Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix fuzzy query sql injection #4970

Merged
merged 2 commits into from Jun 26, 2020
Merged

Conversation

J-Cod3r
Copy link
Contributor

@J-Cod3r J-Cod3r commented Jun 25, 2020

Please answer these questions before submitting pull request

  • Why submit this pull request?

  • Bug fix

  • New feature provided

  • Improve performance

  • Related issues
    #4955

@codecov
Copy link

codecov bot commented Jun 25, 2020

Codecov Report

Merging #4970 into master will increase coverage by 0.00%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #4970   +/-   ##
=========================================
  Coverage     53.60%   53.61%           
- Complexity     2940     2942    +2     
=========================================
  Files          1392     1392           
  Lines         30168    30173    +5     
  Branches       3366     3366           
=========================================
+ Hits          16172    16177    +5     
  Misses        13211    13211           
  Partials        785      785           
Impacted Files Coverage Δ Complexity Δ
...er/storage/plugin/jdbc/h2/dao/H2AlarmQueryDAO.java 6.66% <0.00%> (-0.16%) 1.00 <0.00> (ø)
...storage/plugin/jdbc/h2/dao/H2MetadataQueryDAO.java 50.00% <0.00%> (-0.69%) 12.00 <0.00> (ø)
...er/storage/plugin/jdbc/h2/dao/H2TraceQueryDAO.java 38.77% <0.00%> (-0.40%) 6.00 <0.00> (ø)
.../storage/plugin/jdbc/mysql/MySQLAlarmQueryDAO.java 6.81% <0.00%> (-0.16%) 1.00 <0.00> (ø)
...r/storage/plugin/influxdb/query/MetadataQuery.java 60.00% <0.00%> (+0.76%) 12.00% <0.00%> (+1.00%)
...er/storage/plugin/influxdb/query/MetricsQuery.java 51.66% <0.00%> (+0.83%) 11.00% <0.00%> (+1.00%)
...g/oap/server/telemetry/prometheus/BaseMetrics.java 87.09% <0.00%> (+3.22%) 9.00% <0.00%> (+1.00%)
...core/analysis/manual/instance/InstanceTraffic.java 60.00% <0.00%> (+4.00%) 7.00% <0.00%> (ø%)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cc9ea27...2acc6bd. Read the comment docs.

@wu-sheng wu-sheng added this to the 8.1.0 milestone Jun 25, 2020
@wu-sheng wu-sheng added backend OAP backend related. bug Something isn't working and you are sure it's a bug! plugin Plugin for agent or collector. Be used to extend the capabilities of default implementor. labels Jun 25, 2020
@wu-sheng wu-sheng linked an issue Jun 25, 2020 that may be closed by this pull request
Copy link
Member

@kezhenxu94 kezhenxu94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codes look good to me, wait for the test results

@wu-sheng
Copy link
Member

Look like e2e don't passed.

@kezhenxu94
Copy link
Member

Look like e2e don't passed.

Connection to the maven repo is reset, although I've retried several times, should not be related to the changes

@wu-sheng
Copy link
Member

@JaredTan95 As these two fuzzy query not included in the e2e, please check locally.

Copy link
Member

@JaredTan95 JaredTan95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JaredTan95 JaredTan95 merged commit fb7912c into apache:master Jun 26, 2020
1 of 2 checks passed
@J-Cod3r J-Cod3r deleted the fix-sql-inject branch June 26, 2020 06:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backend OAP backend related. bug Something isn't working and you are sure it's a bug! plugin Plugin for agent or collector. Be used to extend the capabilities of default implementor.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ALARM_MESSAGE Sql Inject
4 participants