From bc3928da5ab8eec0eeb9c13353ca63a4a7a4e166 Mon Sep 17 00:00:00 2001 From: James <49045138+ghidracadabra@users.noreply.github.com> Date: Tue, 5 May 2026 09:39:18 -0400 Subject: [PATCH] GP-6736 escape bsim filter data --- .../bsim/gui/filters/ExecutableNameBSimFilterType.java | 6 +++++- .../bsim/gui/filters/NotExecutableNameBSimFilterType.java | 6 +++++- .../features/bsim/gui/filters/PathStartsBSimFilterType.java | 6 +++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/ExecutableNameBSimFilterType.java b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/ExecutableNameBSimFilterType.java index 710e75a253..01e345bc29 100644 --- a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/ExecutableNameBSimFilterType.java +++ b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/ExecutableNameBSimFilterType.java @@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters; import java.sql.SQLException; +import org.postgresql.core.Utils; + import ghidra.features.bsim.query.client.IDSQLResolution; import ghidra.features.bsim.query.client.SQLEffects; import ghidra.features.bsim.query.description.ExecutableRecord; @@ -39,7 +41,9 @@ public class ExecutableNameBSimFilterType extends BSimFilterType { throws SQLException { effect.setExeTable(); StringBuilder buf = new StringBuilder(); - buf.append("exetable.name_exec = '").append(atom.value).append('\''); + buf.append("exetable.name_exec = '"); + Utils.escapeLiteral(buf, atom.value, true); + buf.append('\''); effect.addWhere(this, buf.toString()); } diff --git a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/NotExecutableNameBSimFilterType.java b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/NotExecutableNameBSimFilterType.java index 1d986fcd9f..6498b6d4f8 100644 --- a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/NotExecutableNameBSimFilterType.java +++ b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/NotExecutableNameBSimFilterType.java @@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters; import java.sql.SQLException; +import org.postgresql.core.Utils; + import ghidra.features.bsim.query.client.IDSQLResolution; import ghidra.features.bsim.query.client.SQLEffects; import ghidra.features.bsim.query.description.ExecutableRecord; @@ -38,7 +40,9 @@ public class NotExecutableNameBSimFilterType extends BSimFilterType { throws SQLException { effect.setExeTable(); StringBuilder buf = new StringBuilder(); - buf.append("exetable.name_exec != '").append(atom.value).append('\''); + buf.append("exetable.name_exec != '"); + Utils.escapeLiteral(buf, atom.value, true); + buf.append('\''); effect.addWhere(this, buf.toString()); } diff --git a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/PathStartsBSimFilterType.java b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/PathStartsBSimFilterType.java index acecb6fa43..c3d06725d5 100644 --- a/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/PathStartsBSimFilterType.java +++ b/Ghidra/Features/BSim/src/main/java/ghidra/features/bsim/gui/filters/PathStartsBSimFilterType.java @@ -17,6 +17,8 @@ package ghidra.features.bsim.gui.filters; import java.sql.SQLException; +import org.postgresql.core.Utils; + import ghidra.features.bsim.query.client.IDSQLResolution; import ghidra.features.bsim.query.client.SQLEffects; import ghidra.features.bsim.query.description.ExecutableRecord; @@ -40,7 +42,9 @@ public class PathStartsBSimFilterType extends BSimFilterType { effect.setExeTable(); effect.setPathTable(); StringBuilder buf = new StringBuilder(); - buf.append("position( \'").append(atom.value).append("\' in pathtable.val) = 1"); + buf.append("position( '"); + Utils.escapeLiteral(buf, atom.value, true); + buf.append("' in pathtable.val) = 1"); effect.addWhere(this, buf.toString()); } }