+117
-14
lines changedFilter options
+117
-14
lines changed Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
1 1
from django.contrib.gis.db.models.fields import (
2 2
ExtentField, GeometryCollectionField, GeometryField, LineStringField,
3 3
)
4 +
from django.db.models import Value
4 5
from django.db.models.aggregates import Aggregate
5 6
from django.utils.functional import cached_property
6 7
@@ -27,9 +28,16 @@ def as_sql(self, compiler, connection, function=None, **extra_context):
27 28
)
28 29 29 30
def as_oracle(self, compiler, connection, **extra_context):
30 -
tolerance = self.extra.get('tolerance') or getattr(self, 'tolerance', 0.05)
31 -
template = None if self.is_extent else '%(function)s(SDOAGGRTYPE(%(expressions)s,%(tolerance)s))'
32 -
return self.as_sql(compiler, connection, template=template, tolerance=tolerance, **extra_context)
31 +
if not self.is_extent:
32 +
tolerance = self.extra.get('tolerance') or getattr(self, 'tolerance', 0.05)
33 +
clone = self.copy()
34 +
clone.set_source_expressions([
35 +
*self.get_source_expressions(),
36 +
Value(tolerance),
37 +
])
38 +
template = '%(function)s(SDOAGGRTYPE(%(expressions)s))'
39 +
return clone.as_sql(compiler, connection, template=template, **extra_context)
40 +
return self.as_sql(compiler, connection, **extra_context)
33 41 34 42
def resolve_expression(self, query=None, allow_joins=True, reuse=None, summarize=False, for_save=False):
35 43
c = super().resolve_expression(query, allow_joins, reuse, summarize, for_save)
@@ -111,12 +111,14 @@ class OracleToleranceMixin:
111 111
tolerance = 0.05
112 112 113 113
def as_oracle(self, compiler, connection, **extra_context):
114 -
tol = self.extra.get('tolerance', self.tolerance)
115 -
return self.as_sql(
116 -
compiler, connection,
117 -
template="%%(function)s(%%(expressions)s, %s)" % tol,
118 -
**extra_context
119 -
)
114 +
tolerance = Value(self._handle_param(
115 +
self.extra.get('tolerance', self.tolerance),
116 +
'tolerance',
117 +
NUMERIC_TYPES,
118 +
))
119 +
clone = self.copy()
120 +
clone.set_source_expressions([*self.get_source_expressions(), tolerance])
121 +
return clone.as_sql(compiler, connection, **extra_context)
120 122 121 123 122 124
class Area(OracleToleranceMixin, GeoFunc):
@@ -0,0 +1,13 @@
1 +
============================
2 +
Django 1.11.29 release notes
3 +
============================
4 + 5 +
*March 4, 2020*
6 + 7 +
Django 1.11.29 fixes a security issue in 1.11.29.
8 + 9 +
CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
10 +
============================================================================================================
11 + 12 +
GIS functions and aggregates on Oracle were subject to SQL injection,
13 +
using a suitably crafted ``tolerance``.
Original file line number Diff line number Diff line change
@@ -2,9 +2,15 @@
2 2
Django 2.2.11 release notes
3 3
===========================
4 4 5 -
*Expected March 2, 2020*
5 +
*March 4, 2020*
6 6 7 -
Django 2.2.11 fixes a data loss bug in 2.2.10.
7 +
Django 2.2.11 fixes a security issue and a data loss bug in 2.2.10.
8 + 9 +
CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
10 +
============================================================================================================
11 + 12 +
GIS functions and aggregates on Oracle were subject to SQL injection,
13 +
using a suitably crafted ``tolerance``.
8 14 9 15
Bugfixes
10 16
========
@@ -2,9 +2,15 @@
2 2
Django 3.0.4 release notes
3 3
==========================
4 4 5 -
*Expected March 2, 2020*
5 +
*March 4, 2020*
6 6 7 -
Django 3.0.4 fixes several bugs in 3.0.3.
7 +
Django 3.0.4 fixes a security issue and several bugs in 3.0.3.
8 + 9 +
CVE-2020-9402: Potential SQL injection via ``tolerance`` parameter in GIS functions and aggregates on Oracle
10 +
============================================================================================================
11 + 12 +
GIS functions and aggregates on Oracle were subject to SQL injection,
13 +
using a suitably crafted ``tolerance``.
8 14 9 15
Bugfixes
10 16
========
@@ -96,6 +96,7 @@ versions of the documentation contain the release notes for any later releases.
96 96
.. toctree::
97 97
:maxdepth: 1
98 98 99 +
1.11.29
99 100
1.11.28
100 101
1.11.27
101 102
1.11.26
@@ -434,6 +434,37 @@ def test_distance_function_d_lookup(self):
434 434
).filter(d=D(m=1))
435 435
self.assertTrue(qs.exists())
436 436 437 +
@unittest.skipUnless(
438 +
connection.vendor == 'oracle',
439 +
'Oracle supports tolerance paremeter.',
440 +
)
441 +
def test_distance_function_tolerance_escaping(self):
442 +
qs = Interstate.objects.annotate(
443 +
d=Distance(
444 +
Point(500, 500, srid=3857),
445 +
Point(0, 0, srid=3857),
446 +
tolerance='0.05) = 1 OR 1=1 OR (1+1',
447 +
),
448 +
).filter(d=D(m=1)).values('pk')
449 +
msg = 'The tolerance parameter has the wrong type'
450 +
with self.assertRaisesMessage(TypeError, msg):
451 +
qs.exists()
452 + 453 +
@unittest.skipUnless(
454 +
connection.vendor == 'oracle',
455 +
'Oracle supports tolerance paremeter.',
456 +
)
457 +
def test_distance_function_tolerance(self):
458 +
# Tolerance is greater than distance.
459 +
qs = Interstate.objects.annotate(
460 +
d=Distance(
461 +
Point(0, 0, srid=3857),
462 +
Point(1, 1, srid=3857),
463 +
tolerance=1.5,
464 +
),
465 +
).filter(d=0).values('pk')
466 +
self.assertIs(qs.exists(), True)
467 + 437 468
@skipIfDBFeature("supports_distance_geodetic")
438 469
@skipUnlessDBFeature("has_Distance_function")
439 470
def test_distance_function_raw_result_d_lookup(self):
@@ -9,7 +9,7 @@
9 9
MultiPoint, MultiPolygon, Point, Polygon, fromstr,
10 10
)
11 11
from django.core.management import call_command
12 -
from django.db import NotSupportedError, connection
12 +
from django.db import DatabaseError, NotSupportedError, connection
13 13
from django.test import TestCase, skipUnlessDBFeature
14 14 15 15
from ..utils import (
@@ -564,6 +564,42 @@ def test_unionagg(self):
564 564
qs = City.objects.filter(name='NotACity')
565 565
self.assertIsNone(qs.aggregate(Union('point'))['point__union'])
566 566 567 +
@unittest.skipUnless(
568 +
connection.vendor == 'oracle',
569 +
'Oracle supports tolerance paremeter.',
570 +
)
571 +
def test_unionagg_tolerance(self):
572 +
City.objects.create(
573 +
point=fromstr('POINT(-96.467222 32.751389)', srid=4326),
574 +
name='Forney',
575 +
)
576 +
tx = Country.objects.get(name='Texas').mpoly
577 +
# Tolerance is greater than distance between Forney and Dallas, that's
578 +
# why Dallas is ignored.
579 +
forney_houston = GEOSGeometry(
580 +
'MULTIPOINT(-95.363151 29.763374, -96.467222 32.751389)',
581 +
srid=4326,
582 +
)
583 +
self.assertIs(
584 +
forney_houston.equals(
585 +
City.objects.filter(point__within=tx).aggregate(
586 +
Union('point', tolerance=32000),
587 +
)['point__union'],
588 +
),
589 +
True,
590 +
)
591 + 592 +
@unittest.skipUnless(
593 +
connection.vendor == 'oracle',
594 +
'Oracle supports tolerance paremeter.',
595 +
)
596 +
def test_unionagg_tolerance_escaping(self):
597 +
tx = Country.objects.get(name='Texas').mpoly
598 +
with self.assertRaises(DatabaseError):
599 +
City.objects.filter(point__within=tx).aggregate(
600 +
Union('point', tolerance='0.05))), (((1'),
601 +
)
602 + 567 603
def test_within_subquery(self):
568 604
"""
569 605
Using a queryset inside a geo lookup is working (using a subquery)
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4