thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-20 00:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Forbid paths in timezones in cctz lib

Browse Source
This commit is contained in:
avogar 2022-12-27 17:52:38 +00:00
parent 05c37365df
commit 5c42b78766
4 changed files with 7 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/cctz vendored

@ -1 +1 @@
Subproject commit 5c8528fb35e89ee0b3a7157490423fba0d4dd7b5 Subproject commit 7c78edd52b4d65acc103c2f195818ffcabe6fe0d

26
src/DataTypes/TimezoneMixin.cpp
View File

@ -1,26 +0,0 @@
#include <DataTypes/TimezoneMixin.h>
#include <Common/Exception.h>
#include <filesystem>
namespace DB
{
namespace ErrorCodes
{
extern const int BAD_ARGUMENTS;
}
}
const String & TimezoneMixin::checkTimezoneName(const String & timezone_name)
{
const char * forbidden_beginnings[] = {"/", "./", "~"};
for (const auto & pattern : forbidden_beginnings)
{
if (timezone_name.starts_with(pattern))
throw DB::Exception(DB::ErrorCodes::BAD_ARGUMENTS, "Timezone name cannot start with '{}'", pattern);
}
if (timezone_name.find("../") != std::string::npos)
throw DB::Exception(DB::ErrorCodes::BAD_ARGUMENTS, "Timezone name cannot contain pattern '../'");
return timezone_name;
}

5
src/DataTypes/TimezoneMixin.h
View File

@ -15,7 +15,7 @@ public:
explicit TimezoneMixin(const String & time_zone_name = "") explicit TimezoneMixin(const String & time_zone_name = "")
: has_explicit_time_zone(!time_zone_name.empty()) : has_explicit_time_zone(!time_zone_name.empty())
, time_zone(DateLUT::instance(checkTimezoneName(time_zone_name))) , time_zone(DateLUT::instance(time_zone_name))
, utc_time_zone(DateLUT::instance("UTC")) , utc_time_zone(DateLUT::instance("UTC"))
{ {
} }
@ -29,7 +29,4 @@ protected:
const DateLUTImpl & time_zone; const DateLUTImpl & time_zone;
const DateLUTImpl & utc_time_zone; const DateLUTImpl & utc_time_zone;
private:
static const String & checkTimezoneName(const String & timezone_name);
}; };

10
tests/queries/0_stateless/02505_forbid_paths_in_datetime_timezone.sql
View File

@ -1,6 +1,6 @@
select toDateTime(0, '/abc'); -- { serverError BAD_ARGUMENTS } select toDateTime(0, '/abc'); -- { serverError POCO_EXCEPTION }
select toDateTime(0, './abc'); -- { serverError BAD_ARGUMENTS } select toDateTime(0, './abc'); -- { serverError POCO_EXCEPTION }
select toDateTime(0, '../abc'); -- { serverError BAD_ARGUMENTS } select toDateTime(0, '../abc'); -- { serverError POCO_EXCEPTION }
select toDateTime(0, '~/abc'); -- { serverError BAD_ARGUMENTS } select toDateTime(0, '~/abc'); -- { serverError POCO_EXCEPTION }
select toDateTime(0, 'abc/../../cba'); -- { serverError BAD_ARGUMENTS } select toDateTime(0, 'abc/../../cba'); -- { serverError POCO_EXCEPTION }