Fixing the security issue due to not using prepared statement

revert-70aa11f8
geethkokila 8 years ago
parent 6c611a8e39
commit 7359b4c536

@ -26,18 +26,18 @@ import java.util.Map;
public interface QueryBuilder {
Map<String, List<String>> buildQueries(List<Condition> conditions) throws InvalidOperatorException;
Map<String, List<QueryHolder>> buildQueries(List<Condition> conditions) throws InvalidOperatorException;
String processAND(List<Condition> conditions) throws InvalidOperatorException;
String processAND(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException;
String processOR(List<Condition> conditions) throws InvalidOperatorException;
String processOR(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException;
List<String> processLocation(Condition condition) throws InvalidOperatorException;
List<QueryHolder> processLocation(Condition condition) throws InvalidOperatorException;
List<String> processANDProperties(List<Condition> conditions) throws InvalidOperatorException;
List<QueryHolder> processANDProperties(List<Condition> conditions) throws InvalidOperatorException;
List<String> processORProperties(List<Condition> conditions) throws InvalidOperatorException;
List<QueryHolder> processORProperties(List<Condition> conditions) throws InvalidOperatorException;
String processUpdatedDevices(long epochTime) throws InvalidOperatorException;
QueryHolder processUpdatedDevices(long epochTime) throws InvalidOperatorException;
}

@ -62,27 +62,32 @@ public class ProcessorImpl implements Processor {
@Override
public List<Device> execute(SearchContext searchContext) throws SearchMgtException {
if(!Utils.validateOperators(searchContext.getConditions())){
throw new SearchMgtException("Invalid validator is provided.");
}
QueryBuilder queryBuilder = new QueryBuilderImpl();
List<Device> generalDevices = new ArrayList<>();
List<List<Device>> allANDDevices = new ArrayList<>();
List<List<Device>> allORDevices = new ArrayList<>();
List<Device> locationDevices = new ArrayList<>();
try {
Map<String, List<String>> queries = queryBuilder.buildQueries(searchContext.getConditions());
DeviceManagementDAOFactory.openConnection();
Map<String, List<QueryHolder>> queries = queryBuilder.buildQueries(searchContext.getConditions());
if (queries.containsKey(Constants.GENERAL)) {
generalDevices = searchDeviceDetailsTable(queries.get(Constants.GENERAL).get(0));
}
if (queries.containsKey(Constants.PROP_AND)) {
for (String query : queries.get(Constants.PROP_AND)) {
List<Device> andDevices = searchDeviceDetailsTable(query);
for (QueryHolder queryHolder : queries.get(Constants.PROP_AND)) {
List<Device> andDevices = searchDeviceDetailsTable(queryHolder);
allANDDevices.add(andDevices);
}
}
if (queries.containsKey(Constants.PROP_OR)) {
for (String query : queries.get(Constants.PROP_OR)) {
List<Device> orDevices = searchDeviceDetailsTable(query);
for (QueryHolder queryHolder : queries.get(Constants.PROP_OR)) {
List<Device> orDevices = searchDeviceDetailsTable(queryHolder);
allORDevices.add(orDevices);
}
}
@ -141,12 +146,12 @@ public class ProcessorImpl implements Processor {
@Override
public List<Device> getUpdatedDevices(long epochTime) throws SearchMgtException {
if((1 + (int)Math.floor(Math.log10(epochTime))) <=10 ) {
if ((1 + (int) Math.floor(Math.log10(epochTime))) <= 10) {
epochTime = epochTime * 1000;
}
QueryBuilder queryBuilder = new QueryBuilderImpl();
try {
String query = queryBuilder.processUpdatedDevices(epochTime);
QueryHolder query = queryBuilder.processUpdatedDevices(epochTime);
DeviceManagementDAOFactory.openConnection();
return searchDeviceDetailsTable(query);
} catch (InvalidOperatorException e) {
@ -218,7 +223,7 @@ public class ProcessorImpl implements Processor {
for (List<Device> devices : deLists) {
Map<Integer, Device> deviceMap = new HashMap<>();
for (Device device: devices) {
for (Device device : devices) {
deviceMap.put(device.getId(), device);
}
maps.add(deviceMap);
@ -241,9 +246,9 @@ public class ProcessorImpl implements Processor {
}
}
private List<Device> searchDeviceDetailsTable(String query) throws SearchDAOException {
private List<Device> searchDeviceDetailsTable(QueryHolder queryHolder) throws SearchDAOException {
if (log.isDebugEnabled()) {
log.debug("Query : " + query);
log.debug("Query : " + queryHolder.getQuery());
}
Connection conn;
PreparedStatement stmt = null;
@ -252,7 +257,26 @@ public class ProcessorImpl implements Processor {
Map<Integer, Integer> devs = new HashMap<>();
try {
conn = this.getConnection();
stmt = conn.prepareStatement(query);
stmt = conn.prepareStatement(queryHolder.getQuery());
int x = 1;
ValueType[] types = queryHolder.getTypes();
for (ValueType type : types) {
if (type.getColumnType().equals(ValueType.columnType.STRING)) {
stmt.setString(x, type.getStringValue());
x++;
} else if (type.getColumnType().equals(ValueType.columnType.INTEGER)) {
stmt.setInt(x, type.getIntValue());
x++;
} else if (type.getColumnType().equals(ValueType.columnType.LONG)){
stmt.setLong(x, type.getLongValue());
x++;
} else if(type.getColumnType().equals(ValueType.columnType.DOUBLE)){
stmt.setDouble(x, type.getDoubleValue());
x++;
}
}
rs = stmt.executeQuery();
while (rs.next()) {
if (!devs.containsKey(rs.getInt("ID"))) {
@ -363,7 +387,7 @@ public class ProcessorImpl implements Processor {
} catch (SQLException e) {
throw new SearchDAOException("Error occurred while retrieving the device properties.", e);
} finally {
DeviceManagementDAOUtil.cleanupResources(stmt,rs);
DeviceManagementDAOUtil.cleanupResources(stmt, rs);
}
return devices;
}

@ -23,9 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.search.Condition;
import org.wso2.carbon.device.mgt.core.search.mgt.Constants;
import org.wso2.carbon.device.mgt.core.search.mgt.InvalidOperatorException;
import org.wso2.carbon.device.mgt.core.search.mgt.QueryBuilder;
import org.wso2.carbon.device.mgt.core.search.mgt.*;
import java.util.ArrayList;
import java.util.HashMap;
@ -41,7 +39,7 @@ public class QueryBuilderImpl implements QueryBuilder {
private boolean isDeviceAdminUser;
@Override
public Map<String, List<String>> buildQueries(List<Condition> conditions) throws InvalidOperatorException {
public Map<String, List<QueryHolder>> buildQueries(List<Condition> conditions) throws InvalidOperatorException {
List<Condition> andColumns = new ArrayList<>();
List<Condition> orColumns = new ArrayList<>();
List<Condition> otherANDColumns = new ArrayList<>();
@ -82,10 +80,27 @@ public class QueryBuilderImpl implements QueryBuilder {
}
}
Map<String, List<String>> queries = new HashMap<>();
Map<String, List<QueryHolder>> queries = new HashMap<>();
if ((!andColumns.isEmpty()) || (!orColumns.isEmpty())) {
queries.put(Constants.GENERAL, Utils.convertStringToList(this.getGenericQueryPart() + this.processAND(andColumns) +
this.processOR(orColumns)));
// Size is taken as the sum of both columns and for tenant id.
ValueType valueTypeArray[] = new ValueType[andColumns.size() + orColumns.size() + 1];
// String query =Utils.convertStringToList(
// passing the integer value to the x so that array is correctly passed.
Integer intArr[] = new Integer[1];
intArr[0] = 1;
//int x = 1;
String query = this.getGenericQueryPart(valueTypeArray) +
this.processAND(andColumns, valueTypeArray, intArr) +
this.processOR(orColumns, valueTypeArray, intArr);
List<QueryHolder> queryHolders = new ArrayList<>();
QueryHolder queryHolder = new QueryHolder();
queryHolder.setQuery(query);
queryHolder.setTypes(valueTypeArray);
queryHolders.add(queryHolder);
queries.put(Constants.GENERAL, queryHolders);
}
if (!otherANDColumns.isEmpty()) {
queries.put(Constants.PROP_AND, this.processANDProperties(otherANDColumns));
@ -108,94 +123,212 @@ public class QueryBuilderImpl implements QueryBuilder {
}
@Override
public String processAND(List<Condition> conditions) throws InvalidOperatorException {
public String processAND(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException {
String querySuffix = "";
try {
// TODO: find upto what address location of the array has filled.
int x = intArr[0];
for (Condition con : conditions) {
if (Utils.checkDeviceDetailsColumns(con.getKey())) {
if (con.operator.equals(WILDCARD_OPERATOR)){
if (con.operator.equals(WILDCARD_OPERATOR)) {
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey())
+ " LIKE \'%" + con.getValue() + "%\'";
+ " LIKE ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue("%"+con.getValue()+"%");
valueType[x] = type;
x++;
} else {
querySuffix = querySuffix + " AND DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con
.getOperator() + Utils.getConvertedValue(con.getKey(), con.getValue());
.getOperator() + " ? ";
ValueType type = new ValueType();
if (Utils.checkColumnType(con.getKey())) {
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(Utils.getConvertedValue(con.getKey(), con.getValue()));
} else {
type.setColumnType(ValueType.columnType.INTEGER);
type.setIntValue(Integer.parseInt(Utils.getConvertedValue(con.getKey(), con.getValue())));
}
valueType[x] = type;
x++;
}
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix = querySuffix + " AND DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase()) +
con.getOperator() + con.getValue();
con.getOperator() + " ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(con.getValue());
valueType[x] = type;
x++;
}
}
intArr[0] = x;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
return querySuffix;
}
@Override
public String processOR(List<Condition> conditions) throws InvalidOperatorException {
public String processOR(List<Condition> conditions, ValueType[] valueType, Integer intArr[]) throws InvalidOperatorException {
String querySuffix = "";
// TODO: find upto what address location of the array has filled.
try {
int x = intArr[0];
for (Condition con : conditions) {
if (Utils.checkDeviceDetailsColumns(con.getKey())) {
if (con.operator.equals(WILDCARD_OPERATOR)) {
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey())
+ " LIKE \'%" + con.getValue() + "%\'";
+ " LIKE ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue("%"+con.getValue()+"%");
valueType[x] = type;
x++;
} else {
querySuffix = querySuffix + " OR DD." + Utils.getDeviceDetailsColumnNames().get(con.getKey()) + con
.getOperator() + Utils.getConvertedValue(con.getKey(), con.getValue());
.getOperator() + " ? ";
ValueType type = new ValueType();
if (Utils.checkColumnType(con.getKey())) {
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(Utils.getConvertedValue(con.getKey(), con.getValue()));
} else {
type.setColumnType(ValueType.columnType.INTEGER);
type.setIntValue(Integer.parseInt(Utils.getConvertedValue(con.getKey(), con.getValue())));
}
valueType[x] = type;
x++;
}
} else if (Utils.checkDeviceLocationColumns(con.getKey().toLowerCase())) {
querySuffix =
querySuffix + " OR DL." + Utils.getDeviceLocationColumnNames().get(con.getKey().toLowerCase())
+ con.getOperator() + con.getValue();
+ con.getOperator() + " ? ";
ValueType type = new ValueType();
type.setColumnType(ValueType.columnType.STRING);
type.setStringValue(con.getValue());
valueType[x] = type;
x++;
}
}
intArr[0] = x;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
return querySuffix;
}
@Override
public List<String> processLocation(Condition condition) throws InvalidOperatorException {
List<String> queryList = new ArrayList<>();
queryList.add(this.buildLocationQuery(condition.getValue()));
return queryList;
public List<QueryHolder> processLocation(Condition condition) throws InvalidOperatorException {
List<QueryHolder> queryHolders = new ArrayList<>();
queryHolders.add(this.buildLocationQuery(condition.getValue()));
return queryHolders;
}
@Override
public List<String> processANDProperties(List<Condition> conditions) throws InvalidOperatorException {
public List<QueryHolder> processANDProperties(List<Condition> conditions) throws InvalidOperatorException {
return this.getQueryList(conditions);
}
@Override
public List<String> processORProperties(List<Condition> conditions) throws InvalidOperatorException {
public List<QueryHolder> processORProperties(List<Condition> conditions) throws InvalidOperatorException {
return this.getQueryList(conditions);
}
@Override
public String processUpdatedDevices(long epochTime) throws InvalidOperatorException {
return this.getGenericQueryPart() + " AND ( DD.UPDATE_TIMESTAMP > " + epochTime +
" OR DL.UPDATE_TIMESTAMP > " + epochTime + " )";
public QueryHolder processUpdatedDevices(long epochTime) throws InvalidOperatorException {
try {
ValueType valueTypeArray[] = new ValueType[3];
String query = this.getGenericQueryPart(valueTypeArray) + " AND ( DD.UPDATE_TIMESTAMP > ? " +
"OR DL.UPDATE_TIMESTAMP > ? )";
ValueType val1 = new ValueType();
val1.setColumnType(ValueType.columnType.LONG);
val1.setLongValue(epochTime);
valueTypeArray[1] = val1;
ValueType val2 = new ValueType();
val2.setColumnType(ValueType.columnType.LONG);
val2.setLongValue(epochTime);
valueTypeArray[2] = val2;
QueryHolder queryHolder = new QueryHolder();
queryHolder.setQuery(query);
queryHolder.setTypes(valueTypeArray);
return queryHolder;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the for the updated devices.", e);
}
}
private List<String> getQueryList(List<Condition> conditions) {
List<String> queryList = new ArrayList<>();
private List<QueryHolder> getQueryList(List<Condition> conditions) throws InvalidOperatorException {
try {
List<QueryHolder> queryHolders = new ArrayList<>();
for (Condition con : conditions) {
String querySuffix = this.getPropertyQueryPart() + " AND DI.KEY_FIELD = " + "\'" + con.getKey() + "\'" +
" AND DI.VALUE_FIELD " + con.getOperator() + "\'" + con.getValue() + "\'";
queryList.add(querySuffix);
QueryHolder query = new QueryHolder();
ValueType valueTypeArray[] = new ValueType[3];
String querySuffix = this.getPropertyQueryPart(valueTypeArray) + " AND DI.KEY_FIELD = " + " ? " +
" AND DI.VALUE_FIELD " + con.getOperator() + " ? ";
ValueType key = new ValueType();
key.setColumnType(ValueType.columnType.STRING);
key.setStringValue(con.getKey());
valueTypeArray[1] = key;
ValueType value = new ValueType();
value.setColumnType(ValueType.columnType.STRING);
value.setStringValue(con.getValue());
valueTypeArray[2] = value;
query.setQuery(querySuffix);
query.setTypes(valueTypeArray);
queryHolders.add(query);
}
return queryHolders;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
return queryList;
}
private String buildLocationQuery(String location) {
private QueryHolder buildLocationQuery(String location) throws InvalidOperatorException {
try {
ValueType valueTypeArray[] = new ValueType[7];
String query = this.getGenericQueryPart(valueTypeArray);
query = query + " AND (DL.STREET1 LIKE ? ";
query = query + " OR DL.STREET2 LIKE ? ";
query = query + " OR DL.CITY LIKE ? ";
query = query + " OR DL.STATE LIKE ? ";
query = query + " OR DL.COUNTRY LIKE ? ";
query = query + " OR DL.ZIP LIKE ? )";
String query = this.getGenericQueryPart();
query = query + " AND (DL.STREET1 LIKE \'%" + location + "%\'";
query = query + " OR DL.STREET2 LIKE \'%" + location + "%\'";
query = query + " OR DL.CITY LIKE \'%" + location + "%\'";
query = query + " OR DL.STATE LIKE \'%" + location + "%\'";
query = query + " OR DL.COUNTRY LIKE \'%" + location + "%\'";
query = query + " OR DL.ZIP LIKE \'%" + location + "%\')";
return query;
ValueType value = new ValueType();
value.setColumnType(ValueType.columnType.STRING);
value.setStringValue("%" + location + "%");
// Same location is passed to each place
valueTypeArray[1] = value;
valueTypeArray[2] = value;
valueTypeArray[3] = value;
valueTypeArray[4] = value;
valueTypeArray[5] = value;
valueTypeArray[6] = value;
QueryHolder queryHolder = new QueryHolder();
queryHolder.setQuery(query);
queryHolder.setTypes(valueTypeArray);
return queryHolder;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql for location.", e);
}
}
private String getGenericQueryPart() {
return "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
private String getGenericQueryPart(ValueType[] valueTypeArray) throws InvalidOperatorException {
try {
String query = "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
"D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" +
"DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" +
"DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" +
@ -207,11 +340,22 @@ public class QueryBuilderImpl implements QueryBuilder {
"LEFT JOIN DM_DEVICE_LOCATION AS DL ON DL.DEVICE_ID=D.ID \n" +
"INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" +
"INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" +
"WHERE D.TENANT_ID = " + PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
"WHERE D.TENANT_ID = ? ";
ValueType type = new ValueType();
type.setIntValue(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
type.setColumnType(ValueType.columnType.INTEGER);
valueTypeArray[0] = type;
return query;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
}
private String getPropertyQueryPart() {
return "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
private String getPropertyQueryPart(ValueType[] valueTypeArray) throws InvalidOperatorException {
try {
String query = "SELECT D.ID, D.DESCRIPTION, D.NAME, \n" +
"D.DEVICE_TYPE_ID, D.DEVICE_IDENTIFICATION, DT.ID AS DEVICE_TYPE_ID, \n" +
"DT.NAME AS DEVICE_TYPE_NAME, DD.DEVICE_ID, DD.DEVICE_MODEL, DD.VENDOR, \n" +
"DD.OS_VERSION, DD.OS_BUILD_DATE, DD.BATTERY_LEVEL, DD.INTERNAL_TOTAL_MEMORY, DD.INTERNAL_AVAILABLE_MEMORY,\n" +
@ -225,7 +369,16 @@ public class QueryBuilderImpl implements QueryBuilder {
"INNER JOIN DM_DEVICE_TYPE AS DT ON DT.ID=D.DEVICE_TYPE_ID\n" +
"INNER JOIN DM_ENROLMENT AS DE ON D.ID=DE.DEVICE_ID\n" +
"LEFT JOIN DM_DEVICE_INFO AS DI ON DI.DEVICE_ID=D.ID\n" +
"WHERE D.TENANT_ID = " +
PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
"WHERE D.TENANT_ID = ? ";
ValueType type = new ValueType();
type.setIntValue(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
type.setColumnType(ValueType.columnType.INTEGER);
valueTypeArray[0] = type;
return query;
} catch (Exception e) {
throw new InvalidOperatorException("Error occurred while building the sql", e);
}
}
}

@ -20,6 +20,7 @@
package org.wso2.carbon.device.mgt.core.search.mgt.impl;
import org.wso2.carbon.device.mgt.common.Device;
import org.wso2.carbon.device.mgt.common.search.Condition;
import java.util.ArrayList;
import java.util.HashMap;
@ -31,6 +32,8 @@ public class Utils {
private static Map<String, String> genericColumnsMap = new HashMap<>();
private static Map<String, String> locationColumnsMap = new HashMap<>();
private static Map<String, String> operators = new HashMap<>();
static {
genericColumnsMap.put("deviceModel", "DEVICE_MODEL");
genericColumnsMap.put("vendor", "VENDOR");
@ -58,6 +61,18 @@ public class Utils {
locationColumnsMap.put("zip", "STATE");
locationColumnsMap.put("country", "COUNTRY");
//=, >, <, >=, <=, <>, !=, !>, !<
operators.put("=", "=");
operators.put(">", ">");
operators.put("<", "<");
operators.put(">=", ">=");
operators.put("<=", "<=");
operators.put("<>", "<>");
operators.put("!=", "!=");
operators.put("!>", "!>");
operators.put("!<", "!<");
operators.put("%", "%");
}
public static boolean checkColumnType(String column) {
@ -142,5 +157,15 @@ public class Utils {
return str.substring(0, str.length() - 1);
}
public static boolean validateOperators(List<Condition> conditions) {
for (Condition con : conditions) {
if (!operators.containsKey(con.getOperator())) {
return false;
}
}
return true;
}
}

@ -47,7 +47,7 @@ var dynamicForm = '<div class="dynamic-search-param row"><div class="row"><a cla
'</option><option value = "vendor">Vendor</option><option value = "osVersion">OS Version' +
'</option><option value = "batteryLevel">Battery Level</option><option value =' +
' "internalTotalMemory">Internal Total Memory</option> <option value ="internalAvailableMemory">' +
'Internal Available Memory</option> <option value = "externalTotalMemory">externalTotalMemory</option>' +
'Internal Available Memory</option> <option value = "externalTotalMemory">External Total Memory</option>' +
' <option value = "externalAvailableMemory">External Available Memory' +
'</option> <option value = "connectionType">Connection Type</option> <option value =' +
' "ssid">SSID</option><option value = "cpuUsage">CPU Usage</option><option value = "totalRAMMemory">' +
@ -83,7 +83,7 @@ $(document).ready(function () {
*/
function getOperators(keyValue) {
if (nonNumericKeyValuePair.indexOf(keyValue) < 0) {
return '<option> =</option><option> !=</option><option> <</option><option> =<</option><option>' +
return '<option> =</option><option> !=</option><option> <</option><option> <=</option><option>' +
' ></option><option> >=</option>';
} else {
return '<option> =</option><option> !=</option><option><option> %</option>';

Loading…
Cancel
Save