[MCOL-1652] DELETE with a non-INT WHERE condition on an INT column fails - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Won't Do
Affects Version/s: 1.1.5
Fix Version/s: Icebox
Component/s: DMLProc
Labels:
None
Environment:
Ubuntu 18.04

Description

If I delete an escaped statement that contains a single quotation mark through Java PreparedStatements it is deleted in InnoDB tables but not in ColumnStore tables.

The injection seems fine though.

I attached Java example code to reproduce the bug.

Please change the server credentials according to your setup.
I used a remote connection from Windows 10 to CS on Ubuntu 18.04.

Error string that is not deleted in CS:

ab';CREATE TABLE pwnd (i int) engine=columnstore; --

Output of the demo:

number of rows in inno_escape before insert: 0

number of rows in cs_escape before insert: 0

number of rows in inno_escape after insert: 1

number of rows in cs_escape after insert: 1

number of rows in inno_escape after delete: 0

number of rows in cs_escape after delete: 1

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

CSEscapeBug.java
3 kB
2018-08-15 17:58

Issue Links

blocks

MCOL-1284 Informatica Bulk Write Adapter

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Jens Röwekamp (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018-08-15 00:26

Updated:: 2022-11-05 04:15

Resolved:: 2022-11-05 04:15

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.