Incorrect quoting of file size in anti-virus scanner app #120

Closed
bjoernv opened this Issue Jul 25, 2016 · 5 comments

Projects

None yet

3 participants

@bjoernv
bjoernv commented Jul 25, 2016

Steps to reproduce

  1. Use Owncloud 9.1
  2. Activate and configure files_antivirus app
  3. see logfile data/owncloud.log

Expected behaviour

No error message, working anti-virus scan

Actual behaviour

The file size 0 bytes is incorrectly quoted in
SELECT fc.fileidFROMoc_filecachefc LEFT JOINoc_files_antivirusfa ON fa.fileid= fc.fileidINNER JOINoc_storagesss ON (fc.storage= ss.numeric_id) AND ((ss.idLIKE 'local::%') OR (ss.idLIKE 'home::%')) WHERE (fc.mimetype<> '2') AND ((fa.fileidIS NULL) OR (fc.mtime> fa.check_time)) AND (fc.pathLIKE 'files\/%') AND (fc.size<>0) LIMIT 5

MySQL 5.5.50 reports

ERROR 1054 (42S22): Unknown column '0' in 'where clause'

If 0 is manually changed to 0 it works.

The message can be seen in data/owncloud.log:

{"reqId":"WEP5biM54YdCUy3m8pEc","remoteAddr":"","app":"files_antivirus","message":"OCA\\Files_Antivirus\\BackgroundScanner::run, exception: An exception occurred while executing 'SELECT fc.`fileid` FROM `oc_filecache` fc LEFT JOIN `oc_files_antivirus` fa ON fa.`fileid` = fc.`fileid` INNER JOIN `oc_storages` ss ON (fc.`storage` = ss.`numeric_id`) AND ((ss.`id` LIKE 'local::%') OR (ss.`id` LIKE 'home::%')) WHERE (fc.`mimetype` <> '2') AND ((fa.`fileid` IS NULL) OR (fc.`mtime` > fa.`check_time`)) AND (fc.`path` LIKE 'files\/%') AND (fc.`size` <> `0`) LIMIT 5':\n\nSQLSTATE[42S22]: Column not found: 1054 Unknown column '0' in 'where clause'","level":3,"time":"2016-07-25T21:00:06+00:00","method":"--","url":"--","user":"--"}

Server configuration

Operating system: Ubuntu 14.04

Web server: Apache 2.4.7

Database: MySQL 5.5.50

PHP version:

ownCloud version: ownCloud 9.1.0 (stable)

Updated from an older ownCloud or fresh install: Yes, from 9.0.4

Where did you install ownCloud from: Ubuntu packages

Signing status (ownCloud 9.0 and above): No, because of one modified authentication app

Integrity checker has been disabled. Integrity cannot be verified.

List of activated apps:

Enabled:
  - activity: 2.3.2
  - comments: 0.3.0
  - dav: 0.2.5
  - external: true
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_antivirus: 0.9.0.0
  - files_clipboard: 0.4.2
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
  - user_external: 0.4
Disabled:
  - encryption
  - files_external
  - user_ldap

The content of config/config.php:

<?php
$CONFIG = array (
  'instanceid' => '...',
  'passwordsalt' => '...',
  'secret' => '...',
  'trusted_domains' => 
  array (
    0 => 'www.example.com',
  ),
  'datadirectory' => '/home/owncloud/data',
  'overwrite.cli.url' => 'https://www.example.com/owncloud',
  'dbtype' => 'mysql',
  'version' => '9.1.0.15',
  'dbname' => 'tgmowncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'owncloud',
  'dbpassword' => '...',
  'installed' => true,
  'forcessl' => true,
  'forceSSLforSubdomains' => true,
  'mail_smtpmode' => 'sendmail',
  'mail_from_address' => 'root',
  'mail_domain' => 'example.com',
  'ldapIgnoreNamingRules' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'trashbin_retention_obligation' => 'auto',
  'updatechecker' => false,
  'singleuser' => false,
  'htaccess.RewriteBase' => '/owncloud',
);

Are you using external storage, if yes which one: No

Are you using encryption: No

Are you using an external user-backend, if yes which one: Webdav

LDAP configuration (delete this part if not used)

Client configuration

Browser: Firefox 47.0

Operating system: Linux

Logs

Web server error log

ownCloud log (data/owncloud.log)

{"reqId":"WEP5biM54YdCUy3m8pEc","remoteAddr":"","app":"files_antivirus","message":"OCA\\Files_Antivirus\\BackgroundScanner::run, exception: An exception occurred while executing 'SELECT fc.`fileid` FROM `oc_filecache` fc LEFT JOIN `oc_files_antivirus` fa ON fa.`fileid` = fc.`fileid` INNER JOIN `oc_storages` ss ON (fc.`storage` = ss.`numeric_id`) AND ((ss.`id` LIKE 'local::%') OR (ss.`id` LIKE 'home::%')) WHERE (fc.`mimetype` <> '2') AND ((fa.`fileid` IS NULL) OR (fc.`mtime` > fa.`check_time`)) AND (fc.`path` LIKE 'files\/%') AND (fc.`size` <> `0`) LIMIT 5':\n\nSQLSTATE[42S22]: Column not found: 1054 Unknown column '0' in 'where clause'","level":3,"time":"2016-07-25T21:00:06+00:00","method":"--","url":"--","user":"--"}

Browser log

@fcturner
Contributor
fcturner commented Jul 26, 2016 edited

I have this error too, testing to fix now (waiting for 3 PM, until next cron)

@bjoernv
bjoernv commented Jul 26, 2016

The pull request #121 works for me.

@fcturner
Contributor

No it doesn't: OCAFiles_AntivirusBackgroundScanner::run, exception: Only strings, Literals and Parameters are allowed

@fcturner
Contributor

Fixed now, please check my solution again @bjoernv :
https://github.com/owncloud/files_antivirus/pull/121/files

@bjoernv
bjoernv commented Jul 31, 2016

@fcturner, I get these messages from Backgroundscanner after applying your lastest fix:

{"reqId":"2x\/laRB9XuJ61f\/UgZTw","remoteAddr":"","app":"files_antivirus","message":"OCA\\Files_Antivirus\\BackgroundScanner::run, exception: File with id \"4\" has not been found.","level":3,"time":"2016-07-31T10:15:04+00:00","method":"--","url":"--","user":"--"}
{"reqId":"2CInrwbmJRRM+4cGSOpQ","remoteAddr":"","app":"files_antivirus","message":"OCA\\Files_Antivirus\\BackgroundScanner::run, exception: File with id \"4\" has not been found.","level":3,"time":"2016-07-31T10:45:01+00:00","method":"--","url":"--","user":"--"}
@VicDeo VicDeo closed this in #121 Aug 1, 2016
@VicDeo VicDeo added the bug label Aug 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment