dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #35753
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 18301: SQL view, regex fix
------------------------------------------------------------
revno: 18301
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2015-02-18 00:04:46 +0100
message:
SQL view, regex fix
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/sqlview/SqlView.java
dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/sqlview/SqlViewServiceTest.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/sqlview/SqlView.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/sqlview/SqlView.java 2015-02-12 19:37:50 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/sqlview/SqlView.java 2015-02-17 23:04:46 +0000
@@ -141,7 +141,7 @@
public static String getProtectedTablesRegex()
{
- StringBuffer regex = new StringBuffer( "^.*?(" );
+ StringBuffer regex = new StringBuffer( "^.*?(\"|'|`|\\s|^)(" );
for ( String table : PROTECTED_TABLES )
{
@@ -150,12 +150,12 @@
regex.delete( regex.length() - 1, regex.length() );
- return regex.append( ").*$" ).toString();
+ return regex.append( ")(\"|'|`|\\s|$).*$" ).toString();
}
public static String getIllegalKeywordsRegex()
{
- StringBuffer regex = new StringBuffer( "^.*?(" );
+ StringBuffer regex = new StringBuffer( "^.*?(\\s|^)(" );
for ( String word : ILLEGAL_KEYWORDS )
{
@@ -164,7 +164,7 @@
regex.delete( regex.length() - 1, regex.length() );
- return regex.append( ").*$" ).toString();
+ return regex.append( ")(\\s|$).*$" ).toString();
}
public SqlView cleanSqlQuery()
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/sqlview/SqlViewServiceTest.java'
--- dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/sqlview/SqlViewServiceTest.java 2015-02-12 19:37:50 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/test/java/org/hisp/dhis/sqlview/SqlViewServiceTest.java 2015-02-17 23:04:46 +0000
@@ -233,7 +233,7 @@
@Test( expected = IllegalQueryException.class )
public void testValidateProtectedTables()
{
- SqlView sqlView = new SqlView( "Name", "select * from userinfo", true );
+ SqlView sqlView = new SqlView( "Name", "select * from userinfo where userinfoid=1", true );
sqlViewService.validateSqlView( sqlView, null, null );
}
@@ -266,7 +266,7 @@
}
@Test
- public void testValidateSuccess()
+ public void testValidateSuccessA()
{
SqlView sqlView = new SqlView( "Name", "select * from dataelement where valueType = '${valueType}'", true );
@@ -275,4 +275,12 @@
sqlViewService.validateSqlView( sqlView, null, variables );
}
+
+ @Test
+ public void testValidateSuccessB()
+ {
+ SqlView sqlView = new SqlView( "Name", "select ug.name from usergroup ug where ug.name ~* '^OU\\s(\\w.*)\\sAgency\\s(\\w.*)\\susers$'", false );
+
+ sqlViewService.validateSqlView( sqlView, null, null );
+ }
}
