aherman
/
proxysql
mirror of https://github.com/sysown/proxysql
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Correct SQL prepared statement API usage and template variable access

Browse Source 
Fix compilation errors in the SQL injection fixes:

1. ProxySQL_Admin_Stats.cpp: Use public statsdb->prepare_v2() API
   - Changed from direct proxy_sqlite3_prepare_v2() calls with statsdb->db
   - statsdb->db is private, must use public prepare_v2(query, &stmt) method

2. Admin_Handler.cpp: Add SPA cast for template function access
   - Added ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa; declaration
   - Changed all admindb->execute to SPA->admindb->execute
   - Removed unused 'error' and 'success' variables

The build now completes successfully.
pull/5310/head^2
Rene Cannao 3 months ago
parent 9f07e9631e
commit 5ece563514
2 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File

34
lib/Admin_Handler.cpp
Unescape View File

@ -2368,32 +2368,31 @@ bool admin_handler_command_load_or_save(char *query_no_space, unsigned int query
) {
l_free(*ql,*q);
// Execute as transaction to ensure both statements run atomically
char* error = NULL;
bool success = true;
ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
// Execute as transaction to ensure both statements run atomically
// Begin transaction
if (!admindb->execute("BEGIN")) {
if (!SPA->admindb->execute("BEGIN")) {
proxy_error("Failed to BEGIN transaction for LOAD MCP QUERY RULES\n");
return false;
}
// Clear target table
if (!admindb->execute("DELETE FROM main.mcp_query_rules")) {
if (!SPA->admindb->execute("DELETE FROM main.mcp_query_rules")) {
proxy_error("Failed to DELETE from main.mcp_query_rules\n");
admindb->execute("ROLLBACK");
SPA->admindb->execute("ROLLBACK");
return false;
}
// Insert from source
if (!admindb->execute("INSERT OR REPLACE INTO main.mcp_query_rules SELECT * FROM disk.mcp_query_rules")) {
if (!SPA->admindb->execute("INSERT OR REPLACE INTO main.mcp_query_rules SELECT * FROM disk.mcp_query_rules")) {
proxy_error("Failed to INSERT into main.mcp_query_rules\n");
admindb->execute("ROLLBACK");
SPA->admindb->execute("ROLLBACK");
return false;
}
// Commit transaction
if (!admindb->execute("COMMIT")) {
if (!SPA->admindb->execute("COMMIT")) {
proxy_error("Failed to COMMIT transaction for LOAD MCP QUERY RULES\n");
return false;
}
@ -2408,32 +2407,31 @@ bool admin_handler_command_load_or_save(char *query_no_space, unsigned int query
) {
l_free(*ql,*q);
// Execute as transaction to ensure both statements run atomically
char* error = NULL;
bool success = true;
ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
// Execute as transaction to ensure both statements run atomically
// Begin transaction
if (!admindb->execute("BEGIN")) {
if (!SPA->admindb->execute("BEGIN")) {
proxy_error("Failed to BEGIN transaction for SAVE MCP QUERY RULES TO DISK\n");
return false;
}
// Clear target table
if (!admindb->execute("DELETE FROM disk.mcp_query_rules")) {
if (!SPA->admindb->execute("DELETE FROM disk.mcp_query_rules")) {
proxy_error("Failed to DELETE from disk.mcp_query_rules\n");
admindb->execute("ROLLBACK");
SPA->admindb->execute("ROLLBACK");
return false;
}
// Insert from source
if (!admindb->execute("INSERT OR REPLACE INTO disk.mcp_query_rules SELECT * FROM main.mcp_query_rules")) {
if (!SPA->admindb->execute("INSERT OR REPLACE INTO disk.mcp_query_rules SELECT * FROM main.mcp_query_rules")) {
proxy_error("Failed to INSERT into disk.mcp_query_rules\n");
admindb->execute("ROLLBACK");
SPA->admindb->execute("ROLLBACK");
return false;
}
// Commit transaction
if (!admindb->execute("COMMIT")) {
if (!SPA->admindb->execute("COMMIT")) {
proxy_error("Failed to COMMIT transaction for SAVE MCP QUERY RULES TO DISK\n");
return false;
}

4
lib/ProxySQL_Admin_Stats.cpp
Unescape View File

@ -1601,7 +1601,7 @@ void ProxySQL_Admin::stats___mcp_query_tools_counters(bool reset) {
: "INSERT INTO stats_mcp_query_tools_counters VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)";
sqlite3_stmt* statement = NULL;
int rc = (*proxy_sqlite3_prepare_v2)(statsdb->db, query_str, -1, &statement, NULL);
int rc = statsdb->prepare_v2(query_str, &statement);
ASSERT_SQLITE_OK(rc, statsdb);
if (reset) {
@ -2625,7 +2625,7 @@ void ProxySQL_Admin::stats___mcp_query_digest(bool reset) {
: "INSERT INTO stats_mcp_query_digest VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)";
sqlite3_stmt* statement = NULL;
int rc = (*proxy_sqlite3_prepare_v2)(statsdb->db, query_str, -1, &statement, NULL);
int rc = statsdb->prepare_v2(query_str, &statement);
ASSERT_SQLITE_OK(rc, statsdb);
for (std::vector<SQLite3_row*>::iterator it = resultset->rows.begin(); it != resultset->rows.end(); ++it) {

Write Preview
Loading…
Cancel
Save