Merge pull request #353 from Expensify/revert-351-tyler-non-printing-…

…chars Revert "Tyler non printing chars"
Expensify · Jan 22, 2018 · 8d30ccf · 8d30ccf
2 parents 96f8d82 + be2e6c8
commit 8d30ccf
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 40 deletions.
diff --git a/libstuff/libstuff.cpp b/libstuff/libstuff.cpp
@@ -2235,12 +2235,6 @@ int SQuery(sqlite3* db, const char* e, const string& sql, SQResult& result, int6
     for (int tries = 0; tries < MAX_TRIES; tries++) {
         result.clear();
         SDEBUG(sql);
-
-        // If the query contains any non-printing characters, exit early, this is probably an SQL-injection attack.
-        if (find_if(sql.begin(), sql.end(), [](unsigned char c){return iscntrl(c) && !isspace(c);}) != sql.end()) {
-            STHROW("401 Non-printing character not allowed.");
-        }
-
         error = sqlite3_exec(db, sql.c_str(), _SQueryCallback, &result, 0);
         extErr = sqlite3_extended_errcode(db);
         if (error != SQLITE_BUSY || extErr == SQLITE_BUSY_SNAPSHOT) {

diff --git a/test/tests/LibStuffTest.cpp b/test/tests/LibStuffTest.cpp
@@ -24,15 +24,9 @@ struct LibStuff : tpunit::TestFixture {
                                     TEST(LibStuff::testSQList),
                                     TEST(LibStuff::testRandom),
                                     TEST(LibStuff::testHexConversion),
-                                    TEST(LibStuff::testContains),
-                                    TEST(LibStuff::testSQuery)
-                                    )
+                                    TEST(LibStuff::testContains))
     { }
 
-    static void _sqliteLogCallback(void* pArg, int iErrCode, const char* zMsg) {
-        SSYSLOG(LOG_INFO, SWHEREAMI << "[info] " << "{SQLITE} Code: " << iErrCode << ", Message: " << zMsg);
-    }
-
     void testEncryptDecrpyt() {
         string iv = "58fae8d18b6fe8ed";
         const string key = "44e8ff3f0e0e5323e953ac91685a62e0";
@@ -608,31 +602,4 @@ struct LibStuff : tpunit::TestFixture {
         ASSERT_TRUE(SContains(string("asdf"), "a"));
         ASSERT_TRUE(SContains(string("asdf"), string("asd")));
     }
-
-    void testSQuery() {
-
-        // Open a DB.
-        sqlite3* db = nullptr;
-        sqlite3_config(SQLITE_CONFIG_LOG, _sqliteLogCallback, 0);
-        sqlite3_config(SQLITE_CONFIG_MEMSTATUS, 0);
-        sqlite3_initialize();
-        sqlite3_open_v2(":memory:", &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_NOMUTEX, NULL);
-
-        SQResult result;
-        // Run a successful query.
-        SQuery(db, "", "SELECT 1;", result, 1000);
-
-        // Run a query we expect to throw
-        bool threw = false;
-        try {
-            SQuery(db, "", "SEL\1CT 1;", result, 1000);
-        } catch (const SException& e) {
-            if (SStartsWith(e.what(), "401")) {
-                threw = true;
-            }
-        }
-        if (!threw) {
-            throw SException("Query should have failed, but didn't");
-        }
-    }
 } __LibStuff;