Additional basic DB2 input validation

gjwatts · gjwatts · commit c62acc5d3411 · 2020-04-27T23:19:20.000-05:00
Signed-off-by: Greg Watts &lt;gwatts@us.ibm.com&gt;
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/DB2ConnectOptions.java b/vertx-db2-client/src/main/java/io/vertx/db2client/DB2ConnectOptions.java
@@ -24,6 +24,8 @@
 import io.vertx.codegen.annotations.GenIgnore;
 import io.vertx.core.json.JsonObject;
 import io.vertx.db2client.impl.DB2ConnectionUriParser;
+import io.vertx.db2client.impl.drda.SQLState;
+import io.vertx.db2client.impl.drda.SqlCode;
 import io.vertx.sqlclient.SqlConnectOptions;
 
 /**
@@ -47,11 +49,11 @@ public static DB2ConnectOptions fromUri(String connectionUri) throws IllegalArgu
     public static final String DEFAULT_HOST = "localhost";
     public static final int DEFAULT_PORT = 50000;
     public static final String DEFAULT_USER = "root";
-    public static final String DEFAULT_PASSWORD = "";
-    public static final String DEFAULT_SCHEMA = "";
+    public static final String DEFAULT_PASSWORD = "INVALID";
+    public static final String DEFAULT_SCHEMA = "INVALID";
     public static final String DEFAULT_CHARSET = "utf8";
     public static final boolean DEFAULT_USE_AFFECTED_ROWS = false;
-    public static final int DEFAULT_PIPELINING_LIMIT = 1;//256; // TODO default to 256 once implemented properly
+    public static final int DEFAULT_PIPELINING_LIMIT = 1;         //256; // TODO default to 256 once implemented properly
     public static final Map<String, String> DEFAULT_CONNECTION_ATTRIBUTES;
 
     static {
@@ -93,17 +95,29 @@ public DB2ConnectOptions setPort(int port) {
 
     @Override
     public DB2ConnectOptions setUser(String user) {
-        return (DB2ConnectOptions) super.setUser(user);
+    	if (user == null || user.trim().length() < 1) {
+    		throw new DB2Exception("The user cannot be blank or null", SqlCode.MISSING_CREDENTIALS, SQLState.CONNECT_USERID_ISNULL);
+    	} else {
+    		return (DB2ConnectOptions) super.setUser(user);
+    	}
     }
 
     @Override
     public DB2ConnectOptions setPassword(String password) {
-        return (DB2ConnectOptions) super.setPassword(password);
+    	if (password == null || password.trim().length() < 1) {
+    		throw new DB2Exception("The password cannot be blank or null", SqlCode.MISSING_CREDENTIALS, SQLState.CONNECT_PASSWORD_ISNULL);
+     	} else {
+     		return (DB2ConnectOptions) super.setPassword(password);
+     	}
     }
 
     @Override
     public DB2ConnectOptions setDatabase(String database) {
-        return (DB2ConnectOptions) super.setDatabase(database);
+    	if (database == null || database.trim().length() < 1) {
+    		throw new DB2Exception("The database name cannot be blank or null", SqlCode.DATABASE_NOT_FOUND, SQLState.DATABASE_NOT_FOUND);
+     	} else {
+            return (DB2ConnectOptions) super.setDatabase(database);
+     	}
     }
     
     @Override
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/codec/DB2Encoder.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/codec/DB2Encoder.java
@@ -97,7 +97,7 @@ void write(CommandBase<?> cmd) {
         } else if (cmd instanceof CloseConnectionCommand) {
             codec = new CloseConnectionCommandCodec((CloseConnectionCommand) cmd);
         } else if (cmd instanceof PrepareStatementCommand) {
-            codec = new PrepareStatementCodec((PrepareStatementCommand) cmd);
+       		codec = new PrepareStatementCodec((PrepareStatementCommand) cmd);
         } else if (cmd instanceof CloseStatementCommand) {
             codec = new CloseStatementCommandCodec((CloseStatementCommand) cmd);
         } else if (cmd instanceof CloseCursorCommand) {
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/codec/InitialHandshakeCommandCodec.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/codec/InitialHandshakeCommandCodec.java
@@ -33,6 +33,7 @@ class InitialHandshakeCommandCodec extends AuthenticationCommandBaseCodec<Connec
     private static final int ST_CONNECTING = 0;
     private static final int ST_AUTHENTICATING = 1;
     private static final int ST_CONNECTED = 2;
+    private static final int ST_CONNECT_FAILED = 3;
     
     private static final int TARGET_SECURITY_MEASURE = DRDAConstants.SECMEC_USRIDPWD;
     
@@ -69,7 +70,14 @@ void decodePayload(ByteBuf payload, int payloadLength) {
         switch (status) {
             case ST_CONNECTING:
                 response.readExchangeServerAttributes();
-                response.readAccessSecurity(TARGET_SECURITY_MEASURE);
+                // readAccessSecurity can throw a DB2Exception if there are problems connecting.  In that case, we want to catch that exception and 
+                // make sure to set the status to something other than ST_CONNECTING so we don't try to complete the result twice (when we hit encode)
+                try {
+                    response.readAccessSecurity(TARGET_SECURITY_MEASURE);
+                } catch (DB2Exception de) {
+                	status = ST_CONNECT_FAILED;
+                	throw de;
+                }
                 status = ST_AUTHENTICATING;
                 ByteBuf packet = allocateBuffer();
                 int packetStartIdx = packet.writerIndex();
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/DRDAConnectResponse.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/DRDAConnectResponse.java
@@ -1041,7 +1041,8 @@ private String parsePRDID(boolean skip) {
     private void parseSECCHKreply() {
         int peekCP = peekCodePoint();
         if (peekCP != CodePoint.SECCHKRM) {
-            throwUnknownCodepoint(peekCP);
+//            throwUnknownCodepoint(peekCP);
+        	parseCommonError(peekCP);
         }
 
         parseSECCHKRM();
@@ -1058,7 +1059,7 @@ private void parseSECCHKreply() {
             parseSECTKN(false);
         } 
     }
-    
+        
     // The Security Check (SECCHKRM) Reply Message indicates the acceptability
     // of the security information.
     // This method throws an exception if the connection was not established
@@ -1143,7 +1144,7 @@ private void parseSECCHKRM() {
             throw new DB2Exception("Missing userid, verify a user value was supplied", SqlCode.MISSING_CREDENTIALS, SQLState.CONNECT_USERID_ISNULL);
         // Missing password - TODO  We should catch and handle this issue *before* the call to the DB2 server
         case CodePoint.SECCHKCD_10:
-            // Using SQL error code and state values from similar JDBC reponse
+            // Using SQL error code and state values from similar JDBC response
         	throw new DB2Exception("Missing password, verify a password value was supplied", SqlCode.MISSING_CREDENTIALS, SQLState.CONNECT_PASSWORD_ISNULL);
         // Invalid credentials
         case CodePoint.SECCHKCD_0E:
@@ -1315,12 +1316,15 @@ private void parseRdbAccessFailed() {
     // Returned from Server:
     // SVRCOD - required  (8 - ERROR)
     // RDBNAM - required
+    // SRVDGN - optional
     //
     private void parseRDBAFLRM() {
         boolean svrcodReceived = false;
         int svrcod = CodePoint.SVRCOD_INFO;
         boolean rdbnamReceived = false;
+        boolean srvdgnReceived = false;
         String rdbnam = null;
+        String serverDiagnostics = null;
 
         parseLengthAndMatchCodePoint(CodePoint.RDBAFLRM);
         pushLengthOnCollectionStack();
@@ -1343,6 +1347,14 @@ private void parseRDBAFLRM() {
                 rdbnam = parseRDBNAM(true);
                 peekCP = peekCodePoint();
             }
+            
+            // Optional code point
+            if (peekCP == CodePoint.SRVDGN) {
+                foundInPass = true;
+                srvdgnReceived = checkAndGetReceivedFlag(srvdgnReceived);
+                serverDiagnostics = parseSRVDGN();
+                peekCP = peekCodePoint();
+            }
 
             if (!foundInPass) {
             	throwUnknownCodepoint(peekCP);
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/DRDAQueryResponse.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/DRDAQueryResponse.java
@@ -2730,6 +2730,8 @@ private int parseCODPNT() {
     void parseDTAMCHRM() {
         boolean svrcodReceived = false;
         int svrcod = CodePoint.SVRCOD_INFO;
+        boolean srvdgnReceived = false;
+        String serverDiagnostics = null;
         boolean rdbnamReceived = false;
         String rdbnam = null;
 
@@ -2747,13 +2749,21 @@ void parseDTAMCHRM() {
                 svrcod = parseSVRCOD(CodePoint.SVRCOD_ERROR, CodePoint.SVRCOD_ERROR);
                 peekCP = peekCodePoint();
             }
-
+            
             if (peekCP == CodePoint.RDBNAM) {
                 foundInPass = true;
                 rdbnamReceived = checkAndGetReceivedFlag(rdbnamReceived);
                 rdbnam = parseRDBNAM(true);
                 peekCP = peekCodePoint();
             }
+            
+            // Optional code point
+            if (peekCP == CodePoint.SRVDGN) {
+                foundInPass = true;
+                srvdgnReceived = checkAndGetReceivedFlag(srvdgnReceived);
+                serverDiagnostics = parseSRVDGN();
+                peekCP = peekCodePoint();
+            }
 
             if (!foundInPass) {
                 throwUnknownCodepoint(peekCP);
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/NetSqlca.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/NetSqlca.java
@@ -17,6 +17,8 @@
 
 import java.util.Arrays;
 
+import io.vertx.db2client.DB2Exception;
+
 /**
  * A SQLCA stands for "SQL Communication Area"
  * The primary purpose is for tracking the SQLCode.
@@ -92,16 +94,52 @@ public static int complete(NetSqlca sqlca, int... allowedCodes) {
            return 0;
        boolean allowed = Arrays.stream(allowedCodes).anyMatch(code -> code == sqlca.sqlCode_);
        if (!allowed && sqlca.sqlCode_ < 0) {
+    	   throwSqlError(sqlca);
     	   // TODO: May want to go through the DB2 SQL error code doc above and provide English 
-    	   // messages to go along with the corresponding SQLcode to save users needing to look them up
-           throw new IllegalStateException("ERROR sqlcode=" + sqlca.sqlCode_ + "  Full Sqlca: " + sqlca.toString());
+    	   // messages to go along with the corresponding SQLcode to save users needing to look them up           
        }
        if (!allowed && sqlca.sqlCode_ > 0) {
            System.out.println("WARNING sqlcode=" + sqlca.sqlCode_);
        }
        return sqlca.sqlCode_;
    }
 
+   /**
+    * Throws a specific error message based on the passed in SQL error code
+    * @param sqlca
+    */
+   public static void throwSqlError(NetSqlca sqlca) {
+	   if (sqlca == null || sqlca.sqlCode_ == 0) {
+           return;
+	   }
+	   // Add additional error messages to this list
+	   switch(sqlca.sqlCode_) {
+            // The SQL syntax is invalid
+  	        case SqlCode.INVALID_SQL_STATEMENT:
+       	        throw new DB2Exception("The SQL syntax provided was invalid", SqlCode.INVALID_SQL_STATEMENT, sqlca.sqlState_);
+       	    // The object (table?) is not defined/available
+  	        case SqlCode.OBJECT_NOT_DEFINED:
+  	        	if (sqlca.sqlErrmc_ != null && sqlca.sqlErrmc_.trim().length() > 0)
+  	        		throw new DB2Exception("The object " + sqlca.sqlErrmc_ + " provided is not defined", SqlCode.OBJECT_NOT_DEFINED, sqlca.sqlState_);
+  	        	else
+  	        		throw new DB2Exception("An object provided is not defined", SqlCode.OBJECT_NOT_DEFINED, sqlca.sqlState_);
+       	    // The object (table?) is not defined/available
+  	        case SqlCode.COLUMN_DOES_NOT_EXIST:
+  	        	if (sqlca.sqlErrmc_ != null && sqlca.sqlErrmc_.trim().length() > 0)
+  	        		throw new DB2Exception("The column " + sqlca.sqlErrmc_ + " provided does not exist", SqlCode.COLUMN_DOES_NOT_EXIST, sqlca.sqlState_);
+  	        	else
+  	        		throw new DB2Exception("A column provided does not exist", SqlCode.COLUMN_DOES_NOT_EXIST, sqlca.sqlState_);
+	        // Invalid database specified
+	   	    case SqlCode.DATABASE_NOT_FOUND:
+	   	    	if (sqlca.sqlErrmc_ != null && sqlca.sqlErrmc_.trim().length() > 0)
+	   	    		throw new DB2Exception("The database " + sqlca.sqlErrmc_ + " provided was not found", SqlCode.DATABASE_NOT_FOUND, sqlca.sqlState_);
+	   	    	else
+	   	    		throw new DB2Exception("The database provided was not found", SqlCode.DATABASE_NOT_FOUND, sqlca.sqlState_);
+            default:
+                throw new IllegalStateException("ERROR sqlcode=" + sqlca.sqlCode_ + "  Full Sqlca: " + sqlca.toString());
+	   }
+   }
+   
    void setSqlerrd(int[] sqlErrd) {
        sqlErrd_ = sqlErrd;
    }
diff --git a/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/SqlCode.java b/vertx-db2-client/src/main/java/io/vertx/db2client/impl/drda/SqlCode.java
@@ -28,6 +28,17 @@ public class SqlCode {
 	public static final int RDB_NOT_FOUND = -30061;
 	public static final int INVALID_CREDENTIALS = -4214;
 	public static final int MISSING_CREDENTIALS = -4461;
+	public static final int DATABASE_NOT_FOUND = -1001;
+	
+	// -104 is a broad error message (illegal symbol encountered in SQL statement) 
+	// and could be further broken down by adding more specific SQL error codes and handling them separately 
+	public static final int INVALID_SQL_STATEMENT = -104;
+	
+	// The error message for this says "Object not defined in DB2" in Wikipedia and 
+	// "<name> is an undefined name" in the IBM zOS DB2 Knowledge Center
+	// But I see it with invalid table names specified in a query
+	public static final int OBJECT_NOT_DEFINED = -204;
+	public static final int COLUMN_DOES_NOT_EXIST = -206;
 	
     private int code_;
 
diff --git a/vertx-db2-client/src/test/java/io/vertx/db2client/DB2ErrorMessageTest.java b/vertx-db2-client/src/test/java/io/vertx/db2client/DB2ErrorMessageTest.java
