merge dev/4.2.2 into main (#915)

merge dev/4.2.2 into main
oceanbase · Nov 27, 2023 · f080e56 · f080e56
2 parents 526d3ea + 1284a39
commit f080e56
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 1 deletion.
diff --git a/server/odc-core/src/main/java/com/oceanbase/odc/core/sql/util/JdbcDataTypeUtil.java b/server/odc-core/src/main/java/com/oceanbase/odc/core/sql/util/JdbcDataTypeUtil.java
@@ -147,7 +147,7 @@ public static void setValueIntoStatement(CallableStatement statement, int index,
     public static Object getValueFromStatement(CallableStatement statement, int index, String type)
             throws SQLException {
         JDBCType jdbcType = parseDataType(type);
-        if (null == statement.getString(index)) {
+        if (null == statement.getObject(index)) {
             return null;
         }
         switch (jdbcType) {

diff --git a/...rvice/src/main/java/com/oceanbase/odc/service/session/factory/DruidDataSourceFactory.java b/...rvice/src/main/java/com/oceanbase/odc/service/session/factory/DruidDataSourceFactory.java
@@ -92,6 +92,7 @@ private void init(DruidDataSource dataSource) {
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         dataSource.setConnectProperties(properties);
         try {
             setConnectAndSocketTimeoutFromJdbcUrl(dataSource);

diff --git a/...e/src/main/java/com/oceanbase/odc/service/session/factory/OBConsoleDataSourceFactory.java b/...e/src/main/java/com/oceanbase/odc/service/session/factory/OBConsoleDataSourceFactory.java
@@ -180,6 +180,8 @@ public static Map<String, String> getJdbcParams(@NonNull ConnectionConfig connec
         // fix arbitrary file reading vulnerability
         jdbcUrlParams.put("allowLoadLocalInfile", "false");
         jdbcUrlParams.put("allowUrlInLocalInfile", "false");
+        jdbcUrlParams.put("allowLoadLocalInfileInPath", "");
+        jdbcUrlParams.put("autoDeserialize", "false");
         return jdbcUrlParams;
     }
 
@@ -198,6 +200,7 @@ public DataSource getDataSource() {
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         dataSource.setConnectionProperties(properties);
         if (autoCommit != null) {
             dataSource.setAutoCommit(autoCommit);

diff --git a/...-mysql/src/main/java/com/oceanbase/odc/plugin/connect/mysql/MySQLConnectionExtension.java b/...-mysql/src/main/java/com/oceanbase/odc/plugin/connect/mysql/MySQLConnectionExtension.java
@@ -71,6 +71,7 @@ public TestResult test(String jdbcUrl, String username, String password, int que
         properties.setProperty("allowLoadLocalInfile", "false");
         properties.setProperty("allowUrlInLocalInfile", "false");
         properties.setProperty("allowLoadLocalInfileInPath", "");
+        properties.setProperty("autoDeserialize", "false");
         TestResult testResult = test(jdbcUrl, properties, queryTimeout);
         if (testResult.getErrorCode() != null) {
             return testResult;