From 2b8a4dfb1fb05d4240ed3dc80c7c1062cea562af Mon Sep 17 00:00:00 2001 From: Hansen Kurli Date: Mon, 11 Mar 2024 11:19:23 +0800 Subject: Escape the LIKE clause for list() The LIKE clause uses '_' and '%' as wildcard characters. They need to be escaped for the prefix to match exact names. Bug: 307903113 Test: atest ConnectivityBlobStoreTest Change-Id: Ia5b6cda5e06bf5e6f0992e85eccf47feae4b01a3 --- .../internal/net/ConnectivityBlobStore.java | 8 +++-- .../internal/net/ConnectivityBlobStoreTest.java | 37 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/core/java/com/android/internal/net/ConnectivityBlobStore.java b/core/java/com/android/internal/net/ConnectivityBlobStore.java index 1b18485e35fa..f8eb5be641e0 100644 --- a/core/java/com/android/internal/net/ConnectivityBlobStore.java +++ b/core/java/com/android/internal/net/ConnectivityBlobStore.java @@ -19,6 +19,7 @@ package com.android.internal.net; import android.annotation.NonNull; import android.content.ContentValues; import android.database.Cursor; +import android.database.DatabaseUtils; import android.database.SQLException; import android.database.sqlite.SQLiteDatabase; import android.os.Binder; @@ -153,8 +154,11 @@ public class ConnectivityBlobStore { final List names = new ArrayList(); try (Cursor cursor = mDb.query(TABLENAME, new String[] {"name"} /* columns */, - "owner=? AND name LIKE ?" /* selection */, - new String[] {Integer.toString(ownerUid), prefix + "%"} /* selectionArgs */, + "owner=? AND name LIKE ? ESCAPE '\\'" /* selection */, + new String[] { + Integer.toString(ownerUid), + DatabaseUtils.escapeForLike(prefix) + "%" + } /* selectionArgs */, null /* groupBy */, null /* having */, "name ASC" /* orderBy */)) { diff --git a/core/tests/coretests/src/com/android/internal/net/ConnectivityBlobStoreTest.java b/core/tests/coretests/src/com/android/internal/net/ConnectivityBlobStoreTest.java index 68545cfe889c..ad4ccc9492f6 100644 --- a/core/tests/coretests/src/com/android/internal/net/ConnectivityBlobStoreTest.java +++ b/core/tests/coretests/src/com/android/internal/net/ConnectivityBlobStoreTest.java @@ -153,4 +153,41 @@ public class ConnectivityBlobStoreTest { final String[] actual = connectivityBlobStore.list(TEST_NAME /* prefix */); assertArrayEquals(expected, actual); } + + @Test + public void testList_underscoreInPrefix() throws Exception { + final String prefix = TEST_NAME + "_"; + final String[] unsortedNames = new String[] { + prefix + "000", + TEST_NAME + "123", + }; + // The '_' in the prefix should not be treated as a wildcard so the only match is "000". + final String[] expected = new String[] {"000"}; + final ConnectivityBlobStore connectivityBlobStore = createConnectivityBlobStore(); + + for (int i = 0; i < unsortedNames.length; i++) { + assertTrue(connectivityBlobStore.put(unsortedNames[i], TEST_BLOB)); + } + final String[] actual = connectivityBlobStore.list(prefix); + assertArrayEquals(expected, actual); + } + + @Test + public void testList_percentInPrefix() throws Exception { + final String prefix = "%" + TEST_NAME + "%"; + final String[] unsortedNames = new String[] { + TEST_NAME + "12345", + prefix + "0", + "abc" + TEST_NAME + "987", + }; + // The '%' in the prefix should not be treated as a wildcard so the only match is "0". + final String[] expected = new String[] {"0"}; + final ConnectivityBlobStore connectivityBlobStore = createConnectivityBlobStore(); + + for (int i = 0; i < unsortedNames.length; i++) { + assertTrue(connectivityBlobStore.put(unsortedNames[i], TEST_BLOB)); + } + final String[] actual = connectivityBlobStore.list(prefix); + assertArrayEquals(expected, actual); + } } -- cgit v1.2.3