norm icon indicating copy to clipboard operation
norm copied to clipboard
verified publisher icon dieselpoint

BigInteger index injection causes DbException on insert

Open FreedomCoder-dev opened this issue 4 years ago • 1 comments

Fails to insert any column into database: auto-increment index (which is long) in a model object can't be assigned to a BigInteger value (probably returned by the latest JDBC driver after insert).

mysql-connector-java-8.0.26

com.dieselpoint.norm.DbException: Could not set value into pojo. Field: public long com.freedomcoder.tmonitor.sql.pojos.TDevice.id value: 7
        at com.dieselpoint.norm.sqlmakers.StandardPojoInfo.putValue(StandardPojoInfo.java:314)
        at com.dieselpoint.norm.sqlmakers.StandardPojoInfo.putValue(StandardPojoInfo.java:273)
        at com.dieselpoint.norm.Query.populateGeneratedKeys(Query.java:411)
        at com.dieselpoint.norm.Query.execute(Query.java:348)
        at com.dieselpoint.norm.Query.insert(Query.java:269)
        at com.dieselpoint.norm.Database.insert(Database.java:160)
        at com.freedomcoder.tmonitor.serverapi.utils.DefaultCrudController.insert(DefaultCrudController.java:47)
        at com.freedomcoder.tmonitor.serverapi.CrudMethod.execute(CrudMethod.java:21)
        at com.freedomcoder.tmonitor.serverapi.CrudMethod.execute(CrudMethod.java:13)
        at com.freedomcoder.tmonitor.sessions.SessionManager.processMessage(SessionManager.java:119)
        at com.freedomcoder.tmonitor.WebsocketServer.onMessage(WebsocketServer.java:107)
        at org.java_websocket.server.WebSocketServer.onWebsocketMessage(WebSocketServer.java:469)
        at org.java_websocket.WebSocketImpl.decodeFrames(WebSocketImpl.java:368)
        at org.java_websocket.WebSocketImpl.decode(WebSocketImpl.java:157)
        at org.java_websocket.server.WebSocketServer$WebSocketWorker.run(WebSocketServer.java:657)
Caused by: java.lang.IllegalArgumentException: Can not set long field com.freedomcoder.tmonitor.sql.pojos.TDevice.id to java.math.BigInteger
        at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
        at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
        at java.base/jdk.internal.reflect.UnsafeLongFieldAccessorImpl.set(UnsafeLongFieldAccessorImpl.java:102)
        at java.base/java.lang.reflect.Field.set(Field.java:780)
        at com.dieselpoint.norm.sqlmakers.StandardPojoInfo.putValue(StandardPojoInfo.java:311)
        ... 14 more

FreedomCoder-dev avatar Aug 31 '21 18:08 FreedomCoder-dev

Is this the same issue as #55 ?

I could put a little hack into the code to deal with this one particular case. Would prefer to avoid that, obviously. How big a problem is this for your app?

ccleve avatar Sep 08 '21 14:09 ccleve

Fixed by #79

ccleve avatar Nov 18 '22 20:11 ccleve