Skip to content
This repository has been archived by the owner on Aug 30, 2019. It is now read-only.

obfuscate: add exception when parsing empty-string identifiers #514

Merged
merged 4 commits into from
Nov 5, 2018
Merged

obfuscate: add exception when parsing empty-string identifiers #514

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a3e47cb
[sql] adding test to expose problem in issue #316
ufoot Nov 2, 2018
f55fb86
obfuscate: add sub-tests to allow running individual test cases
gbbr Nov 5, 2018
c4a5ec0
obfuscate: add more test cases and an exception
gbbr Nov 5, 2018
08f9853
obfuscate: optimize whitespace verification
gbbr Nov 5, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 26 additions & 6 deletions obfuscate/sql_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,6 @@ func TestSQLResourceWithError(t *testing.T) {
}

func TestSQLQuantizer(t *testing.T) {
assert := assert.New(t)

cases := []sqlTestCase{
{
"select * from users where id = 42",
Expand Down Expand Up @@ -340,6 +338,26 @@ FROM [Blogs] AS [b]
ORDER BY [b].[Name]`,
`SELECT [ b ] . [ BlogId ], [ b ] . [ Name ] FROM [ Blogs ] ORDER BY [ b ] . [ Name ]`,
},
{
`SELECT * FROM users WHERE firstname=''`,
`SELECT * FROM users WHERE firstname = ?`,
},
{
`SELECT * FROM users WHERE firstname=' '`,
`SELECT * FROM users WHERE firstname = ?`,
},
{
`SELECT * FROM users WHERE firstname=""`,
`SELECT * FROM users WHERE firstname = ""`,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds to me the problem is solved here, indeed.

},
{
`SELECT * FROM users WHERE lastname=" "`,
`SELECT * FROM users WHERE lastname = ""`,
},
{
`SELECT * FROM users WHERE lastname=" "`,
`SELECT * FROM users WHERE lastname = ""`,
},
{
`SELECT [b].[BlogId], [b].[Name]
FROM [Blogs] AS [b
Expand All @@ -348,10 +366,12 @@ ORDER BY [b].[Name]`,
},
}

for _, c := range cases {
s := SQLSpan(c.query)
NewObfuscator(nil).Obfuscate(s)
assert.Equal(c.expected, s.Resource)
for i, c := range cases {
t.Run(strconv.Itoa(i), func(t *testing.T) {
s := SQLSpan(c.query)
NewObfuscator(nil).Obfuscate(s)
assert.Equal(t, c.expected, s.Resource)
})
}
}

Expand Down
10 changes: 9 additions & 1 deletion obfuscate/sql_tokenizer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,15 @@ func (tkn *Tokenizer) scanString(delim uint16, typ int) (int, []byte) {
}
buffer.WriteByte(byte(ch))
}
return typ, buffer.Bytes()
buf := buffer.Bytes()
if typ == ID && len(buf) == 0 || len(bytes.TrimSpace(buf)) == 0 {
// This string is an empty or white-space only identifier.
// We should keep the start and end delimiters in order to
// avoid creating invalid queries.
// See: https://github.com/DataDog/datadog-trace-agent/issues/316
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

return typ, []byte{byte(delim), byte(delim)}
}
return typ, buf
}

func (tkn *Tokenizer) scanCommentType1(prefix string) (int, []byte) {
Expand Down