Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wrapAsExpression somehow makes program fail with "debug" log level #1006

Closed
Ktlo opened this issue Aug 4, 2020 · 1 comment
Closed

wrapAsExpression somehow makes program fail with "debug" log level #1006

Ktlo opened this issue Aug 4, 2020 · 1 comment
Assignees
@Tapac
Labels
bug

Comments

@Ktlo
Copy link

Ktlo commented Aug 4, 2020

The code below works as expected, if log lever is lower than "debug", but otherwise it causes the NoSuchElementException.

package example

import org.jetbrains.exposed.dao.id.IntIdTable
import org.jetbrains.exposed.sql.*
import org.jetbrains.exposed.sql.transactions.transaction
import org.jetbrains.exposed.sql.transactions.transactionManager
import java.sql.Connection

object UserTable : IntIdTable() {
    val name = varchar("name", 64)
}
object OtherTable : Table() {
    val user = optReference("user", UserTable)

    // This property is important for some reason, there may be any other column
    val group = text("group")
}

fun main() {
    Database.connect("jdbc:sqlite:file:test?mode=memory&cache=shared").apply {
        transactionManager.defaultIsolationLevel = Connection.TRANSACTION_SERIALIZABLE
    }
    transaction {
        SchemaUtils.create(UserTable, OtherTable)
        UserTable.insert {
            it[name] = "sample"
        }
        OtherTable.insert {
            it[user] = wrapAsExpression(UserTable.slice(UserTable.id).select { UserTable.name eq "sample" })
            it[group] = ""
        }
    }
}

Output

19:08:41.011 [main] DEBUG Exposed - CREATE TABLE IF NOT EXISTS "User" (id INTEGER PRIMARY KEY AUTOINCREMENT, "name" VARCHAR(64) NOT NULL)
19:08:41.015 [main] DEBUG Exposed - CREATE TABLE IF NOT EXISTS "Group" (id INTEGER PRIMARY KEY AUTOINCREMENT, "name" VARCHAR(64) NOT NULL)
19:08:41.015 [main] DEBUG Exposed - CREATE TABLE IF NOT EXISTS Other ("user" INT NULL, "group" TEXT NOT NULL, CONSTRAINT fk_Other_user_id FOREIGN KEY ("user") REFERENCES "User"(id) ON DELETE RESTRICT ON UPDATE RESTRICT)
19:08:41.028 [main] DEBUG Exposed - INSERT INTO "User" ("name") VALUES ('sample')
Exception in thread "main" java.util.NoSuchElementException
	at java.util.ArrayList$Itr.next(ArrayList.java:862)
	at org.jetbrains.exposed.sql.statements.StatementKt.expandArgs(Statement.kt:98)
	at org.jetbrains.exposed.sql.Slf4jSqlDebugLogger.log(SQLLog.kt:32)
	at org.jetbrains.exposed.sql.CompositeSqlLogger.log(SQLLog.kt:50)
	at org.jetbrains.exposed.sql.CompositeSqlLogger.afterExecution(SQLLog.kt:56)
	at org.jetbrains.exposed.sql.statements.Statement.executeIn$exposed_core(Statement.kt:69)
	at org.jetbrains.exposed.sql.Transaction.exec(Transaction.kt:129)
	at org.jetbrains.exposed.sql.Transaction.exec(Transaction.kt:115)
	at org.jetbrains.exposed.sql.statements.Statement.execute(Statement.kt:29)
	at org.jetbrains.exposed.sql.QueriesKt.insert(Queries.kt:73)
	at example.ExampleKt$main$2.invoke(Example.kt:31)
	at example.ExampleKt$main$2.invoke(Example.kt)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt$inTopLevelTransaction$1.invoke(ThreadLocalTransactionManager.kt:170)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt$inTopLevelTransaction$2.invoke(ThreadLocalTransactionManager.kt:211)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.keepAndRestoreTransactionRefAfterRun(ThreadLocalTransactionManager.kt:219)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.inTopLevelTransaction(ThreadLocalTransactionManager.kt:210)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt$transaction$1.invoke(ThreadLocalTransactionManager.kt:148)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.keepAndRestoreTransactionRefAfterRun(ThreadLocalTransactionManager.kt:219)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.transaction(ThreadLocalTransactionManager.kt:120)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.transaction(ThreadLocalTransactionManager.kt:118)
	at org.jetbrains.exposed.sql.transactions.ThreadLocalTransactionManagerKt.transaction$default(ThreadLocalTransactionManager.kt:117)
	at example.ExampleKt.main(Example.kt:26)
	at example.ExampleKt.main(Example.kt)

Environment

  • Exposed version: 0.26.2
  • Kotlin version: 1.3.72
@Tapac Tapac added the bug label Aug 4, 2020
@Tapac Tapac self-assigned this Aug 4, 2020
Tapac added a commit that referenced this issue Aug 7, 2020
@Tapac
wrapAsExpression somehow makes program fail with "debug" log level #…
682f66e 
…1006

Possible injection point in inserts fixed
@Tapac
Copy link
Contributor

Tapac commented Aug 7, 2020

Thank you for a report, looks like there also was a place where SQL-injection could happen. It was also fixed.

@Tapac Tapac closed this as completed Aug 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Tapac Tapac

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Tapac @Ktlo