git.osdn.net Git - android-x86/frameworks-base.git/commit

author	Jeff Sharkey <jsharkey@android.com>
	Tue, 16 Jul 2019 22:50:42 +0000 (16:50 -0600)
committer	Max Spector <mspector@google.com>
	Thu, 19 Sep 2019 00:13:40 +0000 (17:13 -0700)
commit	ce56aee7ee2593fbf54c017d4a7b0c52110aed89
tree	243674b6977ff7def6cea6e443ac93668655b93a	tree \| snapshot
parent	a19300efc8c4fa8ca6ec16b47f22a44ed5bcd70a	commit \| diff

RESTRICT AUTOMERGE
Strict SQLiteQueryBuilder needs to be stricter.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change offers setStrictGrammar() to prevent this by outright
blocking subqueries in WHERE and HAVING clauses, and by requiring
that GROUP BY and ORDER BY clauses be composed only of valid columns.

This change also offers setStrictColumns() to require that all
untrusted column names are valid, such as those in ContentValues.

Relaxes to always allow aggregation operators on returned columns,
since untrusted callers can always calculate these manually.

Bug: 135270103, 135269143
Test: cts-tradefed run cts -m CtsDatabaseTestCases -t android.database.sqlite.cts.SQLiteQueryBuilderTest
Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25
(cherry picked from commit 92e5e5e45c171f88cb30d8044e43e40fd5437416)

core/java/android/database/sqlite/SQLiteQueryBuilder.java		diff \| blob \| history
core/java/android/database/sqlite/SQLiteTokenizer.java	[new file with mode: 0644]	blob
core/tests/coretests/src/android/database/sqlite/SQLiteTokenizerTest.java	[new file with mode: 0644]	blob