ORACLE HINT 的一些BUG

xiaoxiao2021-02-28  28

原文地址为: ORACLE HINT 的一些BUG AUTHOR : KJ0231320 TEAM : I.S.T.O 以下是对ORACLE HINT FUZZ的时候发现的! select   /*+ NO_PUSH_PRED(* dual  --)*/    * from   dual 以还有好些HINT都会出现如此语法错误或者会使当前Connection会话中断 研究了好久都没发现什么细节原因,跟踪不下去了。搁着快有半年了扔出来,后来者可以走少些弯路 顺便给出FUZZ的代码 package cn.isto.fuzz.oracle;import java.sql.*;import java.util.List;public class SQLHintFuzzer {    private Object[] fuzzData=new Object[38];    private String[] hints = new String[182];        private Connection conn;    Statement stmt = null;    private String url;    private String user;    private String pass;    private String sql1;        private String loopCreateString(String initStr,int count){        StringBuilder tempsb = new StringBuilder();        for(int i=0;i<count;i++){            tempsb.append(initStr);        }        return tempsb.toString();    }    public SQLHintFuzzer(){        fuzzData[0]=-1;        fuzzData[1]=-2;        fuzzData[2]=0;        fuzzData[3]=1;        fuzzData[4]=2;        fuzzData[5]=2147483647;        fuzzData[6]=-2147483647;        fuzzData[7]=2147483648l;        fuzzData[8]=-2147483648;        fuzzData[9]=Long.MAX_VALUE;        fuzzData[10]=Long.MIN_VALUE;        fuzzData[11]=loopCreateString("'')",1);        fuzzData[12]=loopCreateString("/"",1);        fuzzData[13]=loopCreateString("--",1);        fuzzData[14]=loopCreateString("/*",1);        fuzzData[15]=loopCreateString("%s%s%s%s%s%s%s",1);        fuzzData[16]=loopCreateString("%x%x%x%x%x%x",1);        fuzzData[17]=loopCreateString("%d%d%d%d%d%d",1);        fuzzData[18]=loopCreateString("A",30);        fuzzData[19]=loopCreateString("A",100);        fuzzData[20]=loopCreateString("A",128);        fuzzData[21]=loopCreateString("A",256);        fuzzData[22]=loopCreateString("A",512);        fuzzData[23]=loopCreateString("A",1024);        fuzzData[24]=loopCreateString("A",2048);        fuzzData[25]=loopCreateString("A",3000);        fuzzData[26]=loopCreateString("A",4000);        fuzzData[27]=loopCreateString("A",5000);        fuzzData[28]=loopCreateString("A",6000);        fuzzData[29]=loopCreateString("A",8000);        fuzzData[30]=loopCreateString("A",10000);        fuzzData[31]=loopCreateString("A",15000);        fuzzData[32]=loopCreateString("A",20000);        fuzzData[33]=loopCreateString("A",25000);        fuzzData[34]=loopCreateString("A",30000);        fuzzData[35]=loopCreateString("A",32767);        fuzzData[36]=loopCreateString("SYS",1);        fuzzData[37]=loopCreateString("ROWID",1);                hints[0]="ALL_ROWS";        hints[1]="AND_EQUAL";        hints[2]="ANTIJOIN";        hints[3]="APPEND";        hints[4]="BITMAP";        hints[5]="BUFFER";        hints[6]="BYPASS_RECURSIVE_CHECK";        hints[7]="BYPASS_UJVC";        hints[8]="CACHE";        hints[9]="CACHE_CB";        hints[10]="CACHE_TEMP_TABLE";        hints[11]="CARDINALITY";        hints[12]="CHOOSE";        hints[13]="CIV_GB";        hints[14]="COLLECTIONS_GET_REFS";        hints[15]="CPU_COSTING";        hints[16]="CUBE_GB";        hints[17]="CURSOR_SHARING_EXACT";        hints[18]="DEREF_NO_REWRITE";        hints[19]="DML_UPDATE";        hints[20]="DOMAIN_INDEX_NO_SORT";        hints[21]="DOMAIN_INDEX_SORT";        hints[22]="DRIVING_SITE";        hints[23]="DYNAMIC_SAMPLING";        hints[24]="DYNAMIC_SAMPLING_EST_CDN";        hints[25]="EXPAND_GSET_TO_UNION";        hints[26]="FACT";        hints[27]="FIRST_ROWS";        hints[28]="FORCE_SAMPLE_BLOCK";        hints[29]="FULL";        hints[30]="GBY_CONC_ROLLUP";        hints[31]="GLOBAL_TABLE_HINTS";        hints[32]="HASH";        hints[33]="HASH_AJ";        hints[34]="HASH_SJ";        hints[35]="HWM_BROKERED";        hints[36]="IGNORE_ON_CLAUSE";        hints[37]="IGNORE_WHERE_CLAUSE";        hints[38]="INDEX_ASC";        hints[39]="INDEX_COMBINE";        hints[40]="INDEX_DESC";        hints[41]="INDEX_FFS";        hints[42]="INDEX_JOIN";        hints[43]="INDEX_RRS";        hints[44]="INDEX_SS";        hints[45]="INDEX_SS_ASC";        hints[46]="INDEX_SS_DESC";        hints[47]="INLINE";        hints[48]="LEADING";        hints[49]="LIKE_EXPAND";        hints[50]="LOCAL_INDEXES";        hints[51]="MATERIALIZE";        hints[52]="MERGE";        hints[53]="MERGE_AJ";        hints[54]="MERGE_SJ";        hints[55]="MV_MERGE";        hints[56]="NESTED_TABLE_GET_REFS";        hints[57]="NESTED_TABLE_SET_REFS";        hints[58]="NESTED_TABLE_SET_SETID";        hints[59]="NL_AJ";        hints[60]="NL_SJ";        hints[61]="NO_ACCESS";        hints[62]="NO_BUFFER";        hints[63]="NO_EXPAND";        hints[64]="NO_EXPAND_GSET_TO_UNION";        hints[65]="NO_FACT";        hints[66]="NO_FILTERING";        hints[67]="NO_INDEX";        hints[68]="NO_MERGE";        hints[69]="NO_MONITORING";        hints[70]="NO_ORDER_ROLLUPS";        hints[71]="NO_PRUNE_GSETS";        hints[72]="NO_PUSH_PRED";        hints[73]="NO_PUSH_SUBQ";        hints[74]="NO_QKN_BUFF";        hints[75]="NO_SEMIJOIN";        hints[76]="NO_STATS_GSETS";        hints[77]="NO_UNNEST";        hints[78]="NOAPPEND";        hints[79]="NOCACHE";        hints[80]="NOCPU_COSTING";        hints[81]="NOPARALLEL";        hints[82]="NOPARALLEL_INDEX";        hints[83]="NOREWRITE";        hints[84]="OR_EXPAND";        hints[85]="ORDERED";        hints[86]="ORDERED_PREDICATES";        hints[87]="OVERFLOW_NOMOVE";        hints[88]="PARALLEL";        hints[89]="PARALLEL_INDEX";        hints[90]="PIV_GB";        hints[91]="PIV_SSF";        hints[92]="PQ_DISTRIBUTE";        hints[93]="PQ_MAP";        hints[94]="PQ_NOMAP";        hints[95]="PUSH_PRED";        hints[96]="PUSH_SUBQ";        hints[97]="REMOTE_MAPPED";        hints[98]="RESTORE_AS_INTERVALS";        hints[99]="REWRITE";        hints[100]="RULE";        hints[101]="SAVE_AS_INTERVALS";        hints[102]="SCN_ASCENDING";        hints[103]="SELECTIVITY";        hints[104]="SEMIJOIN";        hints[105]="SEMIJOIN_DRIVER";        hints[106]="SKIP_EXT_OPTIMIZER";        hints[107]="SQLLDR";        hints[108]="STAR";        hints[109]="STAR_TRANSFORMATION";        hints[110]="SWAP_JOIN_INPUTS";        hints[111]="SYS_DL_CURSOR";        hints[112]="SYS_PARALLEL_TXN";        hints[113]="SYS_RID_ORDER";        hints[114]="TIV_GB";        hints[115]="TIV_SSF";        hints[116]="UNNEST";        hints[117]="USE_ANTI";        hints[118]="USE_CONCAT";        hints[119]="USE_HASH";        hints[120]="USE_MERGE";        hints[121]="USE_NL";        hints[122]="USE_SEMI";        hints[123]="USE_TTT_FOR_GSETS";        hints[124]="BYPASS_RECURSIVE_CHECK";        hints[125]="BYPASS_UJVC";        hints[126]="CACHE_CB";        hints[127]="CACHE_TEMP_TABLE";        hints[128]="CIV_GB";        hints[129]="COLLECTIONS_GET_REFS";        hints[130]="CUBE_GB";        hints[131]="CURSOR_SHARING_EXACT";        hints[132]="DEREF_NO_REWRITE";        hints[133]="DML_UPDATE";        hints[134]="DOMAIN_INDEX_NO_SORT";        hints[135]="DOMAIN_INDEX_SORT";        hints[136]="DYNAMIC_SAMPLING";        hints[137]="DYNAMIC_SAMPLING_EST_CDN";        hints[138]="EXPAND_GSET_TO_UNION";        hints[139]="FORCE_SAMPLE_BLOCK";        hints[140]="GBY_CONC_ROLLUP";        hints[141]="GLOBAL_TABLE_HINTS";        hints[142]="HWM_BROKERED";        hints[143]="IGNORE_ON_CLAUSE";        hints[144]="IGNORE_WHERE_CLAUSE";        hints[145]="INDEX_RRS";        hints[146]="INDEX_SS";        hints[147]="INDEX_SS_ASC";        hints[148]="INDEX_SS_DESC";        hints[149]="LIKE_EXPAND";        hints[150]="LOCAL_INDEXES";        hints[151]="MV_MERGE";        hints[152]="NESTED_TABLE_GET_REFS";        hints[153]="NESTED_TABLE_SET_REFS";        hints[154]="NESTED_TABLE_SET_SETID";        hints[155]="NO_EXPAND_GSET_TO_UNION";        hints[156]="NO_FACT";        hints[157]="NO_FILTERING";        hints[158]="NO_ORDER_ROLLUPS";        hints[159]="NO_PRUNE_GSETS";        hints[160]="NO_STATS_GSETS";        hints[161]="NO_UNNEST";        hints[162]="NOCPU_COSTING";        hints[163]="OVERFLOW_NOMOVE";        hints[164]="PIV_GB";        hints[165]="PIV_SSF";        hints[166]="PQ_MAP";        hints[167]="PQ_NOMAP";        hints[168]="REMOTE_MAPPED";        hints[169]="RESTORE_AS_INTERVALS";        hints[170]="SAVE_AS_INTERVALS";        hints[171]="SCN_ASCENDING";        hints[172]="SKIP_EXT_OPTIMIZER";        hints[173]="SQLLDR";        hints[174]="SYS_DL_CURSOR";        hints[175]="SYS_PARALLEL_TXN";        hints[176]="SYS_RID_ORDER";        hints[177]="TIV_GB";        hints[178]="TIV_SSF";        hints[179]="UNNEST";        hints[180]="USE_TTT_FOR_GSETS";        //sql1 =    "select /*+" + orahint + "("+ +") */ * from dual";        //fuzzData[38]=null;        /*        numberFuzzData[0]=-1;        numberFuzzData[1]=-2;        numberFuzzData[2]=0;        numberFuzzData[3]=1;        numberFuzzData[4]=2;        numberFuzzData[5]=2147483647;        numberFuzzData[6]=-2147483647;        numberFuzzData[7]=2147483648l;        numberFuzzData[8]=-2147483648;        numberFuzzData[9]=Long.MAX_VALUE;        numberFuzzData[10]=Long.MIN_VALUE;                fuzzData[0]=loopCreateString("''",1);        strFuzzData[1]=loopCreateString("/"",1);        strFuzzData[2]=loopCreateString("%s%s%s%s%s%s%s",1);        strFuzzData[3]=loopCreateString("%x%x%x%x%x%x",1);        strFuzzData[4]=loopCreateString("%d%d%d%d%d%d",1);        strFuzzData[5]=loopCreateString("A",30);        strFuzzData[6]=loopCreateString("A",100);        strFuzzData[7]=loopCreateString("A",128);        strFuzzData[8]=loopCreateString("A",256);        strFuzzData[9]=loopCreateString("A",512);        strFuzzData[10]=loopCreateString("A",1024);        strFuzzData[11]=loopCreateString("A",2048);        strFuzzData[12]=loopCreateString("A",3000);        strFuzzData[13]=loopCreateString("A",4000);        strFuzzData[14]=loopCreateString("A",5000);        strFuzzData[15]=loopCreateString("A",6000);        strFuzzData[16]=loopCreateString("A",8000);        strFuzzData[17]=loopCreateString("A",10000);        strFuzzData[18]=loopCreateString("A",15000);        strFuzzData[19]=loopCreateString("A",20000);        strFuzzData[20]=loopCreateString("A",25000);        strFuzzData[21]=loopCreateString("A",30000);        strFuzzData[22]=loopCreateString("A",32767);        strFuzzData[23]=null;        strFuzzData[24]=loopCreateString("SYS",1);        strFuzzData[25]=loopCreateString("ROWID",1);        */    }    public void login(String host,int port,String user,String pass,String sid) throws SQLException, ClassNotFoundException{        Class.forName("oracle.jdbc.driver.OracleDriver");        String url="jdbc:oracle:thin:@"+host+":"+port+":"+sid;        this.url=url;        this.user = user;        this.pass = pass;        connection();    }    private void connection() throws SQLException{        conn = DriverManager.getConnection(url,user,pass);    }    public void logout(){        closeAll(conn,null,null);    }    private void closeAll(Connection con,Statement stmt,ResultSet rs){        if(rs!=null){try{rs.close();}catch (Exception e) {}}        if(stmt!=null){try{stmt.close();}catch (Exception e) {}}        if(con!=null){try{con.close();}catch (Exception e) {}}    }            public void fuzz(){        try {            stmt = conn.createStatement();        } catch (SQLException e) {            e.printStackTrace();        }        for(int hintsc = 40 ; hintsc<hints.length; hintsc++){            System.out.println("FUZZ : "+hints[hintsc]);            for(int fuzzDc = 0; fuzzDc< fuzzData.length;fuzzDc++){                startFuzz(stmt,hints[hintsc]+"( "+ fuzzData[fuzzDc] +" )");            }        }    }    private void startFuzz(Statement fuzzstmt,String run){        try {            sql1 = "select /*+ "+run+"*/ * from dual";            fuzzstmt.execute(sql1);            Thread.sleep(1000);        } catch (Exception e) {            System.out.println(e.getMessage());            if(e.getMessage().indexOf("socket")>-1){                try {                    connection();                    stmt = conn.createStatement();                } catch (SQLException e1) {                    System.out.println("error crash");                }            }            catch0day(e.getMessage(),sql1);        }    }    private void catch0day(String e,String run){        System.out.println(e+"---"+run);    }    public static void main(String[] args) throws SQLException, ClassNotFoundException{                SQLHintFuzzer shf = new SQLHintFuzzer();        shf.login("kj021320PC"1521"kj021320""kj021320""ORCL");        shf.fuzz();        shf.logout();    }} 转载请注明本文地址: ORACLE HINT 的一些BUG
转载请注明原文地址: https://www.6miu.com/read-2619913.html

最新回复(0)