xan/awips2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Omaha #4500 - Fix SQL Injection Concerns.

Browse source 
Change-Id: I3af5ce39d163a212f66e675d3386ae5c68b9b295

Former-commit-id: 7613c06d4351c52dcc8e49d6bc64ecb0166f72e7
This commit is contained in:
Richard Peter 2015-07-13 15:18:14 -05:00
parent c2323b7a00
commit 47bdd9984d
15 changed files with 206 additions and 551 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build/deploy.edex.awips2/esb/conf/spring/edex.xml
View file

@ -185,7 +185,7 @@
<property name="initialListeners">
<list>
<!-- This causes database tables to be initialized when a db plugin is registered -->
<bean class="com.raytheon.uf.edex.database.schema.SchemaManager" factory-method="getInstance"/>
<bean class="com.raytheon.uf.edex.database.plugin.SchemaManager" factory-method="getInstance"/>
</list>
</property>
<property name="initialProperties">

78
cave/com.raytheon.viz.gfe/src/com/raytheon/viz/gfe/ui/zoneselector/ZoneSelectorResource.java
View file

@ -24,6 +24,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
@ -50,6 +51,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult;
import com.raytheon.uf.common.geospatial.MapUtil;
import com.raytheon.uf.common.geospatial.util.WorldWrapCorrector;
import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.common.util.Pair;
import com.raytheon.uf.viz.core.DrawableString;
import com.raytheon.uf.viz.core.IExtent;
import com.raytheon.uf.viz.core.IGraphicsTarget;
@ -109,7 +111,7 @@ import com.vividsolutions.jts.io.WKBReader;
* Aug 21, 2014 #3459 randerso Restructured Map resource class hierarchy
* Sep 04, 2014 #3365 ccody Changes for removing Data_Delivery dependencies
* Apr 06, 2015 #17340 randerso Eliminated clipping to GFE domain, code cleanup
*
* Jul 13, 2015 4500 rjpeter Fix SQL Injection concerns.
* </pre>
*
* @author randerso
@ -117,6 +119,7 @@ import com.vividsolutions.jts.io.WKBReader;
*/
public class ZoneSelectorResource extends DbMapResource {
private static final String EDIT_AREA = "editarea";
private static final RGB NO_ZONE_COLOR;
static {
@ -147,12 +150,15 @@ public class ZoneSelectorResource extends DbMapResource {
String query;
List<String> columns;
Request(IGraphicsTarget target, IMapDescriptor descriptor,
ZoneSelectorResource rsc, String query) {
ZoneSelectorResource rsc, String query, List<String> columns) {
this.target = target;
this.descriptor = descriptor;
this.rsc = rsc;
this.query = query;
this.columns = columns;
}
}
@ -177,10 +183,10 @@ public class ZoneSelectorResource extends DbMapResource {
}
}
private ArrayBlockingQueue<Request> requestQueue = new ArrayBlockingQueue<Request>(
private final ArrayBlockingQueue<Request> requestQueue = new ArrayBlockingQueue<Request>(
QUEUE_LIMIT);
private ArrayBlockingQueue<Result> resultQueue = new ArrayBlockingQueue<Result>(
private final ArrayBlockingQueue<Result> resultQueue = new ArrayBlockingQueue<Result>(
QUEUE_LIMIT);
private boolean canceled;
@ -190,11 +196,12 @@ public class ZoneSelectorResource extends DbMapResource {
}
public void request(IGraphicsTarget target, IMapDescriptor descriptor,
ZoneSelectorResource rsc, String query) {
ZoneSelectorResource rsc, String query, List<String> columns) {
if (requestQueue.size() == QUEUE_LIMIT) {
requestQueue.poll();
}
requestQueue.add(new Request(target, descriptor, rsc, query));
requestQueue.add(new Request(target, descriptor, rsc, query,
columns));
this.cancel();
this.schedule();
@ -222,6 +229,10 @@ public class ZoneSelectorResource extends DbMapResource {
QueryResult mappedResult = DirectDbQuery
.executeMappedQuery(req.query, "maps",
QueryLanguage.SQL);
int index = 0;
for (String column : req.columns) {
mappedResult.addColumnName(column, index++);
}
// long t1 = System.currentTimeMillis();
// System.out.println("Maps DB query took: " + (t1 - t0)
@ -540,9 +551,9 @@ public class ZoneSelectorResource extends DbMapResource {
}
}
private MapQueryJob queryJob;
private final MapQueryJob queryJob;
private Map<String, ZoneInfo> zoneData;
private final Map<String, ZoneInfo> zoneData;
private List<String> limitZones;
@ -556,7 +567,7 @@ public class ZoneSelectorResource extends DbMapResource {
private IShadedShape shapeList[];
private GeometryFactory geomFactory;
private final GeometryFactory geomFactory;
private IGraphicsTarget target;
@ -566,9 +577,9 @@ public class ZoneSelectorResource extends DbMapResource {
private Envelope boundingEnvelope;
private GridLocation gloc;
private final GridLocation gloc;
private WorldWrapCorrector worldWrapCorrector;
private final WorldWrapCorrector worldWrapCorrector;
/**
* @param data
@ -716,8 +727,10 @@ public class ZoneSelectorResource extends DbMapResource {
clipToProjExtent(screenExtent).getEnvelope())) {
if (!paintProps.isZooming()) {
PixelExtent clippedExtent = clipToProjExtent(screenExtent);
String query = buildQuery(clippedExtent, simpLev);
queryJob.request(aTarget, descriptor, this, query);
Pair<String, List<String>> queryPair = buildQuery(
clippedExtent, simpLev);
queryJob.request(aTarget, descriptor, this,
queryPair.getFirst(), queryPair.getSecond());
lastExtent = clippedExtent;
lastSimpLev = simpLev;
}
@ -828,7 +841,8 @@ public class ZoneSelectorResource extends DbMapResource {
}
}
protected String buildQuery(PixelExtent extent, double simpLev) {
protected Pair<String, List<String>> buildQuery(PixelExtent extent,
double simpLev) {
DecimalFormat df = new DecimalFormat("0.######");
String suffix = "_"
@ -837,16 +851,19 @@ public class ZoneSelectorResource extends DbMapResource {
String geometryField = resourceData.getGeomField() + suffix;
// get the geometry field
List<String> columns = new LinkedList<>();
StringBuilder query = new StringBuilder("SELECT AsBinary(");
query.append(geometryField);
query.append(") as ");
query.append(geometryField);
columns.add(geometryField);
// add any additional columns
if (resourceData.getColumns() != null) {
for (ColumnDefinition column : resourceData.getColumns()) {
query.append(", ");
query.append(column);
columns.add(column.toString());
}
}
@ -863,7 +880,7 @@ public class ZoneSelectorResource extends DbMapResource {
query.append(';');
return query.toString();
return new Pair<>(query.toString(), columns);
}
/**
@ -947,21 +964,23 @@ public class ZoneSelectorResource extends DbMapResource {
public List<String> getZoneNames() {
if (zoneData.isEmpty()) {
try {
StringBuilder query = new StringBuilder("SELECT ");
// add any additional columns
int count = 0;
boolean hasEditArea = false;
if (resourceData.getColumns() != null) {
for (ColumnDefinition column : resourceData.getColumns()) {
if (count > 0) {
query.append(", ");
}
query.append(column);
count++;
if (EDIT_AREA.equals(column.toString())) {
hasEditArea = true;
break;
}
}
// add the geometry table
}
if (hasEditArea) {
StringBuilder query = new StringBuilder("SELECT ");
query.append(EDIT_AREA);
query.append(" FROM ");
// add the geometry table
query.append(resourceData.getTable());
// add any constraints
@ -973,13 +992,13 @@ public class ZoneSelectorResource extends DbMapResource {
query.append(';');
QueryResult mappedResult = DirectDbQuery.executeMappedQuery(
query.toString(), "maps", QueryLanguage.SQL);
QueryResult mappedResult = DirectDbQuery
.executeMappedQuery(query.toString(), "maps",
QueryLanguage.SQL);
if (mappedResult.getColumnNames().containsKey("editarea")) {
for (int i = 0; i < mappedResult.getResultCount(); i++) {
String zoneName = (String) mappedResult
.getRowColumnValue(i, "editarea");
.getRowColumnValue(i, 0);
getZoneInfo(zoneName);
}
}
@ -1056,15 +1075,14 @@ public class ZoneSelectorResource extends DbMapResource {
WKBReader wkbReader = new WKBReader();
for (int i = 0; i < mappedResult.getResultCount(); i++) {
String zoneName = (String) mappedResult.getRowColumnValue(
i, "editarea");
i, 1);
if ((this.limitZones != null)
&& !this.limitZones.contains(zoneName)) {
continue;
}
byte[] b = (byte[]) mappedResult.getRowColumnValue(i,
"extent");
byte[] b = (byte[]) mappedResult.getRowColumnValue(i, 0);
if (b != null) {
Geometry geom = wkbReader.read(b);

18
edexOsgi/com.raytheon.edex.plugin.gfe/src/com/raytheon/edex/plugin/gfe/reference/DbShapeSource.java
View file

@ -51,7 +51,8 @@ import com.raytheon.uf.common.dataquery.db.QueryResult;
import com.raytheon.uf.common.status.IUFStatusHandler;
import com.raytheon.uf.common.status.UFStatus;
import com.raytheon.uf.edex.core.EDEXUtil;
import com.raytheon.uf.edex.database.tasks.SqlQueryTask;
import com.raytheon.uf.edex.database.dao.CoreDao;
import com.raytheon.uf.edex.database.dao.DaoConfig;
import com.vividsolutions.jts.geom.Geometry;
import com.vividsolutions.jts.geom.LineString;
import com.vividsolutions.jts.geom.MultiLineString;
@ -71,8 +72,8 @@ import com.vividsolutions.jts.geom.Polygon;
* Mar 28, 2013 #1837 dgilling Change error handling in
* getLastUpdated().
* Mar 11, 2014 #2718 randerso Changes for GeoTools 10.5
* 10/16/2014 3454 bphillip Upgrading to Hibernate 4
*
* Oct 16, 2014 3454 bphillip Upgrading to Hibernate 4
* Jul 13, 2015 4500 rjpeter Fix SQL Injection concerns.
* </pre>
*
* @author randerso
@ -105,7 +106,7 @@ public class DbShapeSource {
private String instanceName;
private String tableName;
private final String tableName;
private List<String> attributeNames;
@ -447,14 +448,13 @@ public class DbShapeSource {
public Date getLastUpdated() throws MissingLocalMapsException {
String sqlQuery = "SELECT import_time FROM " + SCHEMA_NAME
+ ".map_version WHERE table_name = '" + this.tableName + "';";
+ ".map_version WHERE table_name = :tableName";
try {
SqlQueryTask task = new SqlQueryTask(sqlQuery, DB_NAME);
QueryResult result = task.execute();
CoreDao dao = new CoreDao(DaoConfig.forDatabase(DB_NAME));
QueryResult result = dao.executeMappedSQLQuery(sqlQuery,
"tableName", this.tableName);
return (Date) result.getRowColumnValue(0, 0);
} catch (Exception e) {
// statusHandler.handle(Priority.PROBLEM, e.getLocalizedMessage(),
// e);
throw new MissingLocalMapsException(e);
}
}

25
edexOsgi/com.raytheon.edex.plugin.gfe/src/com/raytheon/edex/plugin/gfe/textproducts/AreaDictionaryMaker.java
View file

@ -46,7 +46,8 @@ import com.raytheon.uf.common.python.PythonScript;
import com.raytheon.uf.common.status.IUFStatusHandler;
import com.raytheon.uf.common.status.UFStatus;
import com.raytheon.uf.common.util.FileUtil;
import com.raytheon.uf.edex.database.tasks.SqlQueryTask;
import com.raytheon.uf.edex.database.dao.CoreDao;
import com.raytheon.uf.edex.database.dao.DaoConfig;
/**
* Code to generate the AreaDictionary for text formatters
@ -63,7 +64,7 @@ import com.raytheon.uf.edex.database.tasks.SqlQueryTask;
* python modules from the GIS database tables
* Dec 08, 2014 #4953 randerso Updated Jep include path to allow use of
* LocalizationSupport
*
* Jul 13, 2015 4500 rjpeter Fix SQL Injection concerns.
* </pre>
*
* @author wldougher
@ -77,14 +78,14 @@ public class AreaDictionaryMaker {
protected static final String FIPS_CITY_QUERY = //
"SELECT name, population, ST_Y(city.the_geom), ST_X(city.the_geom) "
+ "FROM mapdata.city, mapdata.county "
+ "WHERE county.state = '%1$s' AND substring(fips,3,3) = '%2$s' "
+ "WHERE county.state = :state AND substring(fips,3,3) = :num "
+ "AND ST_Contains(county.the_geom, city.the_geom) "
+ "ORDER BY city.name;";
protected static final String ZONES_CITY_QUERY = //
"SELECT city.name, population, ST_Y(city.the_geom), ST_X(city.the_geom) "
+ "FROM mapdata.city, mapdata.zone "
+ "WHERE zone.state = '%1$s' AND zone.zone = '%2$s' "
+ "WHERE zone.state = :state AND zone.zone = :num "
+ "AND ST_Contains(zone.the_geom, city.the_geom) "
+ "ORDER BY city.name;";
@ -320,6 +321,7 @@ public class AreaDictionaryMaker {
StringBuilder sb = new StringBuilder();
Pattern pattern = Pattern.compile("(\\p{Upper}{2})" + separator
+ "(\\d{3})");
CoreDao dao = new CoreDao(DaoConfig.forDatabase("maps"));
for (Map<String, Object> att : attributes) {
String ean = (String) att.get("editarea");
@ -338,14 +340,15 @@ public class AreaDictionaryMaker {
String fullStateName = this.stateDict.get(state);
String partOfState = PART_OF_STATE.get(att.get("fe_area"));
String wfo = (String) att.get("cwa");
SqlQueryTask task = new SqlQueryTask(String.format(
cityQuery, state, num), "maps");
Map<String, Object> paramMap = new HashMap<>(2, 1);
paramMap.put("state", state);
paramMap.put("num", num);
// retrieve cities for this area
QueryResult citiesResult = null;
try {
citiesResult = task.execute();
citiesResult = dao.executeMappedSQLQuery(cityQuery,
paramMap);
} catch (Exception e) {
statusHandler
.error("Error getting cites for " + ean, e);
@ -407,10 +410,10 @@ public class AreaDictionaryMaker {
}
private void genStateDict() {
SqlQueryTask task = new SqlQueryTask(
"SELECT state, name FROM mapdata.states", "maps");
try {
QueryResult result = task.execute();
CoreDao dao = new CoreDao(DaoConfig.forDatabase("maps"));
QueryResult result = dao
.executeMappedSQLQuery("SELECT state, name FROM mapdata.states");
stateDict = new HashMap<String, String>(result.getResultCount(),
1.0f);
for (QueryResultRow row : result.getRows()) {

9
edexOsgi/com.raytheon.edex.plugin.gfe/src/com/raytheon/edex/plugin/gfe/textproducts/Configurator.java
View file

@ -50,7 +50,8 @@ import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.common.util.FileUtil;
import com.raytheon.uf.edex.database.cluster.ClusterLockUtils;
import com.raytheon.uf.edex.database.cluster.ClusterTask;
import com.raytheon.uf.edex.database.tasks.SqlQueryTask;
import com.raytheon.uf.edex.database.dao.CoreDao;
import com.raytheon.uf.edex.database.dao.DaoConfig;
/**
* Generate and configure text products when needed.
@ -74,7 +75,7 @@ import com.raytheon.uf.edex.database.tasks.SqlQueryTask;
* Cleaned up how protected file updates are returned
* Jan 23, 2015 #4027 randerso Fixed python include path
* Apr 27, 2015 4259 njensen Updated for new JEP API
*
* Jul 13, 2015 4500 rjpeter Removed SqlQueryTask.
* </pre>
*
* @author jelkins
@ -210,8 +211,8 @@ public class Configurator {
lf = pathMgr.getLocalizationFile(context,
FileUtil.join("python", "gfe", "SiteCFG.py"));
SqlQueryTask task = new SqlQueryTask(CWA_QUERY, "maps");
QueryResult results = task.execute();
CoreDao dao = new CoreDao(DaoConfig.forDatabase("maps"));
QueryResult results = dao.executeMappedSQLQuery(CWA_QUERY);
try (PrintWriter out = new PrintWriter(lf.openOutputStream())) {
out.println("##");
out.println("# Contains information about products, regions, etc. for each site");

63
edexOsgi/com.raytheon.edex.plugin.sfcobs/src/com/raytheon/edex/plugin/sfcobs/ingest/MarineInfoSubscriber.java
View file

@ -28,6 +28,8 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.HashMap;
import java.util.Map;
import com.raytheon.uf.common.localization.IPathManager;
import com.raytheon.uf.common.localization.LocalizationContext;
@ -37,7 +39,8 @@ import com.raytheon.uf.common.localization.PathManagerFactory;
import com.raytheon.uf.common.status.IUFStatusHandler;
import com.raytheon.uf.common.status.UFStatus;
import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.edex.database.tasks.SqlStatementTask;
import com.raytheon.uf.edex.database.dao.CoreDao;
import com.raytheon.uf.edex.database.dao.DaoConfig;
import com.raytheon.uf.edex.ndm.ingest.INationalDatasetSubscriber;
/**
@ -51,7 +54,7 @@ import com.raytheon.uf.edex.ndm.ingest.INationalDatasetSubscriber;
* ------------ ---------- ----------- --------------------------
* Apr 11, 2011 bfarmer Initial creation
* Mar 06, 2014 2876 mpduff New NDM plugin.
*
* Jul 13, 2015 4500 rjpeter Fix SQL Injection concerns.
* </pre>
*
* @author bfarmer
@ -137,24 +140,17 @@ public class MarineInfoSubscriber implements INationalDatasetSubscriber {
if ((outFile != null) && outFile.exists()) {
BufferedReader fis = null;
try {
CoreDao dao = new CoreDao(DaoConfig.forDatabase("maps"));
fis = new BufferedReader(new InputStreamReader(
new FileInputStream(outFile)));
try {
SqlStatementTask task = new SqlStatementTask(setupOne,
"maps");
task.execute();
task = new SqlStatementTask(setupTwo, "maps");
task.execute();
task = new SqlStatementTask(setupThree, "maps");
task.execute();
task = new SqlStatementTask(setupFour, "maps");
task.execute();
task = new SqlStatementTask(setupFive, "maps");
task.execute();
task = new SqlStatementTask(setupSix, "maps");
task.execute();
task = new SqlStatementTask(setupSeven, "maps");
task.execute();
dao.executeSQLUpdate(setupOne);
dao.executeSQLUpdate(setupTwo);
dao.executeSQLUpdate(setupThree);
dao.executeSQLUpdate(setupFour);
dao.executeSQLUpdate(setupFive);
dao.executeSQLUpdate(setupSix);
dao.executeSQLUpdate(setupSeven);
} catch (Exception e) {
statusHandler.handle(Priority.CRITICAL,
"Error resetting the MarineInfo DB table, ", e);
@ -163,7 +159,8 @@ public class MarineInfoSubscriber implements INationalDatasetSubscriber {
String line = null;
String[] splitOne = null;
String[] splitTwo = null;
StringBuilder query = null;
StringBuilder query = new StringBuilder();
Map<String, Object> paramMap = new HashMap<>(8, 1);
try {
while ((line = fis.readLine()) != null) {
splitOne = line.split("\\s+", 5);
@ -176,27 +173,21 @@ public class MarineInfoSubscriber implements INationalDatasetSubscriber {
// "INSERT INTO" + DBSCHEMA + "." + DBTABLE
// "(st, name, prog_disc, warngenlev,the_geom) "
// "VALUES('3','4',2,5,GeomFromText('POINT(1, 0)', 4326));"
query = new StringBuilder("INSERT INTO \"");
query.setLength(0);
query.append("INSERT INTO \"");
query.append(DBSCHEMA);
query.append("\".\"");
query.append(DBTABLE);
query.append("\"(st, name, prog_disc, warngenlev, the_geom) VALUES('");
query.append(splitOne[3]); // st
query.append("', '");
query.append(splitTwo[0]); // name
query.append("', ");
query.append(splitOne[2]); // prog_disc
query.append(", ");
query.append(splitTwo[1]); // warngenlev
query.append(", ");
query.append("GeomFromText('POINT(");
query.append(splitOne[1]); // the_geom 1
query.append(" ");
query.append(splitOne[0]); // the_geom 2
query.append(")', 4326));"); // End query
SqlStatementTask task = new SqlStatementTask(
query.toString(), "maps");
task.execute();
query.append("\"(st, name, prog_disc, warngenlev, the_geom) VALUES(");
query.append(":st, :name, :prog_disc, :warngenlev, ");
query.append("GeomFromText('POINT(:geom1, :geom2)', 4326))");
paramMap.put("st", splitOne[3]);
paramMap.put("name", splitTwo[0]);
paramMap.put("prog_disc", splitOne[2]);
paramMap.put("warngenlev", splitTwo[1]);
paramMap.put("geom1", splitOne[1]);
paramMap.put("geom2", splitOne[0]);
dao.executeSQLUpdate(query.toString(), paramMap);
}
} catch (IOException e) {
statusHandler.handle(Priority.PROBLEM,

131
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/GempakGridNavigationRequest.py
View file

@ -1,131 +0,0 @@
#
# GempakGridNavigationRequest
#
# This code has been developed by the SIB for use in the AWIPS2 system.
# Performs a BaseRequest for a grid navigation parameters from GEMPAK.
#
# Usage:
# import GempakGridNavigationRequest
# dataRequest = GempakGridNavigationRequest.GempakGridNavigationRequest()
# dataRequest.setGridId("...")
# return dataRequest.execute()
#
# SOFTWARE HISTORY
#
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 06/02/10 173_partC mgamazaychikov Initial Creation
# 02/02/11 mli add eventName for dynamic model names
#
import BaseRequest
from java.util import ArrayList
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from com.raytheon.edex.uengine.tasks.query import SqlQueryTask
from gov.noaa.nws.ncep.edex.uengine.utility import GempakConvert
class GempakGridNavigationRequest(BaseRequest.BaseRequest):
def __init__(self, pluginName='grib'):
self.eventName = None
self.pluginName = pluginName
if self.pluginName == 'grib':
self.tableName = 'grib_models'
elif self.pluginName == 'ncgrib':
self.tableName = 'ncgrib_models'
BaseRequest.BaseRequest.__init__(self, self.pluginName)
#
# Sets the ICAO parameter for the query
#
def setGridIdParms(self, aGridName, *parms):
for ii in range(len(parms)):
if ii == 0:
#print "setting time to", parms[0]
convert = GempakConvert()
self.query.addParameter("dataTime", convert.dattimToDbtime(parms[0]))
elif ii == 1:
#print "setting eventName to", parms[1]
self.query.addParameter("modelInfo.eventName", parms[1])
self.gridName= aGridName
#
# Execute the BaseRequest and calls the appropriate response function
#
def execute(self):
#
# set up the db query for grib plugin
#
if self.pluginName == 'grib':
#
# Construct the SQL query to retrieve record IDs from bufrua table
#
gridIdQueryHead = "SELECT DISTINCT id FROM " + self.tableName + " WHERE modelname='"
gridIdQueryTail = "'"
gridIdQuery = gridIdQueryHead + self.gridName + gridIdQueryTail
#
#
# Create an instance of SQL Query and execute it
#
self.sqlGridIDQuery = SqlQueryTask(gridIdQuery)
sqlGridIDQueryResults = self.sqlGridIDQuery.execute()
#
# Retrieve the rows into the ArrayList of grid IDs
#
gridID = ArrayList()
gridID = sqlGridIDQueryResults.getRows()
gridIDList = ArrayList()
for gid in gridID:
strID = "%s" % gid
gridIDList.add(strID[1:-1])
szID = gridIDList.size()
if szID == 0:
return self.makeNullResponse()
singleGridId = gridIDList.get(0)
self.query.setCount(1)
modelInfoId = "%s" % singleGridId
#print "modelInfoId=", modelInfoId
self.query.addParameter("modelInfo.id","%s" % singleGridId)
#
# set up the db query for ncgrib plugin
#
elif self.pluginName == 'ncgrib':
self.query.addParameter("modelInfo.modelName","%s" % self.gridName)
# if (self.eventName != None):
# self.query.addParameter("modelInfo.eventName","%s" % self.eventName)
self.query.setCount(1)
#
# execute the query
#
self.queryResults = self.query.execute()
if self.queryResults is None or self.queryResults.size() == 0:
self.makeNullResponse()
else:
return self.__makeResponse()
#
# Builds the return string content and adds it to the response ArrayList
#
def __makeResponse(self):
from com.raytheon.edex.uengine.tasks.decode import FileIn
response = ArrayList()
size = self.queryResults.size()
for i in range(size):
currentQuery = self.queryResults.get(i)
if self.pluginName == 'grib':
content = GempakConvert.getGridNavigationContent(currentQuery.getSpatialObject())
elif self.pluginName == 'ncgrib':
content = GempakConvert.getNcgridNavigationContent(currentQuery.getSpatialObject())
response.add(ResponseMessageGeneric(content))
return response
#
# Returns a string with null response
#
def makeNullResponse(self):
response = ArrayList()
response.add(ResponseMessageGeneric("Database Query returned no results"))
return response

3
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/GempakMcidasHdrRequest.py
View file

@ -18,14 +18,13 @@
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 12/22/09 173_partB mgamazaychikov Initial Creation
# 07/13/15 4500 rjpeter Remove SqlQueryTask
#
import BaseRequest
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from java.util import ArrayList
from gov.noaa.nws.ncep.edex.uengine.utility import GempakConvert
from com.raytheon.edex.uengine.tasks.query import SqlQueryTask
class GempakMcidasHdrRequest(BaseRequest.BaseRequest):

96
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/GempakNcgridNavigationRequest.py
View file

@ -1,96 +0,0 @@
#
# GempakNcgridNavigationRequest
#
# This code has been developed by the SIB for use in the AWIPS2 system.
# Performs a BaseRequest for a grid navigation parameters from GEMPAK.
#
# Usage:
# import GempakNcgridNavigationRequest
# dataRequest = GempakNcgridNavigationRequest.GempakNcgridNavigationRequest()
# dataRequest.setGridId("...")
# return dataRequest.execute()
#
# SOFTWARE HISTORY
#
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 06/02/10 173_partC mgamazaychikov Initial Creation
#
import BaseRequest
from java.util import ArrayList
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from com.raytheon.edex.uengine.tasks.query import SqlQueryTask
from gov.noaa.nws.ncep.edex.uengine.utility import GempakConvert
class GempakNcgridNavigationRequest(BaseRequest.BaseRequest):
def __init__(self):
BaseRequest.BaseRequest.__init__(self, "ncgrib")
#
# Sets the ICAO parameter for the query
#
def setGridId(self, aGridName):
self.gridName= aGridName
#
# Execute the BaseRequest and calls the appropriate response function
#
def execute(self):
#
# Construct the SQL query to retrieve record IDs from bufrua table
#
gridIdQueryHead = "SELECT DISTINCT id FROM ncgrib_models WHERE modelname='"
gridIdQueryTail = "'"
gridIdQuery = gridIdQueryHead + self.gridName + gridIdQueryTail
#
#
# Create an instance of SQL Query and execute it
#
self.sqlGridIDQuery = SqlQueryTask(gridIdQuery)
sqlGridIDQueryResults = self.sqlGridIDQuery.execute()
#
# Retrieve the rows into the ArrayList of grid IDs
#
gridID = ArrayList()
gridID = sqlGridIDQueryResults.getRows()
gridIDList = ArrayList()
for gid in gridID:
strID = "%s" % gid
gridIDList.add(strID[1:-1])
szID = gridIDList.size()
if szID == 0:
return self.makeNullResponse()
singleGridId = gridIDList.get(0)
self.query.setCount(1)
modelInfoId = "%s" % singleGridId
self.query.addParameter("modelInfo.id","%s" % singleGridId)
self.queryResults = self.query.execute()
if self.queryResults is None or self.queryResults.size() == 0:
self.makeNullResponse()
else:
return self.__makeResponse()
#
# Builds the return string content and adds it to the response ArrayList
#
def __makeResponse(self):
from com.raytheon.edex.uengine.tasks.decode import FileIn
response = ArrayList()
size = self.queryResults.size()
for i in range(size):
currentQuery = self.queryResults.get(i)
content = GempakConvert.getNcgridNavigationContent(currentQuery.getSpatialObject())
response.add(ResponseMessageGeneric(content))
return response
#
# Returns a string with null response
#
def makeNullResponse(self):
response = ArrayList()
response.add(ResponseMessageGeneric("Database Query returned no results"))
return response

11
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/GempakSqlQuery.py
View file

@ -18,10 +18,12 @@
# ------------ ---------- ----------- --------------------------
# 06/02/10 173_partC mgamazaychikov Initial Creation.
# 09/09/10 mgamazaychikov Added setSeparator function
# 07/13/15 4500 rjpeter Remove SqlQueryTask
#
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from com.raytheon.uf.common.dataquery.db import QueryResult
from com.raytheon.uf.edex.database.tasks import SqlQueryTask
from com.raytheon.uf.edex.database.dao import CoreDao
from com.raytheon.uf.edex.database.dao import DaoConfig
from java.util import ArrayList
class GempakSqlQuery():
@ -87,11 +89,8 @@ class GempakSqlQuery():
def execute(self):
#self.queryResults = ArrayList()
#
# Create an instance of SQL Query and execute it
#
self.sqlQuery = SqlQueryTask(self.query, self.dbname)
self.queryResults = self.sqlQuery.execute()
dao = CoreDao(DaoConfig.forDatabase(self.dbname))
self.queryResults = dao.executeMappedSQLQuery(self.query)
#
# Make response based on the query results

46
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/HqlQuery.py
View file

@ -1,46 +0,0 @@
##
# This software was developed and / or modified by Raytheon Company,
# pursuant to Contract DG133W-05-CQ-1067 with the US Government.
#
# U.S. EXPORT CONTROLLED TECHNICAL DATA
# This software product contains export-restricted data whose
# export/transfer/disclosure is restricted by U.S. law. Dissemination
# to non-U.S. persons whether in the United States or abroad requires
# an export license or other authorization.
#
# Contractor Name: Raytheon Company
# Contractor Address: 6825 Pine Street, Suite 340
# Mail Stop B8
# Omaha, NE 68106
# 402.291.0100
#
# See the AWIPS II Master Rights File ("Master Rights File.pdf") for
# further licensing information.
##
from com.raytheon.uf.edex.database.tasks import HqlQueryTask
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from java.util import ArrayList
#
# Generalized query script for querying arbitrary rows out of any table in any database
#
#
# SOFTWARE HISTORY
#
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 10/16/08 #1615 bphillip Initial Creation.
#
#
class HqlQuery():
def __init__(self, hqlQuery, dbName="metadata"):
self.__query = HqlQueryTask(hqlQuery, dbName)
def execute(self):
queryResults = self.__query.execute()
response = ArrayList()
response.add(ResponseMessageGeneric(queryResults))
return response

46
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/HqlStatement.py
View file

@ -1,46 +0,0 @@
##
# This software was developed and / or modified by Raytheon Company,
# pursuant to Contract DG133W-05-CQ-1067 with the US Government.
#
# U.S. EXPORT CONTROLLED TECHNICAL DATA
# This software product contains export-restricted data whose
# export/transfer/disclosure is restricted by U.S. law. Dissemination
# to non-U.S. persons whether in the United States or abroad requires
# an export license or other authorization.
#
# Contractor Name: Raytheon Company
# Contractor Address: 6825 Pine Street, Suite 340
# Mail Stop B8
# Omaha, NE 68106
# 402.291.0100
#
# See the AWIPS II Master Rights File ("Master Rights File.pdf") for
# further licensing information.
##
from com.raytheon.uf.edex.database.tasks import HqlStatementTask
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from java.util import ArrayList
#
# Generalized query script for executing non query type hql statements
#
#
# SOFTWARE HISTORY
#
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 10/21/08 #1615 bphillip Initial Creation.
#
#
class HqlStatement():
def __init__(self, hqlQuery,dbName="metadata"):
self.__stmt = HqlStatementTask(hqlQuery,dbName)
def execute(self):
result = self.__stmt.execute()
response = ArrayList()
response.add(ResponseMessageGeneric(result))
return response

11
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/SqlQuery.py
View file

@ -18,7 +18,8 @@
# further licensing information.
##
from com.raytheon.uf.edex.database.tasks import SqlQueryTask
from com.raytheon.uf.edex.database.dao import CoreDao
from com.raytheon.uf.edex.database.dao import DaoConfig
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from java.util import ArrayList
@ -31,16 +32,18 @@ from java.util import ArrayList
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 10/16/08 #1615 bphillip Initial Creation.
#
# 07/13/15 4500 rjpeter Remove SqlQueryTask.
#
class SqlQuery():
def __init__(self, sqlQuery,dbName="metadata"):
self.__query = SqlQueryTask(sqlQuery,dbName)
self.__query = sqlQuery
self.__dbName = dbName
def execute(self):
queryResults = self.__query.execute()
dao = CoreDao(DaoConfig.forDatabase(self.__dbName))
queryResults = dao.executeMappedSQLQuery(self.__query)
response = ArrayList()
response.add(ResponseMessageGeneric(queryResults))
return response

46
edexOsgi/com.raytheon.edex.uengine/utility/edex_static/base/python/SqlStatement.py
View file

@ -1,46 +0,0 @@
##
# This software was developed and / or modified by Raytheon Company,
# pursuant to Contract DG133W-05-CQ-1067 with the US Government.
#
# U.S. EXPORT CONTROLLED TECHNICAL DATA
# This software product contains export-restricted data whose
# export/transfer/disclosure is restricted by U.S. law. Dissemination
# to non-U.S. persons whether in the United States or abroad requires
# an export license or other authorization.
#
# Contractor Name: Raytheon Company
# Contractor Address: 6825 Pine Street, Suite 340
# Mail Stop B8
# Omaha, NE 68106
# 402.291.0100
#
# See the AWIPS II Master Rights File ("Master Rights File.pdf") for
# further licensing information.
##
from com.raytheon.uf.edex.database.tasks import SqlStatementTask
from com.raytheon.uf.common.message.response import ResponseMessageGeneric
from java.util import ArrayList
#
# Generalized query script for executing non query type sql statements
#
#
# SOFTWARE HISTORY
#
# Date Ticket# Engineer Description
# ------------ ---------- ----------- --------------------------
# 10/21/08 #1615 bphillip Initial Creation.
#
#
class SqlStatement():
def __init__(self, sqlQuery,dbName="metadata"):
self.__stmt = SqlStatementTask(sqlQuery,dbName)
def execute(self):
result = self.__stmt.execute()
response = ArrayList()
response.add(ResponseMessageGeneric(result))
return response

122
edexOsgi/com.raytheon.uf.common.dataplugin.ffmp/src/com/raytheon/uf/common/dataplugin/ffmp/FFMPUtils.java
View file

@ -93,8 +93,9 @@ import com.vividsolutions.jts.io.WKTWriter;
* Apr 21, 2014 2060 njensen Remove dependency on grid dataURI column
* Apr 22, 2014 2984 njensen Remove dependency on edex/CoreDao
* Nov 18, 2014 3831 dhladky StatusHandler logging. Proper list sizing.
*
* Jul 13, 2015 4500 rjpeter Fix SQL Injection concerns.
* </pre>
*
* @author dhladky
* @version 1
*/
@ -178,20 +179,20 @@ public class FFMPUtils {
if (results.length > 0) {
if (mode.equals("CAVE")) {
for (int i = 0; i < results.length; i++) {
Object[] results2 = (Object[]) results[i];
for (int j = 0; j < results2.length; j++) {
if (((String) results2[j]) != null) {
pfafs.add(Long.parseLong((String) results2[j]));
for (Object result : results) {
Object[] results2 = (Object[]) result;
for (Object element : results2) {
if (((String) element) != null) {
pfafs.add(Long.parseLong((String) element));
}
}
}
}
else {
for (int j = 0; j < results.length; j++) {
if (((String) results[j]) != null) {
pfafs.add(Long.parseLong((String) results[j]));
for (Object result : results) {
if (((String) result) != null) {
pfafs.add(Long.parseLong((String) result));
}
}
}
@ -217,12 +218,12 @@ public class FFMPUtils {
* DR 13228 state added to the below query
*/
String sql = "SELECT lid, county, name, lat, lon, state FROM location "
+ "where lid in " + "(select distinct(lid) from IngestFilter "
+ "where pe in ('PC', 'PP') " + "and ingest = 'T' "
+ "and dur < 2000)";
+ "where lid in (select distinct(lid) from IngestFilter "
+ "where pe in ('PC', 'PP') and ingest = 'T' and dur < 2000)";
try {
Object[] results = executeSqlQuery(sql, ShefConstants.IHFS);
virtualBasins = new LinkedHashMap<String, FFMPVirtualGageBasinMetaData>(results.length, 1.0f);
virtualBasins = new LinkedHashMap<String, FFMPVirtualGageBasinMetaData>(
results.length, 1.0f);
Geometry poly = getCwaGeometry(cwa, mode);
PreparedGeometry pg = PreparedGeometryFactory.prepare(poly);
Coordinate coor = poly.getCentroid().getCoordinate();
@ -242,7 +243,8 @@ public class FFMPUtils {
}
}
} catch (Exception e) {
statusHandler.error("Error querying Virtual Gage's: +sql: "+sql, e);
statusHandler.error("Error querying Virtual Gage's: +sql: " + sql,
e);
}
return virtualBasins;
@ -266,8 +268,8 @@ public class FFMPUtils {
int j = 1;
if (results.length > 0) {
for (int i = 0; i < results.length; i++) {
String column_name = (String) results[i]/*((Object[]) results[i])[0]*/;
for (Object result : results) {
String column_name = (String) result;
if (column_name.startsWith("upstream")) {
upstreams.add("upstream" + j);
j++;
@ -275,7 +277,8 @@ public class FFMPUtils {
}
}
} catch (SpatialException e) {
statusHandler.error("Error determining upstream depth: +sql: "+sql, e);
statusHandler.error("Error determining upstream depth: +sql: "
+ sql, e);
}
return upstreams;
@ -304,7 +307,8 @@ public class FFMPUtils {
sq = SpatialQueryFactory.create();
results = sq.dbRequest(sql.toString(), MAPS_DB);
} catch (SpatialException e) {
statusHandler.error("Failed to lookup Huc Parameters: sql: "+sql, e);
statusHandler.error("Failed to lookup Huc Parameters: sql: " + sql,
e);
}
String[] pfafs = new String[results.length];
@ -321,8 +325,8 @@ public class FFMPUtils {
int maxDepth = prelimstartDepth;
int startDepth = prelimstartDepth;
for (int i = 0; i < pfafs.length; i++) {
int depth = pfafs[i].substring(prelimstartDepth).indexOf("0");
for (String pfaf : pfafs) {
int depth = pfaf.substring(prelimstartDepth).indexOf("0");
depth = prelimstartDepth + depth;
if (depth > maxDepth) {
maxDepth = depth;
@ -333,15 +337,14 @@ public class FFMPUtils {
if (pfafs.length > 0) {
for (int myMinDepth = maxDepth; myMinDepth > 0; myMinDepth--) {
int ilevelcount = 0;
for (int i = 0; i < pfafs.length; i++) {
int idepth = pfafs[i].substring(prelimstartDepth).indexOf(
"0");
for (String pfaf : pfafs) {
int idepth = pfaf.substring(prelimstartDepth).indexOf("0");
idepth = prelimstartDepth + idepth;
if (idepth >= myMinDepth) {
ilevelcount++;
}
}
if ((ilevelcount / pfafs.length) * 100 < 80) {
if (((ilevelcount / pfafs.length) * 100) < 80) {
startDepth = myMinDepth;
} else {
break;
@ -397,7 +400,8 @@ public class FFMPUtils {
sq = SpatialQueryFactory.create();
results = sq.dbRequest(sql.toString(), MAPS_DB);
} catch (SpatialException e) {
statusHandler.error("Error getting basins: sql:"+sql+"\n", e);
statusHandler.error("Error getting basins: sql:" + sql + "\n",
e);
}
return results;
@ -440,7 +444,8 @@ public class FFMPUtils {
results = sq.dbRequest(builder.toString(), MAPS_DB);
rval = new HashMap<Long, Geometry>(results.length, 1.0f);
} catch (SpatialException e) {
statusHandler.error("Error querying Raw Geometries: +sql: "+builder.toString(), e);
statusHandler.error("Error querying Raw Geometries: +sql: "
+ builder.toString(), e);
}
WKBReader wkbReader = new WKBReader();
@ -516,8 +521,8 @@ public class FFMPUtils {
// sql, FFMPUtils.MAPS_DB, QueryLanguage.SQL);
if (results.length > 0) {
if (mode.equals("EDEX")) {
for (int i = 0; i < results.length; i++) {
Object[] results2 = (Object[]) results[i];
for (Object result : results) {
Object[] results2 = (Object[]) result;
String countyName = null;
String state = null;
@ -537,14 +542,14 @@ public class FFMPUtils {
}
} else {
for (int i = 0; i < results.length; i++) {
for (Object result : results) {
String countyName = null;
String state = null;
Object[] results2 = null;
try {
results2 = (Object[]) results[i];
results2 = (Object[]) result;
if (results2[0] instanceof String) {
countyName = (String) results2[0];
@ -612,17 +617,16 @@ public class FFMPUtils {
if (results != null) {
if (results.length > 0) {
for (int i = 0; i < results.length; i++) {
if (results[i] != null) {
keys.add(new Integer(
(String)results[i]/* ((Object[]) results[i])[0]*/)
.longValue());
for (Object result : results) {
if (result != null) {
keys.add(new Integer((String) result).longValue());
}
}
}
}
} catch (SpatialException e) {
statusHandler.error("Error retreiving COUNTY FIPS list! sql: "+sql, e);
statusHandler.error("Error retreiving COUNTY FIPS list! sql: "
+ sql, e);
}
return removeDuplicates(keys);
@ -681,14 +685,15 @@ public class FFMPUtils {
if (results != null) {
gids = new ArrayList<Long>(results.length);
if (results.length > 0) {
for (int i = 0; i < results.length; i++) {
gids.add(((Number) results[i]).longValue());
for (Object result : results) {
gids.add(((Number) result).longValue());
}
}
}
} catch (SpatialException e) {
statusHandler.error("Error retreiving COUNTY INFO, part 1! sql: "+sql1, e);
statusHandler.error("Error retreiving COUNTY INFO, part 1! sql: "
+ sql1, e);
}
Geometry geom = null;
@ -711,8 +716,8 @@ public class FFMPUtils {
Object[] results = sq.dbRequest(sql, FFMPUtils.MAPS_DB);
if (results.length > 0) {
for (int i = 0; i < results.length; i++) {
Object[] results2 = (Object[]) results[i];
for (Object result : results) {
Object[] results2 = (Object[]) result;
WKBReader wkbReader = new WKBReader();
if (results2[0] != null) {
@ -736,7 +741,8 @@ public class FFMPUtils {
}
} catch (SpatialException e) {
statusHandler.error("Error retreiving COUNTY INFO, part 2! sql: "+sql, e);
statusHandler.error(
"Error retreiving COUNTY INFO, part 2! sql: " + sql, e);
} catch (ParseException e) {
statusHandler.error("Error parsing COUNTY INFO!", e);
}
@ -777,7 +783,8 @@ public class FFMPUtils {
}
} catch (SpatialException e) {
statusHandler.error("Error retrieving basins: sql: "+sql+"\n basin: "+basinId);
statusHandler.error("Error retrieving basins: sql: " + sql
+ "\n basin: " + basinId);
}
return pfaf;
@ -811,7 +818,8 @@ public class FFMPUtils {
coor = new Coordinate(lon, lat);
} catch (SpatialException e) {
statusHandler.error("Error getting radar geometry description: "+sql, e);
statusHandler.error("Error getting radar geometry description: "
+ sql, e);
}
return coor;
@ -869,8 +877,8 @@ public class FFMPUtils {
cwas = new ArrayList<String>();
if (results.length > 0) {
for (int i = 0; i < results.length; i++) {
cwas.add((String) results[i]);
for (Object result : results) {
cwas.add((String) result);
}
}
} catch (Exception e) {
@ -944,7 +952,8 @@ public class FFMPUtils {
ffgHash.add(key);
}
} catch (Exception e) {
statusHandler.error("Error querying FFG parameters: "+request.toString(), e);
statusHandler.error(
"Error querying FFG parameters: " + request.toString(), e);
}
return ffgHash;
@ -970,7 +979,8 @@ public class FFMPUtils {
.route(request);
return response.getEntityObjects(GridRecord.class)[0].getDataURI();
} catch (Exception e) {
statusHandler.error("Error querying FFG Data URIS: "+request.toString(), e);
statusHandler.error(
"Error querying FFG Data URIS: " + request.toString(), e);
}
return null;
@ -1023,7 +1033,8 @@ public class FFMPUtils {
subGrid = new HRAPSubGrid(extent, gridFactor);
} catch (Exception e) {
statusHandler.error("Error looking up XMRG geometry: "+xmrg.toString(), e);
statusHandler.error(
"Error looking up XMRG geometry: " + xmrg.toString(), e);
}
return MapUtil.getGridGeometry(subGrid);
@ -1051,7 +1062,8 @@ public class FFMPUtils {
subGrid = new HRAPSubGrid(extent, gridFactor);
} catch (Exception e) {
statusHandler.error("Error querying XMRG sub grid: "+xmrg.toString(), e);
statusHandler.error(
"Error querying XMRG sub grid: " + xmrg.toString(), e);
}
return subGrid;
@ -1388,14 +1400,8 @@ public class FFMPUtils {
*/
private static Object[] executeSqlQuery(String query, String database)
throws Exception {
// code shamelessly modeled after DirectDbQuery
// TODO DirectDbQuery should be changed to use RequestRouter instead of
// ThriftClient and should be promoted to a common plugin
Map<String, RequestConstraint> constraints = new HashMap<String, RequestConstraint>();
constraints.put("query", new RequestConstraint(query));
constraints.put("database", new RequestConstraint(database));
constraints.put("mode", new RequestConstraint("sqlquery"));
QlServerRequest request = new QlServerRequest(constraints);
QlServerRequest request = new QlServerRequest(query);
request.setDatabase(database);
ResponseMessageGeneric resp = (ResponseMessageGeneric) RequestRouter
.route(request);