Upstream/bentobox
1
0
Fork 0
mirror of https://github.com/BentoBoxWorld/BentoBox.git synced 2025-01-19 22:51:23 +01:00
Code Issues Projects Releases Wiki Activity

Removed imports

Browse Source 
Fixed vulnerability issue with Pair

Fixed database connection issue with MySQLDatabaseHandler
This commit is contained in:
Tastybento 2018-02-10 13:51:11 -08:00
parent 65d34f5842
commit 84e3ae3e8b
5 changed files with 125 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/us/tastybento/bskyblock/api/placeholders/hooks/InternalPlaceholderImpl.java
View File

@ -1,7 +1,5 @@
package us.tastybento.bskyblock.api.placeholders.hooks; package us.tastybento.bskyblock.api.placeholders.hooks;
import java.util.regex.Pattern;
import us.tastybento.bskyblock.BSkyBlock; import us.tastybento.bskyblock.BSkyBlock;
import us.tastybento.bskyblock.api.commands.User; import us.tastybento.bskyblock.api.commands.User;
import us.tastybento.bskyblock.api.placeholders.Placeholder; import us.tastybento.bskyblock.api.placeholders.Placeholder;

229
src/main/java/us/tastybento/bskyblock/database/mysql/MySQLDatabaseHandler.java
View File

@ -378,123 +378,120 @@ public class MySQLDatabaseHandler<T> extends AbstractDatabaseHandler<T> {
InstantiationException, IllegalAccessException, InstantiationException, IllegalAccessException,
IntrospectionException, InvocationTargetException, NoSuchMethodException { IntrospectionException, InvocationTargetException, NoSuchMethodException {
// Try to connect to the database // insertQuery is created in super from the createInsertQuery() method
try (Connection connection = databaseConnecter.createConnection()) { try (PreparedStatement preparedStatement = connection.prepareStatement(insertQuery)) {
// insertQuery is created in super from the createInsertQuery() method // Get the uniqueId. As each class extends DataObject, it must have this method in it.
try (PreparedStatement preparedStatement = connection.prepareStatement(insertQuery)) { PropertyDescriptor propertyDescriptor = new PropertyDescriptor("uniqueId", dataObject);
// Get the uniqueId. As each class extends DataObject, it must have this method in it. Method getUniqueId = propertyDescriptor.getReadMethod();
PropertyDescriptor propertyDescriptor = new PropertyDescriptor("uniqueId", dataObject); final String uniqueId = (String) getUniqueId.invoke(instance);
Method getUniqueId = propertyDescriptor.getReadMethod(); if (uniqueId.isEmpty()) {
final String uniqueId = (String) getUniqueId.invoke(instance); throw new SQLException("uniqueId is blank");
if (uniqueId.isEmpty()) {
throw new SQLException("uniqueId is blank");
}
// Create the insertion
int i = 0;
// Run through the fields in the class using introspection
for (Field field : dataObject.getDeclaredFields()) {
// Get the field's property descriptor
propertyDescriptor = new PropertyDescriptor(field.getName(), dataObject);
// Get the read method for this field
Method method = propertyDescriptor.getReadMethod();
//sql += "`" + field.getName() + "` " + mapping + ",";
// Invoke the read method to obtain the value from the class - this is the value we need to store in the database
Object value = method.invoke(instance);
// Adapter Notation
Adapter adapterNotation = field.getAnnotation(Adapter.class);
if (adapterNotation != null && AdapterInterface.class.isAssignableFrom(adapterNotation.value())) {
// A conversion adapter has been defined
value = ((AdapterInterface<?,?>)adapterNotation.value().newInstance()).deserialize(value);
}
// Create set and map table inserts if this is a Collection
if (propertyDescriptor.getPropertyType().equals(Set.class) ||
propertyDescriptor.getPropertyType().equals(Map.class) ||
propertyDescriptor.getPropertyType().equals(HashMap.class) ||
propertyDescriptor.getPropertyType().equals(ArrayList.class)) {
// Collection
// The table is cleared for this uniqueId every time the data is stored
StringBuilder clearTableSql = new StringBuilder();
clearTableSql.append("DELETE FROM `");
clearTableSql.append(dataObject.getCanonicalName());
clearTableSql.append(".");
clearTableSql.append(field.getName());
clearTableSql.append("` WHERE uniqueId = ?");
try (PreparedStatement collStatement = connection.prepareStatement(clearTableSql.toString())) {
collStatement.setString(1, uniqueId);
collStatement.execute();
}
// Insert into the table
StringBuilder setSql = new StringBuilder();
setSql.append("INSERT INTO `");
setSql.append(dataObject.getCanonicalName());
setSql.append(".");
setSql.append(field.getName());
setSql.append("` (uniqueId, ");
// Get the columns we are going to insert, just the names of them
setSql.append(getCollectionColumnString(propertyDescriptor.getWriteMethod(), false, false));
setSql.append(") ");
// Get all the ?'s for the columns
setSql.append("VALUES ('?',");
setSql.append(getCollectionColumnString(propertyDescriptor.getWriteMethod(), true, false));
setSql.append(")");
// Prepare the statement
try (PreparedStatement collStatement = connection.prepareStatement(setSql.toString())) {
// Set the uniqueId
collStatement.setString(1, uniqueId);
// Do single dimension types (set and list)
if (propertyDescriptor.getPropertyType().equals(Set.class) ||
propertyDescriptor.getPropertyType().equals(ArrayList.class)) {
//plugin.getLogger().info("DEBUG: set class for ");
// Loop through the set or list
// Note that we have no idea what type this is
Collection<?> collection = (Collection<?>)value;
Iterator<?> it = collection.iterator();
while (it.hasNext()) {
Object setValue = it.next();
//if (setValue instanceof UUID) {
// Serialize everything
setValue = serialize(setValue, setValue.getClass());
//}
// Set the value from ? to whatever it is
collStatement.setObject(2, setValue);
// Execute the SQL in the database
collStatement.execute();
}
} else if (propertyDescriptor.getPropertyType().equals(Map.class) ||
propertyDescriptor.getPropertyType().equals(HashMap.class)) {
// Loop through the map
Map<?,?> collection = (Map<?,?>)value;
Iterator<?> it = collection.entrySet().iterator();
while (it.hasNext()) {
Entry<?,?> en = (Entry<?, ?>) it.next();
// Get the key and serialize it
Object key = serialize(en.getKey(), en.getKey().getClass());
// Get the value and serialize it
Object mapValue = serialize(en.getValue(), en.getValue().getClass());
// Write the objects into prepared statement
collStatement.setObject(1, key);
collStatement.setObject(2, mapValue);
// Write to database
collStatement.execute();
}
}
// Set value for the main insert. For collections, this is just a dummy value because the real values are in the
// additional table.
value = true;
}
} else {
// If the value is not a collection, it just needs to be serialized to go into the database.
value = serialize(value, propertyDescriptor.getPropertyType());
}
// Set the value in the main prepared statement and increment the location
// Note that with prepared statements, they count from 1, not 0, so the ++ goes on the front of i.
preparedStatement.setObject(++i, value);
}
// Add the statements to a batch
preparedStatement.addBatch();
// Execute
preparedStatement.executeBatch();
} }
// Create the insertion
int i = 0;
// Run through the fields in the class using introspection
for (Field field : dataObject.getDeclaredFields()) {
// Get the field's property descriptor
propertyDescriptor = new PropertyDescriptor(field.getName(), dataObject);
// Get the read method for this field
Method method = propertyDescriptor.getReadMethod();
//sql += "`" + field.getName() + "` " + mapping + ",";
// Invoke the read method to obtain the value from the class - this is the value we need to store in the database
Object value = method.invoke(instance);
// Adapter Notation
Adapter adapterNotation = field.getAnnotation(Adapter.class);
if (adapterNotation != null && AdapterInterface.class.isAssignableFrom(adapterNotation.value())) {
// A conversion adapter has been defined
value = ((AdapterInterface<?,?>)adapterNotation.value().newInstance()).deserialize(value);
}
// Create set and map table inserts if this is a Collection
if (propertyDescriptor.getPropertyType().equals(Set.class) ||
propertyDescriptor.getPropertyType().equals(Map.class) ||
propertyDescriptor.getPropertyType().equals(HashMap.class) ||
propertyDescriptor.getPropertyType().equals(ArrayList.class)) {
// Collection
// The table is cleared for this uniqueId every time the data is stored
StringBuilder clearTableSql = new StringBuilder();
clearTableSql.append("DELETE FROM `");
clearTableSql.append(dataObject.getCanonicalName());
clearTableSql.append(".");
clearTableSql.append(field.getName());
clearTableSql.append("` WHERE uniqueId = ?");
try (PreparedStatement collStatement = connection.prepareStatement(clearTableSql.toString())) {
collStatement.setString(1, uniqueId);
collStatement.execute();
}
// Insert into the table
StringBuilder setSql = new StringBuilder();
setSql.append("INSERT INTO `");
setSql.append(dataObject.getCanonicalName());
setSql.append(".");
setSql.append(field.getName());
setSql.append("` (uniqueId, ");
// Get the columns we are going to insert, just the names of them
setSql.append(getCollectionColumnString(propertyDescriptor.getWriteMethod(), false, false));
setSql.append(") ");
// Get all the ?'s for the columns
setSql.append("VALUES ('?',");
setSql.append(getCollectionColumnString(propertyDescriptor.getWriteMethod(), true, false));
setSql.append(")");
// Prepare the statement
try (PreparedStatement collStatement = connection.prepareStatement(setSql.toString())) {
// Set the uniqueId
collStatement.setString(1, uniqueId);
// Do single dimension types (set and list)
if (propertyDescriptor.getPropertyType().equals(Set.class) ||
propertyDescriptor.getPropertyType().equals(ArrayList.class)) {
//plugin.getLogger().info("DEBUG: set class for ");
// Loop through the set or list
// Note that we have no idea what type this is
Collection<?> collection = (Collection<?>)value;
Iterator<?> it = collection.iterator();
while (it.hasNext()) {
Object setValue = it.next();
//if (setValue instanceof UUID) {
// Serialize everything
setValue = serialize(setValue, setValue.getClass());
//}
// Set the value from ? to whatever it is
collStatement.setObject(2, setValue);
// Execute the SQL in the database
collStatement.execute();
}
} else if (propertyDescriptor.getPropertyType().equals(Map.class) ||
propertyDescriptor.getPropertyType().equals(HashMap.class)) {
// Loop through the map
Map<?,?> collection = (Map<?,?>)value;
Iterator<?> it = collection.entrySet().iterator();
while (it.hasNext()) {
Entry<?,?> en = (Entry<?, ?>) it.next();
// Get the key and serialize it
Object key = serialize(en.getKey(), en.getKey().getClass());
// Get the value and serialize it
Object mapValue = serialize(en.getValue(), en.getValue().getClass());
// Write the objects into prepared statement
collStatement.setObject(1, key);
collStatement.setObject(2, mapValue);
// Write to database
collStatement.execute();
}
}
// Set value for the main insert. For collections, this is just a dummy value because the real values are in the
// additional table.
value = true;
}
} else {
// If the value is not a collection, it just needs to be serialized to go into the database.
value = serialize(value, propertyDescriptor.getPropertyType());
}
// Set the value in the main prepared statement and increment the location
// Note that with prepared statements, they count from 1, not 0, so the ++ goes on the front of i.
preparedStatement.setObject(++i, value);
}
// Add the statements to a batch
preparedStatement.addBatch();
// Execute
preparedStatement.executeBatch();
} }
} }

11
src/main/java/us/tastybento/bskyblock/lists/Placeholders.java
View File

@ -1,14 +1,15 @@
package us.tastybento.bskyblock.lists; package us.tastybento.bskyblock.lists;
import org.bukkit.Bukkit;
import us.tastybento.bskyblock.BSkyBlock;
import us.tastybento.bskyblock.api.placeholders.Placeholder;
import us.tastybento.bskyblock.api.placeholders.PlaceholderBuilder;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.bukkit.Bukkit;
import us.tastybento.bskyblock.BSkyBlock;
import us.tastybento.bskyblock.api.placeholders.Placeholder;
import us.tastybento.bskyblock.api.placeholders.PlaceholderBuilder;
public class Placeholders { public class Placeholders {
public static final Placeholder PLUGIN_NAME = new PlaceholderBuilder().identifier("bsb_plugin_name").value((user) -> BSkyBlock.getInstance().getDescription().getName()).build(); public static final Placeholder PLUGIN_NAME = new PlaceholderBuilder().identifier("bsb_plugin_name").value((user) -> BSkyBlock.getInstance().getDescription().getName()).build();

4
src/main/java/us/tastybento/bskyblock/util/Pair.java
View File

@ -2,8 +2,8 @@ package us.tastybento.bskyblock.util;
public class Pair<X, Z> { public class Pair<X, Z> {
public X x; public final X x;
public Z z; public final Z z;
public Pair(X x, Z z) { public Pair(X x, Z z) {
this.x = x; this.x = x;

6
src/test/java/us/tastybento/bskyblock/database/mysql/MySQLDatabaseHandlerTest.java
View File

@ -3,17 +3,19 @@
*/ */
package us.tastybento.bskyblock.database.mysql; package us.tastybento.bskyblock.database.mysql;
import static org.junit.Assert.*; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import java.beans.IntrospectionException; import java.beans.IntrospectionException;
import java.sql.Statement;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.sql.Connection; import java.sql.Connection;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Statement;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;