disable script dump
Change-Id: I04d740cc0fcf87daa192a0a6af34138278043a19 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146905 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
This commit is contained in:
parent
f4238ed900
commit
6190a8210e
3 changed files with 68 additions and 0 deletions
|
@ -291,6 +291,37 @@ namespace connectivity
|
||||||
} // if ( xStream.is() )
|
} // if ( xStream.is() )
|
||||||
::comphelper::disposeComponent(xStream);
|
::comphelper::disposeComponent(xStream);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// disallow any database/script files that contain a "SCRIPT[.*]" entry (this is belt and braces
|
||||||
|
// in that bundled hsqldb 1.8.0 is patched to also reject them)
|
||||||
|
//
|
||||||
|
// hsqldb 2.6.0 release notes have: added system role SCRIPT_OPS for export / import of database structure and data
|
||||||
|
// which seems to provide a builtin way to do this with contemporary hsqldb
|
||||||
|
static const OUStringLiteral sScript(u"script");
|
||||||
|
if (!bIsNewDatabase && xStorage->isStreamElement(sScript))
|
||||||
|
{
|
||||||
|
Reference<XStream > xStream = xStorage->openStreamElement(sScript, ElementModes::READ);
|
||||||
|
if (xStream.is())
|
||||||
|
{
|
||||||
|
std::unique_ptr<SvStream> pStream(::utl::UcbStreamHelper::CreateStream(xStream));
|
||||||
|
if (pStream)
|
||||||
|
{
|
||||||
|
OStringBuffer sLine;
|
||||||
|
while (pStream->ReadLine(sLine))
|
||||||
|
{
|
||||||
|
OString sText = sLine.makeStringAndClear().trim();
|
||||||
|
if (sText.startsWithIgnoreAsciiCase("SCRIPT"))
|
||||||
|
{
|
||||||
|
::connectivity::SharedResources aResources;
|
||||||
|
sMessage = aResources.getResourceString(STR_COULD_NOT_LOAD_FILE).replaceFirst("$filename$", sSystemPath);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} // if ( xStream.is() )
|
||||||
|
::comphelper::disposeComponent(xStream);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
catch(Exception&)
|
catch(Exception&)
|
||||||
{
|
{
|
||||||
|
|
1
external/hsqldb/UnpackedTarball_hsqldb.mk
vendored
1
external/hsqldb/UnpackedTarball_hsqldb.mk
vendored
|
@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,hsqldb,\
|
||||||
external/hsqldb/patches/hsqldb-runFinalizersOnExit.patch \
|
external/hsqldb/patches/hsqldb-runFinalizersOnExit.patch \
|
||||||
external/hsqldb/patches/jdbc-4.1.patch \
|
external/hsqldb/patches/jdbc-4.1.patch \
|
||||||
external/hsqldb/patches/multipleResultSets.patch \
|
external/hsqldb/patches/multipleResultSets.patch \
|
||||||
|
external/hsqldb/patches/disable-dump-script.patch \
|
||||||
))
|
))
|
||||||
|
|
||||||
# vim: set noet sw=4 ts=4:
|
# vim: set noet sw=4 ts=4:
|
||||||
|
|
36
external/hsqldb/patches/disable-dump-script.patch
vendored
Normal file
36
external/hsqldb/patches/disable-dump-script.patch
vendored
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
--- a/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 11:08:11.297243034 +0000
|
||||||
|
+++ b/hsqldb/src/org/hsqldb/DatabaseCommandInterpreter.java 2023-02-13 13:49:17.973089433 +0000
|
||||||
|
@@ -392,31 +392,19 @@
|
||||||
|
*/
|
||||||
|
private Result processScript() throws IOException, HsqlException {
|
||||||
|
|
||||||
|
- String token = tokenizer.getString();
|
||||||
|
- ScriptWriterText dsw = null;
|
||||||
|
+ tokenizer.getString();
|
||||||
|
|
||||||
|
session.checkAdmin();
|
||||||
|
|
||||||
|
try {
|
||||||
|
if (tokenizer.wasValue()) {
|
||||||
|
- if (tokenizer.getType() != Types.VARCHAR) {
|
||||||
|
- throw Trace.error(Trace.INVALID_IDENTIFIER);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- dsw = new ScriptWriterText(database, token, true, true, true);
|
||||||
|
-
|
||||||
|
- dsw.writeAll();
|
||||||
|
-
|
||||||
|
- return new Result(ResultConstants.UPDATECOUNT);
|
||||||
|
+ throw Trace.error(Trace.ACCESS_IS_DENIED);
|
||||||
|
} else {
|
||||||
|
tokenizer.back();
|
||||||
|
|
||||||
|
return DatabaseScript.getScript(database, false);
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
- if (dsw != null) {
|
||||||
|
- dsw.close();
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue