Skip to content

Commit 41ccf57

Browse files
committed
Merge pull request from GHSA-6p92-qfqf-qwx4
1 parent b4b1006 commit 41ccf57

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

Diff for: extensions/database/src/com/google/refine/extension/database/DatabaseConfiguration.java

+7
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,13 @@ public String getDatabaseHost() {
6767
}
6868

6969
public void setDatabaseHost(String databaseServer) {
70+
// forbid setting settings inside the host parameter:
71+
// https://dev.mysql.com/doc/connector-j/en/connector-j-reference-jdbc-url-format.html
72+
if (databaseServer == null ||
73+
databaseServer.contains("(") ||
74+
databaseServer.contains("=")) {
75+
throw new IllegalArgumentException("Invalid host supplied");
76+
}
7077
this.databaseHost = databaseServer;
7178
}
7279

Diff for: extensions/database/tests/src/com/google/refine/extension/database/DatabaseConfigurationTest.java

+12
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
package com.google.refine.extension.database;
22

3+
import static org.testng.Assert.assertEquals;
4+
import static org.testng.Assert.assertThrows;
5+
36
import org.testng.annotations.Test;
47

58
import static org.testng.Assert.assertEquals;
@@ -18,4 +21,13 @@ public void testToURI() {
1821
// the database name is escaped, preventing the exploit
1922
assertEquals(url, "jdbc:mysql://my.host/test%3FallowLoadLocalInfile=true%23");
2023
}
24+
25+
@Test
26+
public void testSetMaliciousHost() {
27+
DatabaseConfiguration config = new DatabaseConfiguration();
28+
config.setDatabaseType("mysql");
29+
30+
assertThrows(IllegalArgumentException.class,
31+
() -> config.setDatabaseHost("127.0.0.1:3306,(allowLoadLocalInfile=true,allowUrlInLocalInfile=true),127.0.0.1"));
32+
}
2133
}

0 commit comments

Comments
 (0)