原文地址为:
ORACLE HINT 的一些BUG
AUTHOR : KJ0231320
TEAM : I.S.T.O
以下是对ORACLE HINT FUZZ的时候发现的!
select
/*+ NO_PUSH_PRED(* dual --)*/
*
from
dual
以还有好些HINT都会出现如此语法错误或者会使当前Connection会话中断
研究了好久都没发现什么细节原因,跟踪不下去了。搁着快有半年了扔出来,后来者可以走少些弯路
顺便给出FUZZ的代码
package cn.isto.fuzz.oracle;
import java.sql.*;
import java.util.List;
public class SQLHintFuzzer {
private Object[] fuzzData=
new Object[
38];
private String[] hints =
new String[
182];
private Connection conn; Statement stmt =
null;
private String url;
private String user;
private String pass;
private String sql1;
private String loopCreateString(String initStr,
int count){ StringBuilder tempsb =
new StringBuilder();
for(
int i=
0;i<count;i++){ tempsb.append(initStr); }
return tempsb.toString(); }
public SQLHintFuzzer(){ fuzzData[
0]=-
1; fuzzData[
1]=-
2; fuzzData[
2]=
0; fuzzData[
3]=
1; fuzzData[
4]=
2; fuzzData[
5]=
2147483647; fuzzData[
6]=-
2147483647; fuzzData[
7]=2147483648l; fuzzData[
8]=-
2147483648; fuzzData[
9]=Long.MAX_VALUE; fuzzData[
10]=Long.MIN_VALUE; fuzzData[
11]=loopCreateString(
"'')",
1); fuzzData[
12]=loopCreateString(
"/"",
1); fuzzData[
13]=loopCreateString(
"--",
1); fuzzData[
14]=loopCreateString(
"/*",
1); fuzzData[
15]=loopCreateString(
"%s%s%s%s%s%s%s",
1); fuzzData[
16]=loopCreateString(
"%x%x%x%x%x%x",
1); fuzzData[
17]=loopCreateString(
"%d%d%d%d%d%d",
1); fuzzData[
18]=loopCreateString(
"A",
30); fuzzData[
19]=loopCreateString(
"A",
100); fuzzData[
20]=loopCreateString(
"A",
128); fuzzData[
21]=loopCreateString(
"A",
256); fuzzData[
22]=loopCreateString(
"A",
512); fuzzData[
23]=loopCreateString(
"A",
1024); fuzzData[
24]=loopCreateString(
"A",
2048); fuzzData[
25]=loopCreateString(
"A",
3000); fuzzData[
26]=loopCreateString(
"A",
4000); fuzzData[
27]=loopCreateString(
"A",
5000); fuzzData[
28]=loopCreateString(
"A",
6000); fuzzData[
29]=loopCreateString(
"A",
8000); fuzzData[
30]=loopCreateString(
"A",
10000); fuzzData[
31]=loopCreateString(
"A",
15000); fuzzData[
32]=loopCreateString(
"A",
20000); fuzzData[
33]=loopCreateString(
"A",
25000); fuzzData[
34]=loopCreateString(
"A",
30000); fuzzData[
35]=loopCreateString(
"A",
32767); fuzzData[
36]=loopCreateString(
"SYS",
1); fuzzData[
37]=loopCreateString(
"ROWID",
1); hints[
0]=
"ALL_ROWS"; hints[
1]=
"AND_EQUAL"; hints[
2]=
"ANTIJOIN"; hints[
3]=
"APPEND"; hints[
4]=
"BITMAP"; hints[
5]=
"BUFFER"; hints[
6]=
"BYPASS_RECURSIVE_CHECK"; hints[
7]=
"BYPASS_UJVC"; hints[
8]=
"CACHE"; hints[
9]=
"CACHE_CB"; hints[
10]=
"CACHE_TEMP_TABLE"; hints[
11]=
"CARDINALITY"; hints[
12]=
"CHOOSE"; hints[
13]=
"CIV_GB"; hints[
14]=
"COLLECTIONS_GET_REFS"; hints[
15]=
"CPU_COSTING"; hints[
16]=
"CUBE_GB"; hints[
17]=
"CURSOR_SHARING_EXACT"; hints[
18]=
"DEREF_NO_REWRITE"; hints[
19]=
"DML_UPDATE"; hints[
20]=
"DOMAIN_INDEX_NO_SORT"; hints[
21]=
"DOMAIN_INDEX_SORT"; hints[
22]=
"DRIVING_SITE"; hints[
23]=
"DYNAMIC_SAMPLING"; hints[
24]=
"DYNAMIC_SAMPLING_EST_CDN"; hints[
25]=
"EXPAND_GSET_TO_UNION"; hints[
26]=
"FACT"; hints[
27]=
"FIRST_ROWS"; hints[
28]=
"FORCE_SAMPLE_BLOCK"; hints[
29]=
"FULL"; hints[
30]=
"GBY_CONC_ROLLUP"; hints[
31]=
"GLOBAL_TABLE_HINTS"; hints[
32]=
"HASH"; hints[
33]=
"HASH_AJ"; hints[
34]=
"HASH_SJ"; hints[
35]=
"HWM_BROKERED"; hints[
36]=
"IGNORE_ON_CLAUSE"; hints[
37]=
"IGNORE_WHERE_CLAUSE"; hints[
38]=
"INDEX_ASC"; hints[
39]=
"INDEX_COMBINE"; hints[
40]=
"INDEX_DESC"; hints[
41]=
"INDEX_FFS"; hints[
42]=
"INDEX_JOIN"; hints[
43]=
"INDEX_RRS"; hints[
44]=
"INDEX_SS"; hints[
45]=
"INDEX_SS_ASC"; hints[
46]=
"INDEX_SS_DESC"; hints[
47]=
"INLINE"; hints[
48]=
"LEADING"; hints[
49]=
"LIKE_EXPAND"; hints[
50]=
"LOCAL_INDEXES"; hints[
51]=
"MATERIALIZE"; hints[
52]=
"MERGE"; hints[
53]=
"MERGE_AJ"; hints[
54]=
"MERGE_SJ"; hints[
55]=
"MV_MERGE"; hints[
56]=
"NESTED_TABLE_GET_REFS"; hints[
57]=
"NESTED_TABLE_SET_REFS"; hints[
58]=
"NESTED_TABLE_SET_SETID"; hints[
59]=
"NL_AJ"; hints[
60]=
"NL_SJ"; hints[
61]=
"NO_ACCESS"; hints[
62]=
"NO_BUFFER"; hints[
63]=
"NO_EXPAND"; hints[
64]=
"NO_EXPAND_GSET_TO_UNION"; hints[
65]=
"NO_FACT"; hints[
66]=
"NO_FILTERING"; hints[
67]=
"NO_INDEX"; hints[
68]=
"NO_MERGE"; hints[
69]=
"NO_MONITORING"; hints[
70]=
"NO_ORDER_ROLLUPS"; hints[
71]=
"NO_PRUNE_GSETS"; hints[
72]=
"NO_PUSH_PRED"; hints[
73]=
"NO_PUSH_SUBQ"; hints[
74]=
"NO_QKN_BUFF"; hints[
75]=
"NO_SEMIJOIN"; hints[
76]=
"NO_STATS_GSETS"; hints[
77]=
"NO_UNNEST"; hints[
78]=
"NOAPPEND"; hints[
79]=
"NOCACHE"; hints[
80]=
"NOCPU_COSTING"; hints[
81]=
"NOPARALLEL"; hints[
82]=
"NOPARALLEL_INDEX"; hints[
83]=
"NOREWRITE"; hints[
84]=
"OR_EXPAND"; hints[
85]=
"ORDERED"; hints[
86]=
"ORDERED_PREDICATES"; hints[
87]=
"OVERFLOW_NOMOVE"; hints[
88]=
"PARALLEL"; hints[
89]=
"PARALLEL_INDEX"; hints[
90]=
"PIV_GB"; hints[
91]=
"PIV_SSF"; hints[
92]=
"PQ_DISTRIBUTE"; hints[
93]=
"PQ_MAP"; hints[
94]=
"PQ_NOMAP"; hints[
95]=
"PUSH_PRED"; hints[
96]=
"PUSH_SUBQ"; hints[
97]=
"REMOTE_MAPPED"; hints[
98]=
"RESTORE_AS_INTERVALS"; hints[
99]=
"REWRITE"; hints[
100]=
"RULE"; hints[
101]=
"SAVE_AS_INTERVALS"; hints[
102]=
"SCN_ASCENDING"; hints[
103]=
"SELECTIVITY"; hints[
104]=
"SEMIJOIN"; hints[
105]=
"SEMIJOIN_DRIVER"; hints[
106]=
"SKIP_EXT_OPTIMIZER"; hints[
107]=
"SQLLDR"; hints[
108]=
"STAR"; hints[
109]=
"STAR_TRANSFORMATION"; hints[
110]=
"SWAP_JOIN_INPUTS"; hints[
111]=
"SYS_DL_CURSOR"; hints[
112]=
"SYS_PARALLEL_TXN"; hints[
113]=
"SYS_RID_ORDER"; hints[
114]=
"TIV_GB"; hints[
115]=
"TIV_SSF"; hints[
116]=
"UNNEST"; hints[
117]=
"USE_ANTI"; hints[
118]=
"USE_CONCAT"; hints[
119]=
"USE_HASH"; hints[
120]=
"USE_MERGE"; hints[
121]=
"USE_NL"; hints[
122]=
"USE_SEMI"; hints[
123]=
"USE_TTT_FOR_GSETS"; hints[
124]=
"BYPASS_RECURSIVE_CHECK"; hints[
125]=
"BYPASS_UJVC"; hints[
126]=
"CACHE_CB"; hints[
127]=
"CACHE_TEMP_TABLE"; hints[
128]=
"CIV_GB"; hints[
129]=
"COLLECTIONS_GET_REFS"; hints[
130]=
"CUBE_GB"; hints[
131]=
"CURSOR_SHARING_EXACT"; hints[
132]=
"DEREF_NO_REWRITE"; hints[
133]=
"DML_UPDATE"; hints[
134]=
"DOMAIN_INDEX_NO_SORT"; hints[
135]=
"DOMAIN_INDEX_SORT"; hints[
136]=
"DYNAMIC_SAMPLING"; hints[
137]=
"DYNAMIC_SAMPLING_EST_CDN"; hints[
138]=
"EXPAND_GSET_TO_UNION"; hints[
139]=
"FORCE_SAMPLE_BLOCK"; hints[
140]=
"GBY_CONC_ROLLUP"; hints[
141]=
"GLOBAL_TABLE_HINTS"; hints[
142]=
"HWM_BROKERED"; hints[
143]=
"IGNORE_ON_CLAUSE"; hints[
144]=
"IGNORE_WHERE_CLAUSE"; hints[
145]=
"INDEX_RRS"; hints[
146]=
"INDEX_SS"; hints[
147]=
"INDEX_SS_ASC"; hints[
148]=
"INDEX_SS_DESC"; hints[
149]=
"LIKE_EXPAND"; hints[
150]=
"LOCAL_INDEXES"; hints[
151]=
"MV_MERGE"; hints[
152]=
"NESTED_TABLE_GET_REFS"; hints[
153]=
"NESTED_TABLE_SET_REFS"; hints[
154]=
"NESTED_TABLE_SET_SETID"; hints[
155]=
"NO_EXPAND_GSET_TO_UNION"; hints[
156]=
"NO_FACT"; hints[
157]=
"NO_FILTERING"; hints[
158]=
"NO_ORDER_ROLLUPS"; hints[
159]=
"NO_PRUNE_GSETS"; hints[
160]=
"NO_STATS_GSETS"; hints[
161]=
"NO_UNNEST"; hints[
162]=
"NOCPU_COSTING"; hints[
163]=
"OVERFLOW_NOMOVE"; hints[
164]=
"PIV_GB"; hints[
165]=
"PIV_SSF"; hints[
166]=
"PQ_MAP"; hints[
167]=
"PQ_NOMAP"; hints[
168]=
"REMOTE_MAPPED"; hints[
169]=
"RESTORE_AS_INTERVALS"; hints[
170]=
"SAVE_AS_INTERVALS"; hints[
171]=
"SCN_ASCENDING"; hints[
172]=
"SKIP_EXT_OPTIMIZER"; hints[
173]=
"SQLLDR"; hints[
174]=
"SYS_DL_CURSOR"; hints[
175]=
"SYS_PARALLEL_TXN"; hints[
176]=
"SYS_RID_ORDER"; hints[
177]=
"TIV_GB"; hints[
178]=
"TIV_SSF"; hints[
179]=
"UNNEST"; hints[
180]=
"USE_TTT_FOR_GSETS"; }
public void login(String host,
int port,String user,String pass,String sid)
throws SQLException, ClassNotFoundException{ Class.forName(
"oracle.jdbc.driver.OracleDriver"); String url=
"jdbc:oracle:thin:@"+host+
":"+port+
":"+sid;
this.url=url;
this.user = user;
this.pass = pass; connection(); }
private void connection()
throws SQLException{ conn = DriverManager.getConnection(url,user,pass); }
public void logout(){ closeAll(conn,
null,
null); }
private void closeAll(Connection con,Statement stmt,ResultSet rs){
if(rs!=
null){
try{rs.close();}
catch (Exception e) {}}
if(stmt!=
null){
try{stmt.close();}
catch (Exception e) {}}
if(con!=
null){
try{con.close();}
catch (Exception e) {}} }
public void fuzz(){
try { stmt = conn.createStatement(); }
catch (SQLException e) { e.printStackTrace(); }
for(
int hintsc =
40 ; hintsc<hints.length; hintsc++){ System.out.println(
"FUZZ : "+hints[hintsc]);
for(
int fuzzDc =
0; fuzzDc< fuzzData.length;fuzzDc++){ startFuzz(stmt,hints[hintsc]+
"( "+ fuzzData[fuzzDc] +
" )"); } } }
private void startFuzz(Statement fuzzstmt,String run){
try { sql1 =
"select /*+ "+run+
"*/ * from dual"; fuzzstmt.execute(sql1); Thread.sleep(
1000); }
catch (Exception e) { System.out.println(e.getMessage());
if(e.getMessage().indexOf(
"socket")>-
1){
try { connection(); stmt = conn.createStatement(); }
catch (SQLException e1) { System.out.println(
"error crash"); } } catch0day(e.getMessage(),sql1); } }
private void catch0day(String e,String run){ System.out.println(e+
"---"+run); }
public static void main(String[] args)
throws SQLException, ClassNotFoundException{ SQLHintFuzzer shf =
new SQLHintFuzzer(); shf.login(
"kj021320PC",
1521,
"kj021320",
"kj021320",
"ORCL"); shf.fuzz(); shf.logout(); }}
转载请注明本文地址:
ORACLE HINT 的一些BUG