Merge remote-tracking branch 'origin/Ghidra_12.1'

2026-05-29 02:45:31 +08:00 · 2026-05-05 11:28:28 -04:00
parent 49155d2384 554bc21e41
commit 58bc98ec86
7 changed files with 52 additions and 23 deletions
@@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters;

 import java.sql.SQLException;

+import org.postgresql.core.Utils;
+
 import ghidra.features.bsim.query.client.IDSQLResolution;
 import ghidra.features.bsim.query.client.SQLEffects;
 import ghidra.features.bsim.query.description.ExecutableRecord;
@@ -39,7 +41,9 @@ public class ExecutableNameBSimFilterType extends BSimFilterType {
 			throws SQLException {
 		effect.setExeTable();
 		StringBuilder buf = new StringBuilder();
-		buf.append("exetable.name_exec = '").append(atom.value).append('\'');
+		buf.append("exetable.name_exec = '");
+		Utils.escapeLiteral(buf, atom.value, true);
+		buf.append('\'');
 		effect.addWhere(this, buf.toString());
 	}

@@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters;

 import java.sql.SQLException;

+import org.postgresql.core.Utils;
+
 import ghidra.features.bsim.query.client.IDSQLResolution;
 import ghidra.features.bsim.query.client.SQLEffects;
 import ghidra.features.bsim.query.description.ExecutableRecord;
@@ -38,7 +40,9 @@ public class NotExecutableNameBSimFilterType extends BSimFilterType {
 			throws SQLException {
 		effect.setExeTable();
 		StringBuilder buf = new StringBuilder();
-		buf.append("exetable.name_exec != '").append(atom.value).append('\'');
+		buf.append("exetable.name_exec != '");
+		Utils.escapeLiteral(buf, atom.value, true);
+		buf.append('\'');
 		effect.addWhere(this, buf.toString());
 	}

@@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters;

 import java.sql.SQLException;

+import org.postgresql.core.Utils;
+
 import ghidra.features.bsim.query.client.IDSQLResolution;
 import ghidra.features.bsim.query.client.SQLEffects;
 import ghidra.features.bsim.query.description.ExecutableRecord;
@@ -40,7 +42,9 @@ public class PathStartsBSimFilterType extends BSimFilterType {
 			effect.setExeTable();
 			effect.setPathTable();
 			StringBuilder buf = new StringBuilder();
-			buf.append("position( \'").append(atom.value).append("\' in pathtable.val) = 1");
+			buf.append("position( '");
+			Utils.escapeLiteral(buf, atom.value, true);
+			buf.append("' in pathtable.val) = 1");
 			effect.addWhere(this, buf.toString());
 		}
 	}
@@ -22,6 +22,8 @@ import java.util.*;
 import java.util.logging.Level;
 import java.util.logging.Logger;

+import org.postgresql.core.Utils;
+
 import generic.lsh.vector.LSHVector;
 import generic.lsh.vector.WeightedLSHCosineVectorFactory;
 import ghidra.features.bsim.query.*;
@@ -104,15 +106,10 @@ public final class PostgresFunctionDatabase
 	private void changePassword(Connection c, String username, char[] newPassword)
 			throws SQLException {
 		StringBuilder buffer = new StringBuilder();
-		buffer.append("ALTER ROLE \"");
-		buffer.append(username);
-		buffer.append("\" WITH PASSWORD '");
-		for (char ch : newPassword) {
-			if (ch == '\'') {
-				buffer.append(ch);		// Escape single quote by appending it twice
-			}
-			buffer.append(ch);
-		}
+		buffer.append("ALTER ROLE ");
+		Utils.escapeIdentifier(buffer, username);
+		buffer.append(" WITH PASSWORD '");
+		Utils.escapeLiteral(buffer, new String(newPassword), true);
 		buffer.append('\'');
 		// Don't think jdbc does anything to this statement to encrypt password before sending it.
 		// The connection with the server SHOULD be under SSL at this point
@@ -194,11 +191,12 @@ public final class PostgresFunctionDatabase
 		BSimServerInfo defaultServerInfo =
 			new BSimServerInfo(DBType.postgres, serverInfo.getUserInfo(),
 				serverInfo.getServerName(), serverInfo.getPort(), DEFAULT_DATABASE_NAME);
-		String createdbstring = "CREATE DATABASE \"" + serverInfo.getDBName() + '"';
+		StringBuilder sb = new StringBuilder("CREATE DATABASE ");
+		Utils.escapeIdentifier(sb, serverInfo.getDBName());
 		BSimPostgresDataSource defaultDs =
 			BSimPostgresDBConnectionManager.getDataSource(defaultServerInfo);
 		try (Connection db = defaultDs.getConnection(); Statement st = db.createStatement()) {
-			st.executeUpdate(createdbstring);
+			st.executeUpdate(sb.toString());
 			postgresDs.initializeFrom(defaultDs);
 		}
 	}
@@ -264,8 +262,9 @@ public final class PostgresFunctionDatabase

 		try (Connection defaultDb = defaultDs.getConnection();
 				Statement defaultSt = defaultDb.createStatement()) {
-			try (ResultSet rs = defaultSt.executeQuery(
-				"SELECT 1 FROM pg_database WHERE datname='" + serverInfo.getDBName() + "'")) {
+			StringBuilder sb = new StringBuilder("SELECT 1 FROM pg_database WHERE datname= ");
+			Utils.escapeIdentifier(sb, serverInfo.getDBName());
+			try (ResultSet rs = defaultSt.executeQuery(sb.toString())) {
 				if (!rs.next()) {
 					return; // database does not exist
 				}
@@ -292,7 +291,9 @@ public final class PostgresFunctionDatabase
 			postgresDs.dispose(); // disconnect before dropping database

 			Msg.info(this, "Dropping BSim postgresql database: " + serverInfo);
-			defaultSt.executeUpdate("DROP DATABASE \"" + serverInfo.getDBName() + '"');
+			sb = new StringBuilder("DROP DATABASE ");
+			Utils.escapeIdentifier(sb, serverInfo.getDBName());
+			defaultSt.executeUpdate(sb.toString());
 		}
 		finally {
 			// ensure 
@@ -39,6 +39,7 @@ sun.security.x509.X509CertImpl;

 java.rmi.server.UID;
 java.rmi.server.ObjID;
+[Ljava.rmi.server.ObjID;

 java.rmi.dgc.DGC;
 java.rmi.dgc.Lease;