merge dev/4.2.2 into main (#915)

yhilmare · web-flow · commit f080e5638553 · 2023-11-27T09:57:27.000+08:00
merge dev/4.2.2 into main
diff --git a/server/odc-core/src/main/java/com/oceanbase/odc/core/sql/util/JdbcDataTypeUtil.java b/server/odc-core/src/main/java/com/oceanbase/odc/core/sql/util/JdbcDataTypeUtil.java
@@ -147,7 +147,7 @@ public static void setValueIntoStatement(CallableStatement statement, int index,
     public static Object getValueFromStatement(CallableStatement statement, int index, String type)
             throws SQLException {
         JDBCType jdbcType = parseDataType(type);
-        if (null == statement.getString(index)) {
+        if (null == statement.getObject(index)) {
             return null;
         }
         switch (jdbcType) {
diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/session/factory/DruidDataSourceFactory.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/session/factory/DruidDataSourceFactory.java
@@ -92,6 +92,7 @@ private void init(DruidDataSource dataSource) {
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         dataSource.setConnectProperties(properties);
         try {
             setConnectAndSocketTimeoutFromJdbcUrl(dataSource);
diff --git a/server/odc-service/src/main/java/com/oceanbase/odc/service/session/factory/OBConsoleDataSourceFactory.java b/server/odc-service/src/main/java/com/oceanbase/odc/service/session/factory/OBConsoleDataSourceFactory.java
@@ -180,6 +180,8 @@ public static Map<String, String> getJdbcParams(@NonNull ConnectionConfig connec
         // fix arbitrary file reading vulnerability
         jdbcUrlParams.put("allowLoadLocalInfile", "false");
         jdbcUrlParams.put("allowUrlInLocalInfile", "false");
+        jdbcUrlParams.put("allowLoadLocalInfileInPath", "");
+        jdbcUrlParams.put("autoDeserialize", "false");
         return jdbcUrlParams;
     }
 
@@ -198,6 +200,7 @@ public DataSource getDataSource() {
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         dataSource.setConnectionProperties(properties);
         if (autoCommit != null) {
             dataSource.setAutoCommit(autoCommit);
diff --git a/server/plugins/connect-plugin-mysql/src/main/java/com/oceanbase/odc/plugin/connect/mysql/MySQLConnectionExtension.java b/server/plugins/connect-plugin-mysql/src/main/java/com/oceanbase/odc/plugin/connect/mysql/MySQLConnectionExtension.java
@@ -71,6 +71,7 @@ public TestResult test(String jdbcUrl, String username, String password, int que
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         TestResult testResult = test(jdbcUrl, properties, queryTimeout);
         if (testResult.getErrorCode() != null) {
             return testResult;

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ public static void setValueIntoStatement(CallableStatement statement, int index,`
`147`	`147`	`public static Object getValueFromStatement(CallableStatement statement, int index, String type)`
`148`	`148`	`throws SQLException {`
`149`	`149`	`JDBCType jdbcType = parseDataType(type);`
`150`		`- if (null == statement.getString(index)) {`
	`150`	`+ if (null == statement.getObject(index)) {`
`151`	`151`	`return null;`
`152`	`152`	`}`
`153`	`153`	`switch (jdbcType) {`