From ee450f1c7b776c6e85d35e93551bdedbb7766e49 Mon Sep 17 00:00:00 2001 From: Christopher Tognini Date: Fri, 29 Sep 2017 12:11:12 +0100 Subject: [PATCH] Add Sybase database support for SQL Injection --- .../waratek/spiracle/init/SpiracleInit.java | 6 ++ .../sybase/Sybase_Get_Implicit_Join.java | 82 +++++++++++++++++++ .../sql/servlet/sybase/Sybase_Get_Union.java | 82 +++++++++++++++++++ .../sybase/Sybase_Get_int_no_quote.java | 81 ++++++++++++++++++ .../sql/servlet/sybase/Sybase_Get_string.java | 82 +++++++++++++++++++ .../sybase/Sybase_Get_string_no_quote.java | 82 +++++++++++++++++++ .../Sybase_Implicit_Join_Namespace.java | 81 ++++++++++++++++++ .../spiracle/sql/util/ConnectionUtil.java | 3 + .../waratek/spiracle/sql/util/Constants.java | 5 ++ src/main/webapp/conf/Spiracle.properties | 6 ++ src/main/webapp/sql.jsp | 58 +++++++++++++ 11 files changed, 568 insertions(+) create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java create mode 100644 src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java diff --git a/src/main/java/com/waratek/spiracle/init/SpiracleInit.java b/src/main/java/com/waratek/spiracle/init/SpiracleInit.java index 0fa6e1f..69b2e19 100644 --- a/src/main/java/com/waratek/spiracle/init/SpiracleInit.java +++ b/src/main/java/com/waratek/spiracle/init/SpiracleInit.java @@ -46,6 +46,8 @@ public void contextDestroyed(ServletContextEvent arg0) { ((ComboPooledDataSource) application.getAttribute(Constants.ORACLE_CONNECTION_POOL)).close(); ((ComboPooledDataSource) application.getAttribute(Constants.MYSQL_CONNECTION_POOL)).close(); ((ComboPooledDataSource) application.getAttribute(Constants.MSSQL_CONNECTION_POOL)).close(); + ((ComboPooledDataSource) application.getAttribute(Constants.DB2_CONNECTION_POOL)).close(); + ((ComboPooledDataSource) application.getAttribute(Constants.SYBASE_CONNECTION_POOL)).close(); } @Override @@ -68,6 +70,9 @@ public void contextInitialized(ServletContextEvent arg0) { ComboPooledDataSource db2SqlDs = getConnectionPool(props, Constants.DB2); setNamedConnectionPool(application, db2SqlDs, Constants.DB2_CONNECTION_POOL, Constants.DB2_CONNECTION_DATA); + ComboPooledDataSource sybaseSqlDs = getConnectionPool(props, Constants.SYBASE); + setNamedConnectionPool(application, sybaseSqlDs, Constants.SYBASE_CONNECTION_POOL, Constants.SYBASE_CONNECTION_DATA); + setDefaultConnection(application, props); setFetchSize(application, props); try { @@ -75,6 +80,7 @@ public void contextInitialized(ServletContextEvent arg0) { Class.forName(props.getProperty(Constants.C3P0_MYSQL_CLASSNAME)); Class.forName(props.getProperty(Constants.C3P0_MSSQL_CLASSNAME)); Class.forName(props.getProperty(Constants.C3P0_DB2_CLASSNAME)); + Class.forName(props.getProperty(Constants.C3P0_SYBASE_CLASSNAME)); } catch (ClassNotFoundException e) { logger.error("Unable to load JDBC connector classes from config."); e.printStackTrace(); diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java new file mode 100644 index 0000000..67c04aa --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Implicit_Join.java @@ -0,0 +1,82 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_Inner_Join + */ +@WebServlet("/Sybase_Get_Implicit_Join") +public class Sybase_Get_Implicit_Join extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Get_Implicit_Join() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = nullSanitizedMap.get("id"); + + String sql = "SELECT * FROM users, address WHERE users.id = " + id + " AND users.id = address.id"; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java new file mode 100644 index 0000000..bca130c --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_Union.java @@ -0,0 +1,82 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_Union + */ +@WebServlet("/Sybase_Get_Union") +public class Sybase_Get_Union extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Get_Union() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = nullSanitizedMap.get("id"); + + String sql = "SELECT name, surname, CONVERT(varchar(500),dob,3) FROM users WHERE id = " + id + " UNION SELECT address_1, address_2, address_3 FROM address WHERE id = " + id; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java new file mode 100644 index 0000000..84a5d33 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_int_no_quote.java @@ -0,0 +1,81 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_int + */ +@WebServlet("/Sybase_Get_int_no_quote") +public class Sybase_Get_int_no_quote extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Get_int_no_quote() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = nullSanitizedMap.get("id"); + + String sql = "SELECT * FROM users WHERE id = " + id; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java new file mode 100644 index 0000000..37a902c --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string.java @@ -0,0 +1,82 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_string + */ +@WebServlet("/Sybase_Get_string") +public class Sybase_Get_string extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Get_string() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("name"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String name = nullSanitizedMap.get("name"); + + String sql = "SELECT * FROM users WHERE name = '" + name + "'"; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java new file mode 100644 index 0000000..e1443b4 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Get_string_no_quote.java @@ -0,0 +1,82 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Get_string + */ +@WebServlet("/Sybase_Get_string_no_quote") +public class Sybase_Get_string_no_quote extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Get_string_no_quote() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("name"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String name = nullSanitizedMap.get("name"); + + String sql = "SELECT * FROM users WHERE name = " + name; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } + +} diff --git a/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java new file mode 100644 index 0000000..0377548 --- /dev/null +++ b/src/main/java/com/waratek/spiracle/sql/servlet/sybase/Sybase_Implicit_Join_Namespace.java @@ -0,0 +1,81 @@ +/* + * Copyright 2017 Waratek Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.waratek.spiracle.sql.servlet.sybase; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.waratek.spiracle.sql.servlet.util.ParameterNullFix; +import com.waratek.spiracle.sql.util.SelectUtil; + +/** + * Servlet implementation class Implicit_Join_Namespace + */ +@WebServlet("/Sybase_Implicit_Join_Namespace") +public class Sybase_Implicit_Join_Namespace extends HttpServlet { + private static final long serialVersionUID = 1L; + + /** + * @see HttpServlet#HttpServlet() + */ + public Sybase_Implicit_Join_Namespace() { + super(); + // TODO Auto-generated constructor stub + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + executeRequest(request, response); + } + + private void executeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { + ServletContext application = this.getServletConfig().getServletContext(); + List queryStringList = new ArrayList(); + queryStringList.add("id"); + + Map nullSanitizedMap = ParameterNullFix.sanitizeNull(queryStringList, request); + + String id = nullSanitizedMap.get("id"); + + String sql = "SELECT * FROM dbo.users, dbo.address WHERE dbo.users.id = " + id + " AND dbo.users.id = dbo.address.id"; + + Boolean showErrors = true; + Boolean allResults = true; + Boolean showOutput = true; + + SelectUtil.executeQuery(sql, application, request, response, showErrors, allResults, showOutput); + } +} diff --git a/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java b/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java index c669232..9659e7f 100644 --- a/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java +++ b/src/main/java/com/waratek/spiracle/sql/util/ConnectionUtil.java @@ -47,6 +47,9 @@ public static Connection getConnection(ServletContext application, String connec } else if (connectionType.equals(Constants.C3P0_DB2)) { ComboPooledDataSource ds = (ComboPooledDataSource) application.getAttribute(Constants.DB2_CONNECTION_POOL); con = ds.getConnection(); + } else if (connectionType.equals(Constants.C3P0_SYBASE)) { + ComboPooledDataSource ds = (ComboPooledDataSource) application.getAttribute(Constants.SYBASE_CONNECTION_POOL); + con = ds.getConnection(); } else if (connectionType.equals("spring")) { FileSystemXmlApplicationContext context = (FileSystemXmlApplicationContext) application.getAttribute("springContext"); DriverManagerDataSource dmds = (DriverManagerDataSource) context.getBean("dataSource"); diff --git a/src/main/java/com/waratek/spiracle/sql/util/Constants.java b/src/main/java/com/waratek/spiracle/sql/util/Constants.java index b062f08..e07b542 100644 --- a/src/main/java/com/waratek/spiracle/sql/util/Constants.java +++ b/src/main/java/com/waratek/spiracle/sql/util/Constants.java @@ -19,24 +19,29 @@ public class Constants { public static final String C3P0_MYSQL = "c3p0.mysql"; public static final String C3P0_MSSQL = "c3p0.mssql"; public static final String C3P0_DB2 = "c3p0.db2"; + public static final String C3P0_SYBASE = "c3p0.sybase"; public static final String C3P0_ORACLE_CLASSNAME = "c3p0.oracle.classname"; public static final String C3P0_MYSQL_CLASSNAME = "c3p0.mysql.classname"; public static final String C3P0_MSSQL_CLASSNAME = "c3p0.mssql.classname"; public static final String C3P0_DB2_CLASSNAME = "c3p0.db2.classname"; + public static final String C3P0_SYBASE_CLASSNAME = "c3p0.sybase.classname"; public static final String ORACLE = "oracle"; public static final String MYSQL = "mysql"; public static final String MSSQL = "mssql"; public static final String DB2 = "db2"; + public static final String SYBASE = "sybase"; public static final String ORACLE_CONNECTION_POOL = "oracleConnectionPool"; public static final String MYSQL_CONNECTION_POOL = "mysqlConnectionPool"; public static final String MSSQL_CONNECTION_POOL = "mssqlConnectionPool"; public static final String DB2_CONNECTION_POOL = "db2ConnectionPool"; + public static final String SYBASE_CONNECTION_POOL = "sybaseConnectionPool"; public final static String ORACLE_CONNECTION_DATA = "oracleConnectionData"; public final static String MYSQL_CONNECTION_DATA = "mysqlConnectionData"; public final static String MSSQL_CONNECTION_DATA = "mssqlConnectionData"; public final static String DB2_CONNECTION_DATA = "db2ConnectionData"; + public final static String SYBASE_CONNECTION_DATA = "sybaseConnectionData"; } diff --git a/src/main/webapp/conf/Spiracle.properties b/src/main/webapp/conf/Spiracle.properties index d498d2d..baf873b 100644 --- a/src/main/webapp/conf/Spiracle.properties +++ b/src/main/webapp/conf/Spiracle.properties @@ -22,6 +22,12 @@ c3p0.db2.username=test c3p0.db2.password=test c3p0.db2.maxPoolSize=50 +c3p0.sybase.classname=com.sybase.jdbc4.jdbc.SybDriver +c3p0.sybase.url=jdbc:sybase:Tds:localhost:5000/test +c3p0.sybase.username=sa +c3p0.sybase.password=sybase +c3p0.sybase.maxPoolSize=50 + jdbc.fetchsize=25 waratek.error=550 diff --git a/src/main/webapp/sql.jsp b/src/main/webapp/sql.jsp index fc2d796..c538940 100644 --- a/src/main/webapp/sql.jsp +++ b/src/main/webapp/sql.jsp @@ -71,6 +71,22 @@ 
<%=db2SqlConnectionData%>
+
+
+
Sybase C3P0 Connection Pool
+
+ <% + String sybaseSqlConnectionData = (String) application + .getAttribute(Constants.SYBASE_CONNECTION_DATA); + if (sybaseSqlConnectionData == null) { + sybaseSqlConnectionData = ""; + } + %> +
+ Connection Information + 
<%=sybaseSqlConnectionData%>
+
+
Injectable URLS
@@ -312,6 +328,48 @@
+
+

Sybase

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RequestSQL Statement
Sybase_Get_int_no_quote?id=1"SELECT * FROM users WHERE id = " + id;
Sybase_Get_string?name=wu"SELECT * FROM users WHERE name = '" + name + + "'";
Sybase_Get_string_no_quote?name=wu"SELECT * FROM users WHERE name = " + name;
Sybase_Get_Union?id=1"SELECT name, surname, CONECRT(varchar(500), dod, 3)dob FROM users WHERE + id = " + id + " UNION SELECT address_1, address_2, address_3 + FROM address WHERE id = " + id;
Sybase_Get_Implicit_Join?id=1"SELECT * FROM users, address WHERE + users.id = " + id + " AND users.id = address.id";
Sybase_Implicit_Join_Namespace?id=1"SELECT * FROM dbo.users, dbo.address WHERE + dbo.users.id = " + id + " AND dbo.users.id = dbo.address.id";
+