bug fixes in jsqlparser and thus new version, plus some negative test…

…s for security
Novartis · Jul 25, 2016 · 126179d · 126179d
1 parent c64c719
commit 126179d
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 4 deletions.
diff --git a/yada-api/pom.xml b/yada-api/pom.xml
@@ -638,7 +638,7 @@
     <dependency>
       <groupId>com.novartis.opensource</groupId>
       <artifactId>jsqlparser</artifactId>
-      <version>0.9.6</version>
+      <version>0.9.6.1</version>
     </dependency>
     <dependency>
       <groupId>org.json</groupId>

diff --git a/yada-api/src/test/resources/test/security_exceptions.txt b/yada-api/src/test/resources/test/security_exceptions.txt
@@ -0,0 +1,2 @@
+q=YADATEST test sec app property
+q=YADATEST test sec query property
diff --git a/yada-war/pom.xml b/yada-war/pom.xml
@@ -619,7 +619,7 @@
     <dependency>
       <groupId>com.novartis.opensource</groupId>
       <artifactId>jsqlparser</artifactId>
-      <version>0.9.6</version>
+      <version>0.9.6.1</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/yada-war/src/main/resources/scripts/YADA_db_uni_revisions_7_1_0.sql b/yada-war/src/main/resources/scripts/YADA_db_uni_revisions_7_1_0.sql
@@ -23,7 +23,7 @@ a.created,
 a.created_by,
 a.comments' WHERE QNAME = 'YADA queries';
 UPDATE YADA_QUERY SET QUERY = 'update yada_param set value = ?v, rule = ?i where target = ?v and name = ?v' WHERE QNAME = 'YADA update default param';
-UPDATE YADA_QUERY SET QUERY = 'SELECT * FROM YADA_PARAMS 
+UPDATE YADA_QUERY SET QUERY = 'SELECT * FROM YADA_PARAM
 where target in (?v) 
   and target 
   not in (''YADA apps'',
@@ -41,7 +41,7 @@ rule as "RULE"
 FROM YADA_PARAM where target in (select qname from yada_query where app = ?v and qname not in (''YADA apps'',''YADA queries'',''YADA new query'',''YADA delete query'',''YADA insert usage log'',''YADA update query''))'
 WHERE QNAME = 'YADA select default params for app';
 UPDATE YADA_QUERY SET QUERY = 'insert into YADA_PARAM (id, target, name, value, rule) values (?v,?v,?v,?v,?i)' WHERE QNAME = 'YADA insert default param';
-
+UPDATE YADA_QUERY SET QUERY = 'delete from YADA_PARAMS where target = ?v and name = ?v and value = ?v and rule = ?i' WHERE QNAME = 'YADA delete default param';
 
 INSERT into YADA_QUERY (qname,query,created_by,app) VALUES ('YADA insert prop','insert into yada_prop (target, name, value) values (?v,?v,?v)','YADABOT','YADA');
 INSERT into YADA_QUERY (qname,query,created_by,app) VALUES ('YADA update prop','update yada_prop set value = ?v where target = ?v and name = ?v', 'YADABOT', 'YADA');