git.osdn.net Git - android-x86/frameworks-base.git/commit

author	Jeff Sharkey <jsharkey@android.com>
	Tue, 16 Jul 2019 22:50:42 +0000 (16:50 -0600)
committer	Sterling Huber <hubers@google.com>
	Tue, 10 Sep 2019 18:08:57 +0000 (18:08 +0000)
commit	92e5e5e45c171f88cb30d8044e43e40fd5437416
tree	ccdc64c11b0ed2829e41aa7aa968346b1ce084c8	tree \| snapshot
parent	42441907888c31450ea46afdb34d0094deddd8fb	commit \| diff

RESTRICT AUTOMERGE
Strict SQLiteQueryBuilder needs to be stricter.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change offers setStrictGrammar() to prevent this by outright
blocking subqueries in WHERE and HAVING clauses, and by requiring
that GROUP BY and ORDER BY clauses be composed only of valid columns.

This change also offers setStrictColumns() to require that all
untrusted column names are valid, such as those in ContentValues.

Relaxes to always allow aggregation operators on returned columns,
since untrusted callers can always calculate these manually.

Bug: 135270103, 135269143
Test: cts-tradefed run cts -m CtsDatabaseTestCases -t android.database.sqlite.cts.SQLiteQueryBuilderTest
Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25

core/java/android/database/sqlite/SQLiteQueryBuilder.java		diff \| blob \| history
core/java/android/database/sqlite/SQLiteTokenizer.java	[new file with mode: 0644]	blob
core/tests/coretests/src/android/database/sqlite/SQLiteTokenizerTest.java	[new file with mode: 0644]	blob