Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26952

detect RTL-LTR abuse in SQL statements

    XMLWordPrintable

Details

    • Task
    • Status: Open (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      one can create an string that switches between LTR and RTL, generating a misleading SQL statement that will be interpreted differently by a text viewer (like a browser) and a database engine. For example,

      select 'א' , 100 ; -- ; 'א' actually

      While not really a bug, we can still prevent some cases exploiting this. There can be no valid use (as far as I understand) for an RTL text happening outside of string literals, comments and, perhaps, identifiers. A parser can detect that and abort the query as invalid.

      In the example above, a switch to RTL happens inside the string literal, but then it crosses the literal boundary, the statement boundary, the comment boundary, and switches back to LTR inside the comment. This violates the rule as described above.

      Attachments

        Activity

          People

            Unassigned Unassigned
            serg Sergei Golubchik
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.