diff options
| author | Daniel Langesten <daniel.langest@gmail.com> | 2015-03-25 10:32:41 +0100 |
|---|---|---|
| committer | Daniel Langesten <daniel.langest@gmail.com> | 2015-03-25 10:32:41 +0100 |
| commit | 52281e116fdaeaa4ddd55e23504709d1d3508c9d (patch) | |
| tree | 1207886da2a8c6ca96ef71aefe1288d052fa1e02 | |
| parent | 88301b03ea26ce8cb18c3ab5c32618f0e1489230 (diff) | |
Revert "added tables to prepared statements to hinder injections"
Since it was invalid MySQL syntax and MySQL seems to be missing the
feature needed.
This reverts commit 88301b03ea26ce8cb18c3ab5c32618f0e1489230.
| -rw-r--r-- | sqlQueries.go | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/sqlQueries.go b/sqlQueries.go index e3b49d4..79b3847 100644 --- a/sqlQueries.go +++ b/sqlQueries.go @@ -26,9 +26,9 @@ func fetchRawData(db *sql.DB, cfg *Config, tim time.Time) (rDat []RawData, err e var prepSel *sql.Stmt if cfg.Limit > 0 { - prepSel, err = db.Prepare("SELECT ip_src,ip_dst,as_src,as_dst,port_src,port_dst,packets,pkt_len_distrib,stamp_inserted FROM ? WHERE stamp_processed IS NULL AND stamp_inserted < ? LIMIT ?") + prepSel, err = db.Prepare("SELECT ip_src,ip_dst,as_src,as_dst,port_src,port_dst,packets,pkt_len_distrib,stamp_inserted FROM " + cfg.RawTable + " WHERE stamp_processed IS NULL AND stamp_inserted < ? LIMIT ?") } else { - prepSel, err = db.Prepare("SELECT ip_src,ip_dst,as_src,as_dst,port_src,port_dst,packets,pkt_len_distrib,stamp_inserted FROM ? WHERE stamp_processed IS NULL AND stamp_inserted < ?") + prepSel, err = db.Prepare("SELECT ip_src,ip_dst,as_src,as_dst,port_src,port_dst,packets,pkt_len_distrib,stamp_inserted FROM " + cfg.RawTable + " WHERE stamp_processed IS NULL AND stamp_inserted < ?") } if err != nil { slogger.Println("Failed to prepare select") @@ -37,9 +37,9 @@ func fetchRawData(db *sql.DB, cfg *Config, tim time.Time) (rDat []RawData, err e var rows *sql.Rows if cfg.Limit > 0 { - rows, err = prepSel.Query(cfg.RawTable, tim, cfg.Limit) + rows, err = prepSel.Query(tim, cfg.Limit) } else { - rows, err = prepSel.Query(cfg.RawTable, tim) + rows, err = prepSel.Query(tim) } if err != nil { slogger.Println("Failed to query prepared selection") @@ -53,7 +53,7 @@ func fetchRawData(db *sql.DB, cfg *Config, tim time.Time) (rDat []RawData, err e return } - prepUp, err := tx.Prepare("UPDATE ? SET stamp_processed = ? where ip_src = ? AND ip_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND packets = ? AND pkt_len_distrib = ? AND stamp_inserted = ?") + prepUp, err := tx.Prepare("UPDATE " + cfg.RawTable + " SET stamp_processed = ? where ip_src = ? AND ip_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND packets = ? AND pkt_len_distrib = ? AND stamp_inserted = ?") if err != nil { slogger.Println("Failed to prepare update") return @@ -78,7 +78,7 @@ func fetchRawData(db *sql.DB, cfg *Config, tim time.Time) (rDat []RawData, err e return } - _, err = prepUp.Exec(cfg.RawTable, time.Now(), r.Ip_src, r.Ip_dst, r.As_src, r.As_dst, r.Port_src, r.Port_dst, r.Packets, r.Pkt_len_distrib, tim) + _, err = prepUp.Exec(time.Now(), r.Ip_src, r.Ip_dst, r.As_src, r.As_dst, r.Port_src, r.Port_dst, r.Packets, r.Pkt_len_distrib, tim) if err != nil { slogger.Println("Failed to query prepared update") tx.Rollback() @@ -93,36 +93,35 @@ func fetchRawData(db *sql.DB, cfg *Config, tim time.Time) (rDat []RawData, err e //Removes the stamp_processed from every entry that started being proccesed before tim func reprocess(db *sql.DB, cfg *Config, tim time.Time) (err error) { - //TODO cfg.tabledable needs to go in a prepared statement - stmt, err := db.Prepare("UPDATE ? SET stamp_processed = NULL WHERE stamp_processed < ?") + stmt, err := db.Prepare("UPDATE " + cfg.RawTable + " SET stamp_processed = NULL WHERE stamp_processed < ?") if err != nil { return } - _, err = stmt.Exec(cfg.RawTable, tim) + _, err = stmt.Exec(tim) return } //Removes all entries in the database that started being processed before tim func purgeAllProcessed(db *sql.DB, cfg *Config, tim time.Time) (err error) { - stmt, err := db.Prepare("DELETE FROM ? WHERE stamp_processed < ? ") + stmt, err := db.Prepare("DELETE FROM " + cfg.RawTable + " WHERE stamp_processed < ? ") if err != nil { return } - _, err = stmt.Exec(cfg.RawTable, tim) + _, err = stmt.Exec(tim) return } //Removes all Rawdata that is in rDat from the database func purgeRawData(tx *sql.Tx, cfg *Config, rDat []RawData) (err error) { - prepStmt, err := tx.Prepare("DELETE FROM ? WHERE ip_src = ? AND ip_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND packets = ? AND pkt_len_distrib = ? AND stamp_processed IS NOT NULL LIMIT 1") + prepStmt, err := tx.Prepare("DELETE FROM " + cfg.RawTable + " WHERE ip_src = ? AND ip_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND packets = ? AND pkt_len_distrib = ? AND stamp_processed IS NOT NULL LIMIT 1") if err != nil { return } for _, r := range rDat { - _, err = prepStmt.Exec(cfg.RawTable, r.Ip_src, r.Ip_dst, r.As_src, r.As_dst, r.Port_src, r.Port_dst, r.Packets, r.Pkt_len_distrib) + _, err = prepStmt.Exec(r.Ip_src, r.Ip_dst, r.As_src, r.As_dst, r.Port_src, r.Port_dst, r.Packets, r.Pkt_len_distrib) if err != nil { return } @@ -131,14 +130,14 @@ func purgeRawData(tx *sql.Tx, cfg *Config, rDat []RawData) (err error) { } func insertCleanData(tx *sql.Tx, cfg *Config, cd []cleanedData) error { - prepStmt, err := tx.Prepare("INSERT INTO ? (ipb_src, ipb_dst, as_src, as_dst, port_src, port_dst, occurences, volume, time_added) VALUES ( ? , ? , ? , ? , ? , ? , ? , ? , ? ) ON DUPLICATE KEY UPDATE occurences = occurences + ?") + prepStmt, err := tx.Prepare("INSERT INTO " + cfg.CleanTable + " (ipb_src, ipb_dst, as_src, as_dst, port_src, port_dst, occurences, volume, time_added) VALUES ( ? , ? , ? , ? , ? , ? , ? , ? , ? ) ON DUPLICATE KEY UPDATE occurences = occurences + ?") if err != nil { slogger.Println("Failed to prepare statement") return err } for ix := range cd { - _, err = prepStmt.Exec(cfg.CleanTable, cd[ix].ipbSrc, cd[ix].ipbDst, cd[ix].asSrc, cd[ix].asDst, cd[ix].portSrc, cd[ix].portDst, cd[ix].occurences, cd[ix].volume, cd[ix].time, cd[ix].occurences) + _, err = prepStmt.Exec(cd[ix].ipbSrc, cd[ix].ipbDst, cd[ix].asSrc, cd[ix].asDst, cd[ix].portSrc, cd[ix].portDst, cd[ix].occurences, cd[ix].volume, cd[ix].time, cd[ix].occurences) if err != nil { slogger.Println("Failed to execute statement") return err @@ -156,14 +155,14 @@ func insertCleanDataToDB(cfg *Config, cd []cleanedData) error { } defer db.Close() - prepStmt, err := db.Prepare("INSERT INTO ? (ipb_src, ipb_dst, as_src, as_dst, port_src, port_dst, occurences, volume, time_added) VALUES ( ? , ? , ? , ? , ? , ? , ? , ? , ? ) ON DUPLICATE KEY UPDATE occurences = occurences + ?") + prepStmt, err := db.Prepare("INSERT INTO " + cfg.CleanTable + " (ipb_src, ipb_dst, as_src, as_dst, port_src, port_dst, occurences, volume, time_added) VALUES ( ? , ? , ? , ? , ? , ? , ? , ? , ? ) ON DUPLICATE KEY UPDATE occurences = occurences + ?") if err != nil { slogger.Println("Failed to prepare statement") return err } for ix := range cd { - _, err = prepStmt.Exec(cfg.CleanTable, cd[ix].ipbSrc, cd[ix].ipbDst, cd[ix].asSrc, cd[ix].asDst, cd[ix].portSrc, cd[ix].portDst, cd[ix].occurences, cd[ix].volume, cd[ix].time, cd[ix].occurences) + _, err = prepStmt.Exec(cd[ix].ipbSrc, cd[ix].ipbDst, cd[ix].asSrc, cd[ix].asDst, cd[ix].portSrc, cd[ix].portDst, cd[ix].occurences, cd[ix].volume, cd[ix].time, cd[ix].occurences) if err != nil { slogger.Println("Failed to execute statement") return err @@ -223,20 +222,20 @@ func privatizeCleaned(db *sql.DB, t time.Time, cfg *Config) (err error) { if cfg.Epsilon <= 0 { return } - query, err := db.Prepare("SELECT ipb_src,ipb_dst,as_src,as_dst,port_src,port_dst,volume,time_added,occurences FROM ? WHERE time_added < ?") + query, err := db.Prepare("SELECT ipb_src,ipb_dst,as_src,as_dst,port_src,port_dst,volume,time_added,occurences FROM " + cfg.CleanTable + " WHERE time_added < ?") if err != nil { slogger.Println("Failed to prepare query") return } - rows, err := query.Query(cfg.CleanTable, t) + rows, err := query.Query(t) if err != nil { slogger.Println("Failed to query for unprivitized rows") return } defer rows.Close() - update, err := db.Prepare("UPDATE ? SET occurences = ? , time_privatized = ? WHERE ipb_src = ? AND ipb_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND volume = ? AND time_added = ? ") + update, err := db.Prepare("UPDATE " + cfg.CleanTable + " SET occurences = ? , time_privatized = ? WHERE ipb_src = ? AND ipb_dst = ? AND as_src = ? AND as_dst = ? AND port_src = ? AND port_dst = ? AND volume = ? AND time_added = ? ") if err != nil { slogger.Println("Failed to prepare update") return @@ -264,7 +263,7 @@ func privatizeCleaned(db *sql.DB, t time.Time, cfg *Config) (err error) { cd.occurences = diffpriv(cd.occurences, 1, cfg.Epsilon) // Update the entry - _, err := update.Exec(cfg.CleanTable, cd.occurences, time.Now(), cd.ipbSrc, cd.ipbDst, cd.asSrc, cd.asDst, cd.portSrc, cd.portDst, cd.volume, cd.time) + _, err := update.Exec(cd.occurences, time.Now(), cd.ipbSrc, cd.ipbDst, cd.asSrc, cd.asDst, cd.portSrc, cd.portDst, cd.volume, cd.time) if err != nil { slogger.Println("Failed to update an entry:", err) } @@ -273,12 +272,12 @@ func privatizeCleaned(db *sql.DB, t time.Time, cfg *Config) (err error) { } func availableRows(tx *sql.Tx, cfg *Config, timeLimit time.Time) (numRows int, err error) { - stmt, err := tx.Prepare("SELECT COUNT(*) FROM ? WHERE stamp_inserted < ? ") + stmt, err := tx.Prepare("SELECT COUNT(*) FROM " + cfg.RawTable + " WHERE stamp_inserted < ? ") if err != nil { slogger.Println("Could not prepare statement") return } - row := stmt.QueryRow(cfg.RawTable, timeLimit) + row := stmt.QueryRow(timeLimit) err = row.Scan(&numRows) if err != nil { |