Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 19491026cafa107d8b5fe4a4abf0b875f042d6e0
commit19491026cafa107d8b5fe4a4abf0b875f042d6e0[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Wed Dec 18 17:55:39 2019 -0700
committerJeff Sharkey <jsharkey@android.com>Wed Dec 18 17:55:42 2019 -0700
treed8c9bdf2057840e4463f7d0dd99738f6c48a9071
parent03c713106825d7854b4ca8ee9a563ca49ea4152a [diff]
We can't be as clever as we'd like.

We had hoped that SQLiteQueryBuilder could enforce some pretty strict
grammar rules, but there are apps depending on the full quirkiness
of what SQLite will allow, which is pretty much "expr" everywhere.

So we shift our strategy from a whitelist-style approach to a
blacklist-style one, where we're willing to let any valid keyword
be used _except_ for ones we know are rooted in abuse, such as
performing SELECT subqueries or relying on SQL injection to blur
the lines between well-defined clauses.

Bug: 146478800, 146482076
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: Ib57ceab0e229e01177cabd8277f3c989c817b10c
1 file changed
tree: d8c9bdf2057840e4463f7d0dd99738f6c48a9071
  1. apct-tests/
  2. apex/
  3. api/
  4. cmds/
  5. config/
  6. core/
  7. data/
  8. docs/
  9. drm/
  10. graphics/
  11. keystore/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. mime/
  17. mms/
  18. native/
  19. nfc-extras/
  20. obex/
  21. opengl/
  22. packages/
  23. proto/
  24. rs/
  25. samples/
  26. sax/
  27. services/
  28. startop/
  29. telecomm/
  30. telephony/
  31. test-base/
  32. test-legacy/
  33. test-mock/
  34. test-runner/
  35. tests/
  36. tools/
  37. wifi/
  38. .clang-format
  39. .gitignore
  40. .mailmap
  41. Android.bp
  42. Android.mk
  43. CleanSpec.mk
  44. framework-jarjar-rules.txt
  45. MODULE_LICENSE_APACHE2
  46. NOTICE
  47. pathmap.mk
  48. PREUPLOAD.cfg
  49. TEST_MAPPING