect.escapeComment(comment)).append(" */ ");
} }
buf.append("select ").append(selectClause) buf.append("select ").append(selectClause)

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/SimpleSelect.java

@ -143,7 +143,7 @@ public class SimpleSelect {
); );
if ( comment != null ) { if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append( "select " ); buf.append( "select " );

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Update.java

@ -166,7 +166,7 @@ public class Update {
public String toStatementString() { public String toStatementString() {
StringBuilder buf = new StringBuilder( (columns.size() * 15) + tableName.length() + 10 ); StringBuilder buf = new StringBuilder( (columns.size() * 15) + tableName.length() + 10 );
if ( comment!=null ) { if ( comment!=null ) {
buf.append( "/* " ).append( comment ).append( " */ " ); buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
} }
buf.append( "update " ).append( tableName ).append( " set " ); buf.append( "update " ).append( tableName ).append( " set " );
boolean assignmentsAppended = false; boolean assignmentsAppended = false;

Loading…
Cancel
Save