All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.mariadb.r2dbc.util.Security Maven / Gradle / Ivy

The newest version!
// SPDX-License-Identifier: Apache-2.0
// Copyright (c) 2020-2024 MariaDB Corporation Ab

package org.mariadb.r2dbc.util;

import java.util.HashMap;
import java.util.Map;

public class Security {

  /**
   * Parse the option "sessionVariable" to ensure having no injection. semi-column not in string
   * will be replaced by comma.
   *
   * @param sessionVariable option value
   * @return parsed String
   */
  public static Map parseSessionVariables(String sessionVariable) {
    Map out = new HashMap<>();
    StringBuilder sb = new StringBuilder();
    Parse state = Parse.Normal;
    boolean iskey = true;
    boolean singleQuotes = true;
    String key = null;
    boolean isString = false;

    char[] chars = sessionVariable.toCharArray();

    for (char car : chars) {

      if (state == Parse.Escape) {
        sb.append(car);
        state = Parse.String;
        continue;
      }

      switch (car) {
        case '"':
          if (state == Parse.Normal) {
            state = Parse.String;
            singleQuotes = false;
            isString = true;
          } else if (!singleQuotes) {
            state = Parse.Normal;
          }
          break;

        case '\'':
          if (state == Parse.Normal) {
            state = Parse.String;
            isString = true;
            singleQuotes = true;
          } else if (singleQuotes) {
            state = Parse.Normal;
          }
          break;

        case '\\':
          if (state == Parse.String) {
            state = Parse.Escape;
          }
          break;

        case ';':
        case ',':
          if (state == Parse.Normal) {
            if (!iskey) {
              String valStr = sb.substring(1);
              out.put(key, parseObject(valStr, isString));
              isString = false;
            } else {
              key = sb.toString().trim();
              if (!key.isEmpty()) {
                out.put(key, null);
              }
            }
            iskey = true;
            key = null;
            sb = new StringBuilder();
            continue;
          }
          break;

        case '=':
          if (state == Parse.Normal && iskey) {
            key = sb.toString().trim();
            iskey = false;
            isString = false;
            sb = new StringBuilder();
          }
          break;

        default:
          // nothing
      }

      sb.append(car);
    }

    if (!iskey) {
      String valStr = sb.substring(1);
      out.put(key, parseObject(valStr, isString));
    } else {
      String tmpkey = sb.toString().trim();
      out.put(tmpkey, null);
    }
    return out;
  }

  private static Object parseObject(String valStr, boolean isString) {
    if (!isString) {
      if (valStr.indexOf(".") > 0) {
        try {
          return Double.parseDouble(valStr);
        } catch (Exception e) {
        }
      } else {
        try {
          return Integer.parseInt(valStr);
        } catch (Exception e) {
        }
      }
    }
    return valStr;
  }

  private enum Parse {
    Normal,
    String, /* inside string */
    Escape /* found backslash */
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy