我试图将HSQLDB从2.7.0升级到2.7.1,但是它破坏了测试。测试可以是任何东西,错误总是相同的。
测试类别:
@RunWith( SpringJUnit4ClassRunner.class )
@Transactional( transactionManager = "txManager" )
@Rollback
@ContextConfiguration( "classpath:applicationContext-test.xml" )
public class JdbcOrdersDaoImplTest {
@Autowired
private OrdersAdminDao hsqlOrdersDao;
@Test
public void setUp() {
}applicationContext-test.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">
<import resource="classpath:applicationContext-Order-SQL.xml"/>
<import resource="classpath:applicationContext-OrderEvent-SQL.xml"/>
<import resource="classpath:applicationContext-Message-SQL.xml"/>
<bean id="hsqlDataSource" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
<property name="url" value="jdbc:hsqldb:mem:test;sql.syntax_pgs=true;hsqldb.sqllog=3;hsqldb.applog=3"/>
<property name="username" value="Foo"/>
<property name="password" value=""/>
</bean>
<jdbc:initialize-database data-source="hsqlDataSource">
<jdbc:script location="file:src/main/sql/archive/5.0/init_core_structure.sql"/>
<jdbc:script location="classpath:hsqldb-create-sequence.sql"/>
<jdbc:script location="classpath:create-date-function.sql"/>
</jdbc:initialize-database>
<bean id="hsqlOrdersDao" class="com.source.fix.gateway.data.impl.JdbcOrdersDaoImpl">
<property name="dataSource" ref="hsqlDataSource"/>
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="hsqlDataSource"/>
</bean>
</beans>堆栈跟踪:
Failed to load ApplicationContext
java.lang.IllegalStateException: Failed to load ApplicationContext
(...)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.jdbc.datasource.init.DataSourceInitializer#0': Invocation of init method failed; nested exception is org.springframework.jdbc.datasource.init.ScriptStatementFailedException: Failed to execute SQL script statement #1 of class path resource [create-date-function.sql]: CREATE FUNCTION DATE(v TIMESTAMP) RETURNS DATE LANGUAGE JAVA DETERMINISTIC NO SQL EXTERNAL NAME 'CLASSPATH:com.source.fix.PostgresDate.date'; nested exception is java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: com.source.fix.PostgresDate
(...)
Caused by: org.springframework.jdbc.datasource.init.ScriptStatementFailedException: Failed to execute SQL script statement #1 of class path resource [create-date-function.sql]: CREATE FUNCTION DATE(v TIMESTAMP) RETURNS DATE LANGUAGE JAVA DETERMINISTIC NO SQL EXTERNAL NAME 'CLASSPATH:com.source.fix.PostgresDate.date'; nested exception is java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: com.source.fix.PostgresDate
(...)
Caused by: java.sql.SQLSyntaxErrorException: user lacks privilege or object not found: com.source.fix.PostgresDate
(...)
Caused by: org.hsqldb.HsqlException: user lacks privilege or object not found: com.source.fix.PostgresDate以下是2.7.1的更改列表:* 2022年10月20日-版本2.7.1-版本2.7.1 jar需要JRE 11或更高版本-测试至Java 17 -版本2.7.1替代jar需要JRE 8或更高版本- CVE-2022-41853不允许调用java方法-设置hsqldb.方法类名称是访问java方法所必需的-增强RECURSIVE CTE *
以及NIST提供的CVE-2022-41853描述:* 在hsqldb中使用java.sql.语句或java.sql.准备语句的(HyperSQL数据库)可能容易受到远程代码执行攻击。默认情况下,允许调用类路径中任何Java类的任何静态方法,从而导致代码执行。通过更新到2.7.1或设置系统属性“hsqldb.method_class_names”,可以防止此问题允许调用的类。例如,可以使用System.setProperty(“hsqldb.method_class_names”,“abc”)或Java参数-Dhsqldb.method_class_names=“abc”。从版本2.7.1开始,默认情况下,除了java.lang.Math中的类之外,所有类都不可访问,需要手动启用。*
如果我理解正确的话(也许我错了),问题在于应用程序上下文不是自动加载的,我必须手动启用它,但我不知道该怎么做。
1条答案
按热度按时间8ehkhllq1#
运行应用程序的Java命令必须包含外部方法的类名。例如:
您应该能够通过将其添加到Spring框架配置中来设置此系统属性。