Skip to content

Commit

Permalink
Update sqlite-jdbc to 3.41.2.2 to address CVE-2023-32697 (#1667)
Browse files Browse the repository at this point in the history
* Update sqlite-jdbc to 3.41.2.2 to address CVE-2023-32697

Signed-off-by: MaxKsyunz <[email protected]>

* Don't check column names on H2 results for correctness tests as described in #1667 (comment).

Signed-off-by: Yury-Fridlyand <[email protected]>

* Address PR review comment.

Signed-off-by: Yury-Fridlyand <[email protected]>

---------

Signed-off-by: MaxKsyunz <[email protected]>
Signed-off-by: Yury-Fridlyand <[email protected]>
Co-authored-by: Yury-Fridlyand <[email protected]>
Signed-off-by: Derek Ho <[email protected]>
  • Loading branch information
2 people authored and derek-ho committed Aug 4, 2023
1 parent 0dfb1e6 commit f808b63
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
2 changes: 1 addition & 1 deletion integ-test/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ dependencies {
builtBy 'compileJdbc'
}
testCompile group: 'com.h2database', name: 'h2', version: '2.1.214'
testCompile group: 'org.xerial', name: 'sqlite-jdbc', version: '3.28.0'
testCompile group: 'org.xerial', name: 'sqlite-jdbc', version: '3.41.2.2'
testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import lombok.EqualsAndHashCode;
import java.util.stream.Collectors;
import lombok.Getter;
import lombok.ToString;
import org.json.JSONPropertyName;
Expand All @@ -24,7 +25,6 @@
* query with SELECT columns or just *, order of column and row may matter or not. So the internal data structure of this
* class is passed in from outside either list or set, hash map or linked hash map etc.
*/
@EqualsAndHashCode(exclude = "databaseName")
@ToString
public class DBResult {

Expand Down Expand Up @@ -191,4 +191,24 @@ private static <T extends Comparable<T>> List<T> sort(Collection<T> collection)
return list;
}

public boolean equals(final Object o) {
if (o == this) {
return true;
}
if (!(o instanceof DBResult)) {
return false;
}
final DBResult other = (DBResult) o;
// H2 calculates the value before setting column name
// for example, for query "select 1 + 1" it returns a column named "2" instead of "1 + 1"
boolean skipColumnNameCheck = databaseName.equalsIgnoreCase("h2") || other.databaseName.equalsIgnoreCase("h2");
if (!skipColumnNameCheck && !schema.equals(other.schema)) {
return false;
}
if (skipColumnNameCheck && !schema.stream().map(Type::getType).collect(Collectors.toList())
.equals(other.schema.stream().map(Type::getType).collect(Collectors.toList()))) {
return false;
}
return dataRows.equals(other.dataRows);
}
}

0 comments on commit f808b63

Please sign in to comment.