[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OSSTEST PATCH v2 04/41] SQL: Fix incorrect LIKE pattern syntax (program variables)



In two places the pattern for LIKE is constructed programmatically.
In this case, too, we need to escape % and _.

We pass the actual pattern (or pattern fragment) via ?, so we do not
need to worry about '.

Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
New in v2.
---
 Osstest.pm                 | 8 +++++++-
 Osstest/JobDB/Executive.pm | 2 +-
 sg-report-host-history     | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/Osstest.pm b/Osstest.pm
index 63dddd95..b2b6b741 100644
--- a/Osstest.pm
+++ b/Osstest.pm
@@ -39,7 +39,7 @@ BEGIN {
                       main_revision_job_cond other_revision_job_suffix
                       $dbh_tests db_retry db_retry_retry db_retry_abort
                      db_readonly_report
-                      db_begin_work db_prepare
+                      db_begin_work db_prepare db_quote_like_pattern
                       get_harness_rev blessing_must_not_modify_host
                       ensuredir get_filecontents_core_quiet system_checked
                       nonempty visible_undef show_abs_time
@@ -358,6 +358,12 @@ sub postfork () {
     $mjobdb->jobdb_postfork();
 }
 
+sub db_quote_like_pattern ($) {
+    local ($_) = @_;
+    s{[_%\\]}{\\$&}g;
+    $_;
+}
+
 #---------- script entrypoints ----------
 
 sub csreadconfig () {
diff --git a/Osstest/JobDB/Executive.pm b/Osstest/JobDB/Executive.pm
index be5588fc..39deb8a2 100644
--- a/Osstest/JobDB/Executive.pm
+++ b/Osstest/JobDB/Executive.pm
@@ -143,7 +143,7 @@ sub _check_testdbs ($) {
              AND live
              AND username LIKE (? || '@%')
 END
-    $sth->execute($c{Username});
+    $sth->execute(db_quote_like_pattern($c{Username}));
     my $allok = 1;
     while (my $row = $sth->fetchrow_hashref()) {
        next if $row->{dbname} =~ m/^$re$/o;
diff --git a/sg-report-host-history b/sg-report-host-history
index 7505b18b..9730ae7a 100755
--- a/sg-report-host-history
+++ b/sg-report-host-history
@@ -380,7 +380,8 @@ END
            $runvarq_hits++;
        } else {
            $runvarq_misses++;
-           $jrunvarq->execute($jr->{flight}, $jr->{job}, $ident);
+           $jrunvarq->execute($jr->{flight}, $jr->{job},
+                              db_quote_like_pattern($ident));
            my %runvars;
            while (my ($n, $v) = $jrunvarq->fetchrow_array()) {
                $runvars{$n} = $v;
-- 
2.20.1




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.