Browse Source

REPORT-113277 Hibernate组件修复CVE漏洞

release/10.0
lidongy 8 months ago
parent
commit
73e22ef7fc
  1. 12
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/dialect/Dialect.java
  2. 33
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/jpa/criteria/expression/LiteralExpression.java
  3. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.java
  4. 4
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Delete.java
  5. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Insert.java
  6. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/InsertSelect.java
  7. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/QuerySelect.java
  8. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Select.java
  9. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/SimpleSelect.java
  10. 2
      fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Update.java

12
fine-hibernate/src/main/java/com/fr/third/org/hibernate/dialect/Dialect.java

@ -24,6 +24,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import com.fr.third.org.hibernate.HibernateException;
import com.fr.third.org.hibernate.LockMode;
@ -140,6 +141,9 @@ public abstract class Dialect implements ConversionContext {
*/
public static final String CLOSED_QUOTE = "`\"]";
private static final Pattern ESCAPE_CLOSING_COMMENT_PATTERN = Pattern.compile("\\*/");
private static final Pattern ESCAPE_OPENING_COMMENT_PATTERN = Pattern.compile("/\\*");
private final TypeNames typeNames = new TypeNames();
private final TypeNames hibernateTypeNames = new TypeNames();
@ -2738,6 +2742,14 @@ public abstract class Dialect implements ConversionContext {
return StandardCallableStatementSupport.NO_REF_CURSOR_INSTANCE;
}
public static String escapeComment(String comment) {
if (StringHelper.isNotEmpty(comment)) {
final String escaped = ESCAPE_CLOSING_COMMENT_PATTERN.matcher(comment).replaceAll("*\\\\/");
return ESCAPE_OPENING_COMMENT_PATTERN.matcher(escaped).replaceAll("/\\\\*");
}
return comment;
}
/**
* By default interpret this based on DatabaseMetaData.
*

33
fine-hibernate/src/main/java/com/fr/third/org/hibernate/jpa/criteria/expression/LiteralExpression.java

@ -58,17 +58,34 @@ public class LiteralExpression<T> extends ExpressionImpl<T> implements Serializa
return ':' + parameterName;
}
@SuppressWarnings({ "unchecked" })
/**
* Inline String literal.
*
* @return escaped String
*/
private String inlineLiteral(String literal) {
return String.format("\'%s\'", escapeLiteral(literal));
}
/**
* Escape String literal.
*
* @return escaped String
*/
private String escapeLiteral(String literal) {
return literal.replace("'", "''");
}
@SuppressWarnings({"unchecked"})
public String renderProjection(RenderingContext renderingContext) {
if (ValueHandlerFactory.isCharacter(literal)) {
// In case literal is a Character, pass literal.toString() as the argument.
return inlineLiteral(literal.toString());
}
// some drivers/servers do not like parameters in the select clause
final ValueHandlerFactory.ValueHandler handler =
ValueHandlerFactory.determineAppropriateHandler( literal.getClass() );
if ( ValueHandlerFactory.isCharacter( literal ) ) {
return '\'' + handler.render( literal ) + '\'';
}
else {
return handler.render( literal );
}
ValueHandlerFactory.determineAppropriateHandler(literal.getClass());
return handler.render(literal);
}
@Override

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.java

@ -187,7 +187,7 @@ public class SelectStatementBuilder {
StringBuilder buf = new StringBuilder( guesstimatedBufferSize );
if ( StringHelper.isNotEmpty( comment ) ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append( "select " )

4
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Delete.java

@ -5,6 +5,8 @@
* See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
*/
package com.fr.third.org.hibernate.sql;
import com.fr.third.org.hibernate.dialect.Dialect;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
@ -36,7 +38,7 @@ public class Delete {
public String toStatementString() {
StringBuilder buf = new StringBuilder( tableName.length() + 10 );
if ( comment!=null ) {
buf.append( "/* " ).append(comment).append( " */ " );
buf.append( "/* " ).append(Dialect.escapeComment(comment)).append( " */ " );
}
buf.append( "delete from " ).append(tableName);
if ( where != null || !primaryKeyColumns.isEmpty() || versionColumnName != null ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Insert.java

@ -90,7 +90,7 @@ public class Insert {
public String toStatementString() {
StringBuilder buf = new StringBuilder( columns.size()*15 + tableName.length() + 10 );
if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append("insert into ")
.append(tableName);

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/InsertSelect.java

@ -65,7 +65,7 @@ public class InsertSelect {
StringBuilder buf = new StringBuilder( (columnNames.size() * 15) + tableName.length() + 10 );
if ( comment!=null ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append( "insert into " ).append( tableName );
if ( !columnNames.isEmpty() ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/QuerySelect.java

@ -126,7 +126,7 @@ public class QuerySelect {
public String toQueryString() {
StringBuilder buf = new StringBuilder( 50 );
if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append( "select " );
if ( distinct ) {

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Select.java

@ -40,7 +40,7 @@ public class Select {
public String toStatementString() {
StringBuilder buf = new StringBuilder(guesstimatedBufferSize);
if ( StringHelper.isNotEmpty(comment) ) {
buf.append("/* ").append(comment).append(" */ ");
buf.append("/* ").append(Dialect.escapeComment(comment)).append(" */ ");
}
buf.append("select ").append(selectClause)

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/SimpleSelect.java

@ -143,7 +143,7 @@ public class SimpleSelect {
);
if ( comment != null ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append( "select " );

2
fine-hibernate/src/main/java/com/fr/third/org/hibernate/sql/Update.java

@ -166,7 +166,7 @@ public class Update {
public String toStatementString() {
StringBuilder buf = new StringBuilder( (columns.size() * 15) + tableName.length() + 10 );
if ( comment!=null ) {
buf.append( "/* " ).append( comment ).append( " */ " );
buf.append( "/* " ).append( Dialect.escapeComment(comment) ).append( " */ " );
}
buf.append( "update " ).append( tableName ).append( " set " );
boolean assignmentsAppended = false;

Loading…
Cancel
Save