MonetDB: Jul2015 - Properly escape all PCRE special characters.

Sjoerd Mullender Mon, 31 Aug 2015 07:44:17 -0700

Changeset: adf405e7edb0 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=adf405e7edb0
Added Files:
        sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.sql
        sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.err
        sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.out
Modified Files:
        monetdb5/modules/mal/pcre.c
        sql/test/BugTracker-2015/Tests/All
Branch: Jul2015
Log Message:


Properly escape all PCRE special characters.
This fixes bug 3800.


diffs (248 lines):

diff --git a/monetdb5/modules/mal/pcre.c b/monetdb5/modules/mal/pcre.c
--- a/monetdb5/modules/mal/pcre.c
+++ b/monetdb5/modules/mal/pcre.c
@@ -790,6 +790,9 @@ pcre_match_with_flags(bit *ret, const ch
        return MAL_SUCCEED;
 }
 
+/* special characters in PCRE that need to be escaped */
+static const char *pcre_specials = ".+?*()[]{}|^$\\";
+
 /* change SQL LIKE pattern into PCRE pattern */
 static str
 sql2pcre(str *r, const char *pat, const char *esc_str)
@@ -812,7 +815,7 @@ sql2pcre(str *r, const char *pat, const 
         * expression.  If the user used the "+" char as escape and has "++"
         * in its pattern, then replacing this with "+" is not correct and
         * should be "\+" instead. */
-       specials = (*esc_str && strchr( ".+*()[]|", esc) != NULL);
+       specials = (*esc_str && strchr(pcre_specials, esc) != NULL);
 
        *ppat++ = '^';
        while ((c = *pat++) != 0) {
@@ -829,7 +832,7 @@ sql2pcre(str *r, const char *pat, const 
                                escaped = 1;
                        }
                        hasWildcard = 1;
-               } else if (strchr(".?+*()[]|\\", c) != NULL) {
+               } else if (strchr(pcre_specials, c) != NULL) {
                        /* escape PCRE special chars, avoid double backslash if 
the
                         * user uses an invalid escape sequence */
                        if (!escaped)
@@ -881,7 +884,7 @@ pat2pcre(str *r, const char *pat)
        while (*pat) {
                int c = *pat++;
 
-               if (strchr( ".+*()|\\", c) != NULL) {
+               if (strchr(pcre_specials, c) != NULL) {
                        *ppat++ = '\\';
                        *ppat++ = c;
                } else if (c == '%') {
diff --git a/sql/test/BugTracker-2015/Tests/All 
b/sql/test/BugTracker-2015/Tests/All
--- a/sql/test/BugTracker-2015/Tests/All
+++ b/sql/test/BugTracker-2015/Tests/All
@@ -53,3 +53,4 @@ set_default_role.Bug-3364
 useless_casts.Bug-3756
 sum_interval.Bug-3785
 nil_cast.Bug-3787
+sql2pcre.Bug-3800
diff --git a/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.sql 
b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.sql
new file mode 100644
--- /dev/null
+++ b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.sql
@@ -0,0 +1,15 @@
+SELECT '\\a' LIKE '\\\\a';
+SELECT '\\a' LIKE '\\\\\\\\a';
+SELECT 'xa' LIKE '_a{1}';
+SELECT 'xa$b' LIKE '_a$b';
+
+CREATE FUNCTION sql2pcre(pat TEXT, esc TEXT) RETURNS TEXT EXTERNAL NAME 
pcre.sql2pcre;
+
+SELECT sql2pcre('a', '\\');
+SELECT sql2pcre('_', '\\');
+SELECT sql2pcre('%', '\\');
+SELECT sql2pcre('_??', '?');
+SELECT sql2pcre('_{', '\\');
+SELECT sql2pcre('%^%', '\\');
+
+DROP FUNCTION sql2pcre;
diff --git a/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.err 
b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.err
new file mode 100644
--- /dev/null
+++ b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.err
@@ -0,0 +1,37 @@
+stderr of test 'sql2pcre.Bug-3800` in directory 'sql/test/BugTracker-2015` 
itself:
+
+
+# 16:37:27 >  
+# 16:37:27 >  "mserver5" "--debug=10" "--set" "gdk_nr_threads=0" "--set" 
"mapi_open=true" "--set" "mapi_port=30760" "--set" 
"mapi_usock=/var/tmp/mtest-19633/.s.monetdb.30760" "--set" "monet_prompt=" 
"--forcemito" "--set" "mal_listing=2" 
"--dbpath=/ufs/sjoerd/Monet-candidate/var/MonetDB/mTests_sql_test_BugTracker-2015"
 "--set" "mal_listing=0" "--set" "embedded_r=yes"
+# 16:37:27 >  
+
+# builtin opt  gdk_dbpath = 
/ufs/sjoerd/Monet-candidate/var/monetdb5/dbfarm/demo
+# builtin opt  gdk_debug = 0
+# builtin opt  gdk_vmtrim = no
+# builtin opt  monet_prompt = >
+# builtin opt  monet_daemon = no
+# builtin opt  mapi_port = 50000
+# builtin opt  mapi_open = false
+# builtin opt  mapi_autosense = false
+# builtin opt  sql_optimizer = default_pipe
+# builtin opt  sql_debug = 0
+# cmdline opt  gdk_nr_threads = 0
+# cmdline opt  mapi_open = true
+# cmdline opt  mapi_port = 30760
+# cmdline opt  mapi_usock = /var/tmp/mtest-19633/.s.monetdb.30760
+# cmdline opt  monet_prompt = 
+# cmdline opt  mal_listing = 2
+# cmdline opt  gdk_dbpath = 
/ufs/sjoerd/Monet-candidate/var/MonetDB/mTests_sql_test_BugTracker-2015
+# cmdline opt  mal_listing = 0
+# cmdline opt  embedded_r = yes
+# cmdline opt  gdk_debug = 536870922
+
+# 16:37:27 >  
+# 16:37:27 >  "mclient" "-lsql" "-ftest" "-Eutf-8" "-i" "-e" 
"--host=/var/tmp/mtest-19633" "--port=30760"
+# 16:37:27 >  
+
+
+# 16:37:27 >  
+# 16:37:27 >  "Done."
+# 16:37:27 >  
+
diff --git a/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.out 
b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.out
new file mode 100644
--- /dev/null
+++ b/sql/test/BugTracker-2015/Tests/sql2pcre.Bug-3800.stable.out
@@ -0,0 +1,133 @@
+stdout of test 'sql2pcre.Bug-3800` in directory 'sql/test/BugTracker-2015` 
itself:
+
+
+# 16:37:27 >  
+# 16:37:27 >  "mserver5" "--debug=10" "--set" "gdk_nr_threads=0" "--set" 
"mapi_open=true" "--set" "mapi_port=30760" "--set" 
"mapi_usock=/var/tmp/mtest-19633/.s.monetdb.30760" "--set" "monet_prompt=" 
"--forcemito" "--set" "mal_listing=2" 
"--dbpath=/ufs/sjoerd/Monet-candidate/var/MonetDB/mTests_sql_test_BugTracker-2015"
 "--set" "mal_listing=0" "--set" "embedded_r=yes"
+# 16:37:27 >  
+
+# MonetDB 5 server v11.21.6 (hg id: a9574fa5b4ff+)
+# This is an unreleased version
+# Serving database 'mTests_sql_test_BugTracker-2015', using 8 threads
+# Compiled for x86_64-unknown-linux-gnu/64bit with 64bit OIDs and 128bit 
integers dynamically linked
+# Found 15.590 GiB available main-memory.
+# Copyright (c) 1993-July 2008 CWI.
+# Copyright (c) August 2008-2015 MonetDB B.V., all rights reserved
+# Visit http://www.monetdb.org/ for further information
+# Listening for connection requests on mapi:monetdb://madrid.ins.cwi.nl:30760/
+# Listening for UNIX domain connection requests on 
mapi:monetdb:///var/tmp/mtest-19633/.s.monetdb.30760
+# MonetDB/GIS module loaded
+# Start processing logs sql/sql_logs version 52200
+# Finished processing logs sql/sql_logs
+# MonetDB/SQL module loaded
+# MonetDB/R   module loaded
+
+Ready.
+# SQL catalog created, loading sql scripts once
+# loading sql script: 09_like.sql
+# loading sql script: 10_math.sql
+# loading sql script: 11_times.sql
+# loading sql script: 12_url.sql
+# loading sql script: 13_date.sql
+# loading sql script: 14_inet.sql
+# loading sql script: 15_querylog.sql
+# loading sql script: 16_tracelog.sql
+# loading sql script: 17_temporal.sql
+# loading sql script: 20_vacuum.sql
+# loading sql script: 21_dependency_functions.sql
+# loading sql script: 22_clients.sql
+# loading sql script: 23_skyserver.sql
+# loading sql script: 24_zorder.sql
+# loading sql script: 25_debug.sql
+# loading sql script: 26_sysmon.sql
+# loading sql script: 27_rejects.sql
+# loading sql script: 39_analytics.sql
+# loading sql script: 39_analytics_hge.sql
+# loading sql script: 40_geom.sql
+# loading sql script: 40_json.sql
+# loading sql script: 40_json_hge.sql
+# loading sql script: 41_md5sum.sql
+# loading sql script: 45_uuid.sql
+# loading sql script: 46_gsl.sql
+# loading sql script: 51_sys_schema_extension.sql
+# loading sql script: 72_fits.sql
+# loading sql script: 74_netcdf.sql
+# loading sql script: 75_storagemodel.sql
+# loading sql script: 80_statistics.sql
+# loading sql script: 80_udf.sql
+# loading sql script: 80_udf_hge.sql
+# loading sql script: 85_bam.sql
+# loading sql script: 90_generator.sql
+# loading sql script: 90_generator_hge.sql
+# loading sql script: 99_system.sql
+
+# 16:37:27 >  
+# 16:37:27 >  "mclient" "-lsql" "-ftest" "-Eutf-8" "-i" "-e" 
"--host=/var/tmp/mtest-19633" "--port=30760"
+# 16:37:27 >  
+
+#SELECT '\\a' LIKE '\\\\a';
+% .L # table_name
+% like_single_value # name
+% boolean # type
+% 5 # length
+[ true ]
+#SELECT '\\a' LIKE '\\\\\\\\a';
+% .L # table_name
+% like_single_value # name
+% boolean # type
+% 5 # length
+[ false        ]
+#SELECT 'xa' LIKE '_a{1}';
+% .L # table_name
+% like_single_value # name
+% boolean # type
+% 5 # length
+[ false        ]
+#SELECT 'xa$b' LIKE '_a$b';
+% .L # table_name
+% like_single_value # name
+% boolean # type
+% 5 # length
+[ true ]
+#CREATE FUNCTION sql2pcre(pat TEXT, esc TEXT) RETURNS TEXT EXTERNAL NAME 
pcre.sql2pcre;
+#SELECT sql2pcre('a', '\\');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 0 # length
+[ NULL ]
+#SELECT sql2pcre('_', '\\');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 3 # length
+[ "^.$"        ]
+#SELECT sql2pcre('%', '\\');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 4 # length
+[ "^.*$"       ]
+#SELECT sql2pcre('_??', '?');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 5 # length
+[ "^.\\?$"     ]
+#SELECT sql2pcre('_{', '\\');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 5 # length
+[ "^.\\{$"     ]
+#SELECT sql2pcre('%^%', '\\');
+% .L # table_name
+% sql2pcre_single_value # name
+% clob # type
+% 8 # length
+[ "^.*\\^.*$"  ]
+#DROP FUNCTION sql2pcre;
+
+# 16:37:27 >  
+# 16:37:27 >  "Done."
+# 16:37:27 >  
+
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

MonetDB: Jul2015 - Properly escape all PCRE special characters.

Reply via email to