From 187db7e6f501ad48de19c6396acb77503ba5e995 Mon Sep 17 00:00:00 2001 From: Marvin Scham Date: Wed, 28 Jun 2023 00:44:07 +0200 Subject: [PATCH] Patched potential security risk --- .../data/connector/SQLiteConnector.java | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/main/java/de/rwu/easydrop/data/connector/SQLiteConnector.java b/src/main/java/de/rwu/easydrop/data/connector/SQLiteConnector.java index c38d63b..fff1cc8 100644 --- a/src/main/java/de/rwu/easydrop/data/connector/SQLiteConnector.java +++ b/src/main/java/de/rwu/easydrop/data/connector/SQLiteConnector.java @@ -369,33 +369,28 @@ public final class SQLiteConnector implements @Override public void clearTXData() { - flushTable("transactions"); + runDeletionQuery("DELETE FROM transactions;"); } @Override public void clearOfferData() { - flushTable("offers"); + runDeletionQuery("DELETE FROM offers;"); } @Override public void clearProductData() { - flushTable("products"); + runDeletionQuery("DELETE FROM products;"); } /** - * Flushes all data from the specified table. + * Flushes all data using the specified query. * - * @param table + * @param query */ - private void flushTable(final String table) { + private void runDeletionQuery(final String query) { try (Connection connection = db.getConnection(); Statement statement = connection.createStatement()) { - if (table.matches("[\\w]+")) { - String query = "DELETE FROM " + table + ";"; - statement.executeUpdate(query); - } else { - throw new PersistenceException("Table name contains illegal characters"); - } + statement.executeUpdate(query); } catch (SQLException e) { throw new PersistenceException("Something went wrong while clearing the database", e); }