diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2017-03-07 02:42:03 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2017-03-07 02:42:03 +0000 |
commit | 251436e82288f4d0849f200b7b7f76c64cae56d3 (patch) | |
tree | 82fa158e21b091aec61647de3b7ef43cd57d8ad6 /src | |
parent | 442d7200fb77e2a6d0d3c8d1b17b3b8090581b02 (diff) | |
parent | 8411b174dee903acf8f7d16a8f46da2a7265f1ab (diff) | |
download | ContactsProvider-251436e82288f4d0849f200b7b7f76c64cae56d3.tar.gz |
Merge "Loosen SQL check"
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/providers/contacts/ContactsDatabaseHelper.java | 22 | ||||
-rw-r--r-- | src/com/android/providers/contacts/sqlite/DatabaseAnalyzer.java | 4 |
2 files changed, 18 insertions, 8 deletions
diff --git a/src/com/android/providers/contacts/ContactsDatabaseHelper.java b/src/com/android/providers/contacts/ContactsDatabaseHelper.java index e5aebfe5..5e97b812 100644 --- a/src/com/android/providers/contacts/ContactsDatabaseHelper.java +++ b/src/com/android/providers/contacts/ContactsDatabaseHelper.java @@ -140,6 +140,9 @@ public class ContactsDatabaseHelper extends SQLiteOpenHelper { static final int DATABASE_VERSION = 1201; private static final int MINIMUM_SUPPORTED_VERSION = 700; + @VisibleForTesting + static final boolean DISALLOW_SUB_QUERIES = false; + public interface Tables { public static final String CONTACTS = "contacts"; public static final String DELETED_CONTACTS = "deleted_contacts"; @@ -4990,15 +4993,18 @@ public class ContactsDatabaseHelper extends SQLiteOpenHelper { } final ArrayList<String> invalidTokens = new ArrayList<>(); - // Disallow referring to tables and views. However, we exempt tables whose names are - // also used as column names of any tables. (Right now it's only 'data'.) - invalidTokens.addAll(DatabaseAnalyzer.findTableViewsAllowingColumns(getReadableDatabase())); + if (DISALLOW_SUB_QUERIES) { + // Disallow referring to tables and views. However, we exempt tables whose names are + // also used as column names of any tables. (Right now it's only 'data'.) + invalidTokens.addAll( + DatabaseAnalyzer.findTableViewsAllowingColumns(getReadableDatabase())); - // Disallow token "select" to disallow subqueries. - invalidTokens.add("select"); + // Disallow token "select" to disallow subqueries. + invalidTokens.add("select"); - // Allow the use of "default_directory" for now, as it used to be sort of commonly used... - invalidTokens.remove(Tables.DEFAULT_DIRECTORY.toLowerCase()); + // Allow the use of "default_directory" for now, as it used to be sort of commonly used... + invalidTokens.remove(Tables.DEFAULT_DIRECTORY.toLowerCase()); + } mCachedSqlChecker = new SqlChecker(invalidTokens); @@ -5060,7 +5066,7 @@ public class ContactsDatabaseHelper extends SQLiteOpenHelper { private void reportInvalidSql(String callerPackage, InvalidSqlException e) { logWtf(String.format("%s caller=%s", e.getMessage(), callerPackage)); - throw e; // STOPSHIP Don't throw for pre-O apps. + throw e; } /** diff --git a/src/com/android/providers/contacts/sqlite/DatabaseAnalyzer.java b/src/com/android/providers/contacts/sqlite/DatabaseAnalyzer.java index 9a03aaf9..facd02e2 100644 --- a/src/com/android/providers/contacts/sqlite/DatabaseAnalyzer.java +++ b/src/com/android/providers/contacts/sqlite/DatabaseAnalyzer.java @@ -22,12 +22,15 @@ import android.util.Log; import com.android.providers.contacts.AbstractContactsProvider; +import com.google.common.annotations.VisibleForTesting; + import java.util.ArrayList; import java.util.List; /** * Class to extract table/view/column names from databases. */ +@VisibleForTesting public class DatabaseAnalyzer { private static final String TAG = "DatabaseAnalyzer"; @@ -74,6 +77,7 @@ public class DatabaseAnalyzer { * result contains all table/view names, except for the names that are column names of any * tables. */ + @VisibleForTesting public static List<String> findTableViewsAllowingColumns(SQLiteDatabase db) { final List<String> tables = findTablesAndViews(db); if (VERBOSE_LOGGING) { |