Fixing the security issue due to not using prepared statement

4.x.x
geethkokila 8 years ago
parent 6c611a8e39
commit 7359b4c536

@ -26,18 +26,18 @@ import java.util.Map;
public interface QueryBuilder { public interface QueryBuilder {
Map<String, List<String>> buildQueries(List<Condition> conditions) throws InvalidOperatorException; Map<String, List<QueryHolder>> buildQueries(List<Condition> conditions) throws InvalidOperatorException;
String processAND(List<Condition> conditions) throws InvalidOperatorException; String processAND(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException;
String processOR(List<Condition> conditions) throws InvalidOperatorException; String processOR(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException;
List<String> processLocation(Condition condition) throws InvalidOperatorException; List<QueryHolder> processLocation(Condition condition) throws InvalidOperatorException;
List<String> processANDProperties(List<Condition> conditions) throws InvalidOperatorException; List<QueryHolder> processANDProperties(List<Condition> conditions) throws InvalidOperatorException;
List<String> processORProperties(List<Condition> conditions) throws InvalidOperatorException; List<QueryHolder> processORProperties(List<Condition> conditions) throws InvalidOperatorException;
String processUpdatedDevices(long epochTime) throws InvalidOperatorException; QueryHolder processUpdatedDevices(long epochTime) throws InvalidOperatorException;
} }

@ -62,27 +62,32 @@ public class ProcessorImpl implements Processor {
@Override @Override
public List<Device> execute(SearchContext searchContext) throws SearchMgtException { public List<Device> execute(SearchContext searchContext) throws SearchMgtException {
if(!Utils.validateOperators(searchContext.getConditions())){
throw new SearchMgtException("Invalid validator is provided.");
}
QueryBuilder queryBuilder = new QueryBuilderImpl(); QueryBuilder queryBuilder = new QueryBuilderImpl();
List<Device> generalDevices = new ArrayList<>(); List<Device> generalDevices = new ArrayList<>();
List<List<Device>> allANDDevices = new ArrayList<>(); List<List<Device>> allANDDevices = new ArrayList<>();
List<List<Device>> allORDevices = new ArrayList<>(); List<List<Device>> allORDevices = new ArrayList<>();
List<Device> locationDevices = new ArrayList<>(); List<Device> locationDevices = new ArrayList<>();
try { try {
Map<String, List<String>> queries = queryBuilder.buildQueries(searchContext.getConditions());
DeviceManagementDAOFactory.openConnection(); DeviceManagementDAOFactory.openConnection();
Map<String, List<QueryHolder>> queries = queryBuilder.buildQueries(searchContext.getConditions());
if (queries.containsKey(Constants.GENERAL)) { if (queries.containsKey(Constants.GENERAL)) {
generalDevices = searchDeviceDetailsTable(queries.get(Constants.GENERAL).get(0)); generalDevices = searchDeviceDetailsTable(queries.get(Constants.GENERAL).get(0));
} }
if (queries.containsKey(Constants.PROP_AND)) { if (queries.containsKey(Constants.PROP_AND)) {
for (String query : queries.get(Constants.PROP_AND)) { for (QueryHolder queryHolder : queries.get(Constants.PROP_AND)) {
List<Device> andDevices = searchDeviceDetailsTable(query); List<Device> andDevices = searchDeviceDetailsTable(queryHolder);
allANDDevices.add(andDevices); allANDDevices.add(andDevices);
} }
} }
if (queries.containsKey(Constants.PROP_OR)) { if (queries.containsKey(Constants.PROP_OR)) {
for (String query : queries.get(Constants.PROP_OR)) { for (QueryHolder queryHolder : queries.get(Constants.PROP_OR)) {
List<Device> orDevices = searchDeviceDetailsTable(query); List<Device> orDevices = searchDeviceDetailsTable(queryHolder);
allORDevices.add(orDevices); allORDevices.add(orDevices);
} }
} }
@ -141,12 +146,12 @@ public class ProcessorImpl implements Processor {
@Override @Override
public List<Device> getUpdatedDevices(long epochTime) throws SearchMgtException { public List<Device> getUpdatedDevices(long epochTime) throws SearchMgtException {
if((1 + (int)Math.floor(Math.log10(epochTime))) <=10 ) { if ((1 + (int) Math.floor(Math.log10(epochTime))) <= 10) {
epochTime = epochTime * 1000; epochTime = epochTime * 1000;
} }
QueryBuilder queryBuilder = new QueryBuilderImpl(); QueryBuilder queryBuilder = new QueryBuilderImpl();
try { try {
String query = queryBuilder.processUpdatedDevices(epochTime); QueryHolder query = queryBuilder.processUpdatedDevices(epochTime);
DeviceManagementDAOFactory.openConnection(); DeviceManagementDAOFactory.openConnection();
return searchDeviceDetailsTable(query); return searchDeviceDetailsTable(query);
} catch (InvalidOperatorException e) { } catch (InvalidOperatorException e) {
@ -218,7 +223,7 @@ public class ProcessorImpl implements Processor {
for (List<Device> devices : deLists) { for (List<Device> devices : deLists) {
Map<Integer, Device> deviceMap = new HashMap<>(); Map<Integer, Device> deviceMap = new HashMap<>();
for (Device device: devices) { for (Device device : devices) {
deviceMap.put(device.getId(), device); deviceMap.put(device.getId(), device);
} }
maps.add(deviceMap); maps.add(deviceMap);
@ -241,9 +246,9 @@ public class ProcessorImpl implements Processor {
} }
} }
private List<Device> searchDeviceDetailsTable(String query) throws SearchDAOException { private List<Device> searchDeviceDetailsTable(QueryHolder queryHolder) throws SearchDAOException {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Query : " + query); log.debug("Query : " + queryHolder.getQuery());
} }
Connection conn; Connection conn;
PreparedStatement stmt = null; PreparedStatement stmt = null;
@ -252,7 +257,26 @@ public class ProcessorImpl implements Processor {
Map<Integer, Integer> devs = new HashMap<>(); Map<Integer, Integer> devs = new HashMap<>();
try { try {
conn = this.getConnection(); conn = this.getConnection();
stmt = conn.prepareStatement(query); stmt = conn.prepareStatement(queryHolder.getQuery());
int x = 1;
ValueType[] types = queryHolder.getTypes();
for (ValueType type : types) {
if (type.getColumnType().equals(ValueType.columnType.STRING)) {
stmt.setString(x, type.getStringValue());
x++;
} else if (type.getColumnType().equals(ValueType.columnType.INTEGER)) {
stmt.setInt(x, type.getIntValue());
x++;
} else if (type.getColumnType().equals(ValueType.columnType.LONG)){
stmt.setLong(x, type.getLongValue());
x++;
} else if(type.getColumnType().equals(ValueType.columnType.DOUBLE)){
stmt.setDouble(x, type.getDoubleValue());
x++;
}
}
rs = stmt.executeQuery(); rs = stmt.executeQuery();
while (rs.next()) { while (rs.next()) {
if (!devs.containsKey(rs.getInt("ID"))) { if (!devs.containsKey(rs.getInt("ID"))) {
@ -362,8 +386,8 @@ public class ProcessorImpl implements Processor {
} }
} catch (SQLException e) { } catch (SQLException e) {
throw new SearchDAOException("Error occurred while retrieving the device properties.", e); throw new SearchDAOException("Error occurred while retrieving the device properties.", e);
} finally { } finally {
DeviceManagementDAOUtil.cleanupResources(stmt,rs); DeviceManagementDAOUtil.cleanupResources(stmt, rs);
} }
return devices; return devices;
} }

@ -23,9 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.search.Condition; import org.wso2.carbon.device.mgt.common.search.Condition;
import org.wso2.carbon.device.mgt.core.search.mgt.Constants; import org.wso2.carbon.device.mgt.core.search.mgt.*;
import org.wso2.carbon.device.mgt.core.search.mgt.InvalidOperatorException;
import org.wso2.carbon.device.mgt.core.search.mgt.QueryBuilder;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
@ -41,7 +39,7 @@ public class QueryBuilderImpl implements QueryBuilder {
private boolean isDeviceAdminUser; private boolean isDeviceAdminUser;
@Override @Override
public Map<String, List<String>> buildQueries(List<Condition> conditions) throws InvalidOperatorException { public Map<String, List<QueryHolder>> buildQueries(List<Condition> conditions) throws InvalidOperatorException {
List<Condition> andColumns = new ArrayList<>(); List<Condition> andColumns = new ArrayList<>();
List<Condition> orColumns = new ArrayList<>(); List<Condition> orColumns = new ArrayList<>();
List<Condition> otherANDColumns = new ArrayList<>(); List<Condition> otherANDColumns = new ArrayList<>();
@ -82,10 +80,27 @@ public class QueryBuilderImpl implements QueryBuilder {
} }
} }
Map<String, List<String>> queries = new HashMap<>(); Map<String, List<QueryHolder>> queries = new HashMap<>();
if ((!andColumns.isEmpty()) || (!orColumns.isEmpty())) { if ((!andColumns.isEmpty()) || (!orColumns.isEmpty())) {
queries.put(Constants.GENERAL, Utils.convertStringToList(this.getGenericQueryPart() + this.processAND(andColumns) + // Size is taken as the sum of both columns and for tenant id.
this.processOR(orColumns))); ValueType valueTypeArray[] = new ValueType[andColumns.size() + orColumns.size() + 1];
// String query =Utils.convertStringToList(
// passing the integer value to the x so that array is correctly passed.
Integer intArr[] = new Integer[1];
intArr[0] = 1;
//int x = 1;
String query = this.getGenericQueryPart(valueTypeArray) +
this.processAND(andColumns, valueTypeArray, intArr) +
this.processOR(orColumns, valueTypeArray, intArr);
List<QueryHolder> queryHolders = new ArrayList<>();
QueryHolder queryHolder = new QueryHolder();
queryHolder.setQuery(query);
queryHolder.setTypes(valueTypeArray);
queryHolders.add(queryHolder);
queries.put(Constants.GENERAL, queryHolders);
} }
if (!otherANDColumns.isEmpty()) { if (!otherANDColumns.isEmpty()) {
queries.put(Constants.PROP_AND, this.processANDProperties(otherANDColumns)); queries.put(Constants.PROP_AND, this.processANDProperties(otherANDColumns));
@ -108,124 +123,262 @@ public class QueryBuilderImpl implements QueryBuilder {
} }
@Override @Override
public String processAND(List<Condition> conditions) throws InvalidOperatorException { public String processAND(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException {
String querySuffix = ""; String querySuffix = "";
for (Condition con : conditions) { try {
if (Utils.checkDeviceDetailsColumns(con.getKey())) { // TODO: find upto what address location of the array has filled.
if (con.operator.equals(WILDCARD_OPERATOR)){ int x = intArr[0];
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) for (Condition con : conditions) {
+ " LIKE \'%" + con.getValue() + "%\'"; if (Utils.checkDeviceDetailsColumns(con.getKey())) {
} else { if (con.operator.equals(WILDCARD_OPERATOR)) {
querySuffix = querySuffix + " AND DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey())
.getOperator() + Utils.getConvertedValue(con.getKey(), con.getValue()); + " LIKE ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue("%"+con.getValue()+"%");
valueType[x] = type;
x++;
} else {
querySuffix = querySuffix + " AND DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con
.getOperator() + " ? ";
ValueType type = new ValueType();
if (Utils.checkColumnType(con.getKey())) {
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(Utils.getConvertedValue(con.getKey(), con.getValue()));
} else {
type.setColumnType(ValueType.columnType.INTEGER);
type.setIntValue(Integer.parseInt(Utils.getConvertedValue(con.getKey(), con.getValue())));
}
valueType[x] = type;
x++;
}
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix = querySuffix + " AND DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase()) +
con.getOperator() + " ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(con.getValue());
valueType[x] = type;
x++;
} }
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix = querySuffix + " AND DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase()) +
con.getOperator() + con.getValue();
} }
intArr[0] = x;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
} }
return querySuffix; return querySuffix;
} }
@Override @Override
public String processOR(List<Condition> conditions) throws InvalidOperatorException { public String processOR(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException {
String querySuffix = ""; String querySuffix = "";
for (Condition con : conditions) { // TODO: find upto what address location of the array has filled.
if (Utils.checkDeviceDetailsColumns(con.getKey())) { try {
if (con.operator.equals(WILDCARD_OPERATOR)) { int x = intArr[0];
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) for (Condition con : conditions) {
+ " LIKE \'%" + con.getValue() + "%\'"; if (Utils.checkDeviceDetailsColumns(con.getKey())) {
} else { if (con.operator.equals(WILDCARD_OPERATOR)) {
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey())
.getOperator() + Utils.getConvertedValue(con.getKey(), con.getValue()); + " LIKE ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue("%"+con.getValue()+"%");
valueType[x] = type;
x++;
} else {
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con
.getOperator() + " ? ";
ValueType type = new ValueType();
if (Utils.checkColumnType(con.getKey())) {
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(Utils.getConvertedValue(con.getKey(), con.getValue()));
} else {
type.setColumnType(ValueType.columnType.INTEGER);
type.setIntValue(Integer.parseInt(Utils.getConvertedValue(con.getKey(), con.getValue())));
}
valueType[x] = type;
x++;
}
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix =
querySuffix + " OR DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase())
+ con.getOperator() + " ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(con.getValue());
valueType[x] = type;
x++;
} }
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix =
querySuffix + " OR DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase())
+ con.getOperator() + con.getValue();
} }
intArr[0] = x;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
} }
return querySuffix; return querySuffix;
} }
@Override @Override
public List<String> processLocation(Condition condition) throws InvalidOperatorException { public List<QueryHolder> processLocation(Condition condition) throws InvalidOperatorException {
List<String> queryList = new ArrayList<>(); List<QueryHolder> queryHolders = new ArrayList<>();
queryList.add(this.buildLocationQuery(condition.getValue())); queryHolders.add(this.buildLocationQuery(condition.getValue()));
return queryList; return queryHolders;
} }
@Override @Override
public List<String> processANDProperties(List<Condition> conditions) throws InvalidOperatorException { public List<QueryHolder> processANDProperties(List<Condition> conditions) throws InvalidOperatorException {
return this.getQueryList(conditions); return this.getQueryList(conditions);
} }
@Override @Override
public List<String> processORProperties(List<Condition> conditions) throws InvalidOperatorException { public List<QueryHolder> processORProperties(List<Condition> conditions) throws InvalidOperatorException {
return this.getQueryList(conditions); return this.getQueryList(conditions);
} }
@Override @Override
public String processUpdatedDevices(long epochTime) throws InvalidOperatorException { public QueryHolder processUpdatedDevices(long epochTime) throws InvalidOperatorException {
return this.getGenericQueryPart() + " AND ( DD.UPDATE_TIMESTAMP > " + epochTime + try {
" OR DL.UPDATE_TIMESTAMP > " + epochTime + " )"; ValueType valueTypeArray[] = new ValueType[3];
String query = this.getGenericQueryPart(valueTypeArray) + " AND ( DD.UPDATE_TIMESTAMP > ? " +
"OR DL.UPDATE_TIMESTAMP > ? )";
ValueType val1 = new ValueType();
val1.setColumnType(ValueType.columnType.LONG);
val1.setLongValue(epochTime);
valueTypeArray[1] = val1;
ValueType val2 = new ValueType();
val2.setColumnType(ValueType.columnType.LONG);
val2.setLongValue(epochTime);
valueTypeArray[2] = val2;
QueryHolder queryHolder = new QueryHolder();
queryHolder.setQuery(query);
queryHolder.setTypes(valueTypeArray);
return queryHolder;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the for the updated devices.", e);
}
} }
private List<String> getQueryList(List<Condition> conditions) { private List<QueryHolder> getQueryList(List<Condition> conditions) throws InvalidOperatorException {
List<String> queryList = new ArrayList<>(); try {
for (Condition con : conditions) { List<QueryHolder> queryHolders = new ArrayList<>();
for (Condition con : conditions) {
QueryHolder query = new QueryHolder();
ValueType valueTypeArray[] = new ValueType[3];
String querySuffix = this.getPropertyQueryPart(valueTypeArray) + " AND DI.KEY_FIELD = " + " ? " +
" AND DI.VALUE_FIELD " + con.getOperator() + " ? ";
ValueType key = new ValueType();
key.setColumnType(ValueType.columnType.STRING);
key.setStringValue(con.getKey());
valueTypeArray[1] = key;
ValueType value = new ValueType();
value.setColumnType(ValueType.columnType.STRING);
value.setStringValue(con.getValue());
valueTypeArray[2] = value;
String querySuffix = this.getPropertyQueryPart() + " AND DI.KEY_FIELD = " + "\'" + con.getKey() + "\'" + query.setQuery(querySuffix);
" AND DI.VALUE_FIELD " + con.getOperator() + "\'" + con.getValue() + "\'"; query.setTypes(valueTypeArray);
queryList.add(querySuffix);
queryHolders.add(query);
}
return queryHolders;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
} }
return queryList;
} }
private String buildLocationQuery(String location) { private QueryHolder buildLocationQuery(String location) throws InvalidOperatorException {
try {
ValueType valueTypeArray[] = new ValueType[7];
String query = this.getGenericQueryPart(valueTypeArray);
query = query + " AND (DL.STREET1 LIKE ? ";
query = query + " OR DL.STREET2 LIKE ? ";
query = query + " OR DL.CITY LIKE ? ";
query = query + " OR DL.STATE LIKE ? ";
query = query + " OR DL.COUNTRY LIKE ? ";
query = query + " OR DL.ZIP LIKE ? )";
ValueType value = new ValueType();
value.setColumnType(ValueType.columnType.STRING);
value.setStringValue("%" + location + "%");
// Same location is passed to each place
valueTypeArray[1] = value;
valueTypeArray[2] = value;
valueTypeArray[3] = value;
valueTypeArray[4] = value;
valueTypeArray[5] = value;
valueTypeArray[6] = value;
String query = this.getGenericQueryPart(); QueryHolder queryHolder = new QueryHolder();
query = query + " AND (DL.STREET1 LIKE \'%" + location + "%\'"; queryHolder.setQuery(query);
query = query + " OR DL.STREET2 LIKE \'%" + location + "%\'"; queryHolder.setTypes(valueTypeArray);
query = query + " OR DL.CITY LIKE \'%" + location + "%\'";
query = query + " OR DL.STATE LIKE \'%" + location + "%\'"; return queryHolder;
query = query + " OR DL.COUNTRY LIKE \'%" + location + "%\'"; } catch (Exception e) {
query = query + " OR DL.ZIP LIKE \'%" + location + "%\')"; throw new InvalidOperatorException("Error occurred while building the sql for location.", e);
return query; }
} }
private String getGenericQueryPart() { private String getGenericQueryPart(ValueType[] valueTypeArray) throws InvalidOperatorException {
return "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" + try {
"D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" + String query = "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
"DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" + "D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" +
"DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" + "DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" +
"DD.EXTERNAL_TOTAL_MEMORY, DD.EXTERNAL_AVAILABLE_MEMORY, DD.CONNECTION_TYPE, \n" + "DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" +
"DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" + "DD.EXTERNAL_TOTAL_MEMORY, DD.EXTERNAL_AVAILABLE_MEMORY, DD.CONNECTION_TYPE, \n" +
"DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" + "DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" +
"DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DE.OWNER, DE.OWNERSHIP, DE.STATUS " + "DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" +
"AS DE_STATUS FROM DM_DEVICE_DETAIL AS DD INNER JOIN DM_DEVICE AS D ON D.ID=DD.DEVICE_ID\n" + "DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DE.OWNER, DE.OWNERSHIP, DE.STATUS " +
"LEFT JOIN DM_DEVICE_LOCATION AS DL ON DL.DEVICE_ID=D.ID \n" + "AS DE_STATUS FROM DM_DEVICE_DETAIL AS DD INNER JOIN DM_DEVICE AS D ON D.ID=DD.DEVICE_ID\n" +
"INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" + "LEFT JOIN DM_DEVICE_LOCATION AS DL ON DL.DEVICE_ID=D.ID \n" +
"INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" + "INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" +
"WHERE D.TENANT_ID = " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); "INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" +
"WHERE D.TENANT_ID = ? ";
ValueType type = new ValueType();
type.setIntValue(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
type.setColumnType(ValueType.columnType.INTEGER);
valueTypeArray[0] = type;
return query;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
} }
private String getPropertyQueryPart() { private String getPropertyQueryPart(ValueType[] valueTypeArray) throws InvalidOperatorException {
return "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" + try {
"D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" + String query = "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
"DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" + "D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" +
"DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" + "DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" +
"DD.EXTERNAL_TOTAL_MEMORY, DD.EXTERNAL_AVAILABLE_MEMORY, DD.CONNECTION_TYPE, \n" + "DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" +
"DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" + "DD.EXTERNAL_TOTAL_MEMORY, DD.EXTERNAL_AVAILABLE_MEMORY, DD.CONNECTION_TYPE, \n" +
"DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" + "DD.SSID, DD.CPU_USAGE, DD.TOTAL_RAM_MEMORY, DD.AVAILABLE_RAM_MEMORY, \n" +
"DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DI.KEY_FIELD, DI.VALUE_FIELD, \n" + "DD.PLUGGED_IN, DD.UPDATE_TIMESTAMP, DL.LATITUDE, DL.LONGITUDE, DL.STREET1, DL.STREET2, DL.CITY, DL.ZIP, \n" +
"DE.OWNER, DE.OWNERSHIP, DE.STATUS AS DE_STATUS " + "DL.STATE, DL.COUNTRY, DL.UPDATE_TIMESTAMP AS DL_UPDATED_TIMESTAMP, DI.KEY_FIELD, DI.VALUE_FIELD, \n" +
"FROM DM_DEVICE_DETAIL AS DD INNER JOIN DM_DEVICE AS D ON D.ID=DD.DEVICE_ID\n" + "DE.OWNER, DE.OWNERSHIP, DE.STATUS AS DE_STATUS " +
"LEFT JOIN DM_DEVICE_LOCATION AS DL ON DL.DEVICE_ID=D.ID \n" + "FROM DM_DEVICE_DETAIL AS DD INNER JOIN DM_DEVICE AS D ON D.ID=DD.DEVICE_ID\n" +
"INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" + "LEFT JOIN DM_DEVICE_LOCATION AS DL ON DL.DEVICE_ID=D.ID \n" +
"INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" + "INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" +
"LEFT JOIN DM_DEVICE_INFO AS DI ON DI.DEVICE_ID=D.ID\n" + "INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" +
"WHERE D.TENANT_ID = " + "LEFT JOIN DM_DEVICE_INFO AS DI ON DI.DEVICE_ID=D.ID\n" +
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); "WHERE D.TENANT_ID = ? ";
ValueType type = new ValueType();
type.setIntValue(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
type.setColumnType(ValueType.columnType.INTEGER);
valueTypeArray[0] = type;
return query;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
} }
} }

@ -20,6 +20,7 @@
package org.wso2.carbon.device.mgt.core.search.mgt.impl; package org.wso2.carbon.device.mgt.core.search.mgt.impl;
import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.search.Condition;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
@ -31,6 +32,8 @@ public class Utils {
private static Map<String, String> genericColumnsMap = new HashMap<>(); private static Map<String, String> genericColumnsMap = new HashMap<>();
private static Map<String, String> locationColumnsMap = new HashMap<>(); private static Map<String, String> locationColumnsMap = new HashMap<>();
private static Map<String, String> operators = new HashMap<>();
static { static {
genericColumnsMap.put("deviceModel", "DEVICE_MODEL"); genericColumnsMap.put("deviceModel", "DEVICE_MODEL");
genericColumnsMap.put("vendor", "VENDOR"); genericColumnsMap.put("vendor", "VENDOR");
@ -58,6 +61,18 @@ public class Utils {
locationColumnsMap.put("zip", "STATE"); locationColumnsMap.put("zip", "STATE");
locationColumnsMap.put("country", "COUNTRY"); locationColumnsMap.put("country", "COUNTRY");
//=, >, <, >=, <=, <>, !=, !>, !<
operators.put("=", "=");
operators.put(">", ">");
operators.put("<", "<");
operators.put(">=", ">=");
operators.put("<=", "<=");
operators.put("<>", "<>");
operators.put("!=", "!=");
operators.put("!>", "!>");
operators.put("!<", "!<");
operators.put("%", "%");
} }
public static boolean checkColumnType(String column) { public static boolean checkColumnType(String column) {
@ -142,5 +157,15 @@ public class Utils {
return str.substring(0, str.length() - 1); return str.substring(0, str.length() - 1);
} }
public static boolean validateOperators(List<Condition> conditions) {
for (Condition con : conditions) {
if (!operators.containsKey(con.getOperator())) {
return false;
}
}
return true;
}
} }

@ -47,7 +47,7 @@ var dynamicForm = '<div class="dynamic-search-param row"><div class="row"><a cla
'</option><option value = "vendor">Vendor</option><option value = "osVersion">OS Version' + '</option><option value = "vendor">Vendor</option><option value = "osVersion">OS Version' +
'</option><option value = "batteryLevel">Battery Level</option><option value =' + '</option><option value = "batteryLevel">Battery Level</option><option value =' +
' "internalTotalMemory">Internal Total Memory</option> <option value ="internalAvailableMemory">' + ' "internalTotalMemory">Internal Total Memory</option> <option value ="internalAvailableMemory">' +
'Internal Available Memory</option> <option value = "externalTotalMemory">externalTotalMemory</option>' + 'Internal Available Memory</option> <option value = "externalTotalMemory">External Total Memory</option>' +
' <option value = "externalAvailableMemory">External Available Memory' + ' <option value = "externalAvailableMemory">External Available Memory' +
'</option> <option value = "connectionType">Connection Type</option> <option value =' + '</option> <option value = "connectionType">Connection Type</option> <option value =' +
' "ssid">SSID</option><option value = "cpuUsage">CPU Usage</option><option value = "totalRAMMemory">' + ' "ssid">SSID</option><option value = "cpuUsage">CPU Usage</option><option value = "totalRAMMemory">' +
@ -83,7 +83,7 @@ $(document).ready(function () {
*/ */
function getOperators(keyValue) { function getOperators(keyValue) {
if (nonNumericKeyValuePair.indexOf(keyValue) < 0) { if (nonNumericKeyValuePair.indexOf(keyValue) < 0) {
return '<option> =</option><option> !=</option><option> <</option><option> =<</option><option>' + return '<option> =</option><option> !=</option><option> <</option><option> <=</option><option>' +
' ></option><option> >=</option>'; ' ></option><option> >=</option>';
} else { } else {
return '<option> =</option><option> !=</option><option><option> %</option>'; return '<option> =</option><option> !=</option><option><option> %</option>';

Loading…
Cancel
Save