Bug 1188760 - Added a regex check to execute and executeCached of Sqlite.jsm. r=mak

2024-09-13 09:24:08 -07:00 · 2015-09-23 09:01:00 +02:00 · 2015-09-23 09:01:00 +02:00 · a93eb36594
commit a93eb36594
parent 93cea1d7bc
2 changed files with 29 additions and 0 deletions
--- a/toolkit/modules/Sqlite.jsm
+++ b/toolkit/modules/Sqlite.jsm
@ -38,6 +38,9 @@ XPCOMUtils.defineLazyModuleGetter(this, "PromiseUtils",
 XPCOMUtils.defineLazyModuleGetter(this, "console",
                                  "resource://gre/modules/devtools/shared/Console.jsm");

+// Regular expression used by isInvalidBoundLikeQuery
+var likeSqlRegex = /\bLIKE\b\s(?![@:?])/i;
+
 // Counts the number of created connections per database basename(). This is
 // used for logging to distinguish connection instances.
 var connectionCounters = new Map();
@ -60,6 +63,17 @@ var Debugging = {
  failTestsOnAutoClose: true
 };

+/**
+ * Helper function to check whether LIKE is implemented using proper bindings.
+ *
+ * @param sql
+ *        (string) The SQL query to be verified.
+ * @return boolean value telling us whether query was correct or not
+*/
+function isInvalidBoundLikeQuery(sql) {
+  return likeSqlRegex.test(sql);
+}
+
 // Displays a script error message
 function logScriptError(message) {
  let consoleMessage = Cc["@mozilla.org/scripterror;1"].
@ -1273,6 +1287,9 @@ OpenedConnection.prototype = Object.freeze({
   *        (function) Callback to receive each row from result.
   */
  executeCached: function (sql, params=null, onRow=null) {
+    if (isInvalidBoundLikeQuery(sql)) {
+      throw new Error("Please enter a LIKE clause with bindings");
+    }
    return this._connectionData.executeCached(sql, params, onRow);
  },

@ -1292,6 +1309,9 @@ OpenedConnection.prototype = Object.freeze({
   *        (function) Callback to receive result of a single row.
   */
  execute: function (sql, params=null, onRow=null) {
+    if (isInvalidBoundLikeQuery(sql)) {
+      throw new Error("Please enter a LIKE clause with bindings");
+    }
    return this._connectionData.execute(sql, params, onRow);
  },

--- a/toolkit/modules/tests/xpcshell/test_sqlite.js
+++ b/toolkit/modules/tests/xpcshell/test_sqlite.js
@ -275,6 +275,15 @@ add_task(function* test_execute_invalid_statement() {
  yield c.close();
 });

+add_task(function* test_incorrect_like_bindings() {
+  let c = yield getDummyDatabase("incorrect_like_bindings");
+
+  let sql = "select * from dirs where path LIKE 'non%'";
+  Assert.throws(() => c.execute(sql), /Please enter a LIKE clause/);
+  Assert.throws(() => c.executeCached(sql), /Please enter a LIKE clause/);
+
+  yield c.close();
+});
 add_task(function* test_on_row_exception_ignored() {
  let c = yield getDummyDatabase("on_row_exception_ignored");