Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-30 00:05:31 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

GP-6722 improve postgresfunctiondatabase

Browse Source
This commit is contained in:
James
2026-05-05 09:38:45 -04:00
parent 6bf90dbe9f
commit 4c7b1f57d0
1 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/query/client/PostgresFunctionDatabase.java
+15 -14
View File
@@ -22,6 +22,8 @@ import java.util.*;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.postgresql.core.Utils;
import generic.lsh.vector.LSHVector; import generic.lsh.vector.LSHVector;
import generic.lsh.vector.WeightedLSHCosineVectorFactory; import generic.lsh.vector.WeightedLSHCosineVectorFactory;
import ghidra.features.bsim.query.*; import ghidra.features.bsim.query.*;
@@ -104,15 +106,10 @@ public final class PostgresFunctionDatabase
private void changePassword(Connection c, String username, char[] newPassword) private void changePassword(Connection c, String username, char[] newPassword)
throws SQLException { throws SQLException {
StringBuilder buffer = new StringBuilder(); StringBuilder buffer = new StringBuilder();
buffer.append("ALTER ROLE \""); buffer.append("ALTER ROLE ");
buffer.append(username); Utils.escapeIdentifier(buffer, username);
buffer.append("\" WITH PASSWORD '"); buffer.append(" WITH PASSWORD '");
for (char ch : newPassword) { Utils.escapeLiteral(buffer, new String(newPassword), true);
if (ch == '\'') {
buffer.append(ch); // Escape single quote by appending it twice
}
buffer.append(ch);
}
buffer.append('\''); buffer.append('\'');
// Don't think jdbc does anything to this statement to encrypt password before sending it. // Don't think jdbc does anything to this statement to encrypt password before sending it.
// The connection with the server SHOULD be under SSL at this point // The connection with the server SHOULD be under SSL at this point
@@ -194,11 +191,12 @@ public final class PostgresFunctionDatabase
BSimServerInfo defaultServerInfo = BSimServerInfo defaultServerInfo =
new BSimServerInfo(DBType.postgres, serverInfo.getUserInfo(), new BSimServerInfo(DBType.postgres, serverInfo.getUserInfo(),
serverInfo.getServerName(), serverInfo.getPort(), DEFAULT_DATABASE_NAME); serverInfo.getServerName(), serverInfo.getPort(), DEFAULT_DATABASE_NAME);
String createdbstring = "CREATE DATABASE \"" + serverInfo.getDBName() + '"'; StringBuilder sb = new StringBuilder("CREATE DATABASE ");
Utils.escapeIdentifier(sb, serverInfo.getDBName());
BSimPostgresDataSource defaultDs = BSimPostgresDataSource defaultDs =
BSimPostgresDBConnectionManager.getDataSource(defaultServerInfo); BSimPostgresDBConnectionManager.getDataSource(defaultServerInfo);
try (Connection db = defaultDs.getConnection(); Statement st = db.createStatement()) { try (Connection db = defaultDs.getConnection(); Statement st = db.createStatement()) {
st.executeUpdate(createdbstring); st.executeUpdate(sb.toString());
postgresDs.initializeFrom(defaultDs); postgresDs.initializeFrom(defaultDs);
} }
} }
@@ -264,8 +262,9 @@ public final class PostgresFunctionDatabase
try (Connection defaultDb = defaultDs.getConnection(); try (Connection defaultDb = defaultDs.getConnection();
Statement defaultSt = defaultDb.createStatement()) { Statement defaultSt = defaultDb.createStatement()) {
try (ResultSet rs = defaultSt.executeQuery( StringBuilder sb = new StringBuilder("SELECT 1 FROM pg_database WHERE datname= ");
"SELECT 1 FROM pg_database WHERE datname='" + serverInfo.getDBName() + "'")) { Utils.escapeIdentifier(sb, serverInfo.getDBName());
try (ResultSet rs = defaultSt.executeQuery(sb.toString())) {
if (!rs.next()) { if (!rs.next()) {
return; // database does not exist return; // database does not exist
} }
@@ -292,7 +291,9 @@ public final class PostgresFunctionDatabase
postgresDs.dispose(); // disconnect before dropping database postgresDs.dispose(); // disconnect before dropping database
Msg.info(this, "Dropping BSim postgresql database: " + serverInfo); Msg.info(this, "Dropping BSim postgresql database: " + serverInfo);
defaultSt.executeUpdate("DROP DATABASE \"" + serverInfo.getDBName() + '"'); sb = new StringBuilder("DROP DATABASE ");
Utils.escapeIdentifier(sb, serverInfo.getDBName());
defaultSt.executeUpdate(sb.toString());
} }
finally { finally {
// ensure // ensure