Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4039dc49018bd77382556d0e92c92474e59724d0
commit4039dc49018bd77382556d0e92c92474e59724d0[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Mon Jul 16 16:53:45 2018 -0600
committerJeff Sharkey <jsharkey@google.com>Sat Dec 01 17:23:04 2018 -0700
treece9fa6100ee3599bc55962810081e5f2834a49f1
parent55777e52dffdc16ddc2370c1c6e740d7bf3d92b0 [diff]
Execute "strict" queries with extra parentheses.

SQLiteQueryBuilder has a setStrict() mode which can be used to
detect SQL attacks from untrusted sources, which it does by running
each query twice: once with an extra set of parentheses, and if that
succeeds, it runs the original query verbatim.

This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
creates valid statements for both tests above, but the final executed
query ends up leaking data due to SQLite operator precedence.

Instead, we need to continue compiling both variants, but we need
to execute the query with the additional parentheses to ensure
data won't be leaked.

Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Bug: 111085900
Merged-In: Ie85a95003ae134eef2fdfbf074c2f82d0a6a9f26
Change-Id: Ie85a95003ae134eef2fdfbf074c2f82d0a6a9f26
1 file changed
tree: ce9fa6100ee3599bc55962810081e5f2834a49f1
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. vr/
  35. wifi/
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. MODULE_LICENSE_APACHE2
  40. NOTICE
  41. pathmap.mk
  42. PREUPLOAD.cfg