Fix for Bug#107543 (Bug#34464351), Cannot execute a SELECT statement that writes to an OUTFILE.

Change-Id: If84169f6f9f0671afdbc869751fd6e0dca00d207

Author: fjssilva

CHANGES

@@ -3,6 +3,8 @@
 
 Version 9.5.0
 
+  - Fix for Bug#107543 (Bug#34464351), Cannot execute a SELECT statement that writes to an OUTFILE.
+
   - Fix for Bug#17881458, BEHAVIOR OF SETBINARYSTREAM() METHOD IS DIFFERENT WHEN USESERVERPREPSTMTS=TRUE.
 
   - Fix for Bug#45554 (Bug#11754018), Connector/J does not encode binary data if useServerPrepStatements=false.

src/main/core-api/java/com/mysql/cj/QueryInfo.java

@@ -42,7 +42,9 @@
 public class QueryInfo {
 
     private static final String OPENING_MARKERS = "`'\"";
+    private static final String OPENING_MARKERS_WITH_PARENS = "`'\"(";
     private static final String CLOSING_MARKERS = "`'\"";
+    private static final String CLOSING_MARKERS_WITH_PARENS = "`'\")";
     private static final String OVERRIDING_MARKERS = "";
 
     private static final String SELECT_STATEMENT = "SELECT";
@@ -57,6 +59,7 @@ public class QueryInfo {
     private static final String AS_CLAUSE = "AS";
     private static final String[] ODKU_CLAUSE = new String[] { "ON", "DUPLICATE", "KEY", "UPDATE" };
     private static final String LAST_INSERT_ID_FUNC = "LAST_INSERT_ID";
+    private static final String INTO_CLAUSE = "INTO";
 
     private QueryInfo baseQueryInfo = null;
 
@@ -814,15 +817,16 @@ public static boolean isReadOnlySafeQuery(String sql, boolean noBackslashEscapes
     public static QueryReturnType getQueryReturnType(String sql, boolean noBackslashEscapes) {
         /*
          * Statements that return results:
-         * - ANALYZE; CHECK/CHECKSUM; DESC/DESCRIBE; EXPLAIN; HELP; OPTIMIZE; REPAIR; SELECT; SHOW; TABLE; VALUES; WITH ... SELECT|TABLE|VALUES ...; XA RECOVER;
+         * - ANALYZE; CHECK/CHECKSUM; DESC/DESCRIBE; EXPLAIN; HELP; OPTIMIZE; REPAIR; SELECT (exc. [... INTO]); SHOW; TABLE (exc. [... INTO]); VALUES; WITH ...
+         * SELECT|TABLE|VALUES ...; XA RECOVER;
          *
          * Statements that may return results:
          * - CALL; EXECUTE;
          *
          * Statements that do not return results:
          * - ALTER; BINLOG; CACHE; CHANGE; CLONE; COMMIT; CREATE; DEALLOCATE; DELETE; DO; DROP; FLUSH; GET; GRANT; HANDLER; IMPORT; INSERT; INSTALL; KILL; LOAD;
-         * - LOCK; PREPARE; PURGE; RELEASE; RENAME; REPLACE; RESET; RESIGNAL; RESTART; REVOKE; ROLLBACK; SAVEPOINT; SET; SHUTDOWN; SIGNAL; START; STOP;
-         * - TRUNCATE; UNINSTALL; UNLOCK; UPDATE; USE; WITH ... DELETE|UPDATE ...; XA [!RECOVER];
+         * LOCK; PREPARE; PURGE; RELEASE; RENAME; REPLACE; RESET; RESIGNAL; RESTART; REVOKE; ROLLBACK; SAVEPOINT; SELECT ... INTO; SET; SHUTDOWN; SIGNAL; START;
+         * STOP; TABLE ... INTO; TRUNCATE; UNINSTALL; UNLOCK; UPDATE; USE; WITH ... DELETE|UPDATE ...; XA [!RECOVER];
          */
         int statementKeywordPos = indexOfStatementKeyword(sql, noBackslashEscapes);
         if (statementKeywordPos == -1) {
@@ -848,9 +852,11 @@ public static QueryReturnType getQueryReturnType(String sql, boolean noBackslash
         } else if (firstStatementChar == 'R' && StringUtils.startsWithIgnoreCaseAndWs(sql, "REPAIR", statementKeywordPos)) {
             return QueryReturnType.PRODUCES_RESULT_SET;
         } else if (firstStatementChar == 'S' && (StringUtils.startsWithIgnoreCaseAndWs(sql, "SELECT", statementKeywordPos)
+                && !containsIntoClause(statementKeywordPos, sql, noBackslashEscapes)
                 || StringUtils.startsWithIgnoreCaseAndWs(sql, "SHOW", statementKeywordPos))) {
             return QueryReturnType.PRODUCES_RESULT_SET;
-        } else if (firstStatementChar == 'T' && StringUtils.startsWithIgnoreCaseAndWs(sql, "TABLE", statementKeywordPos)) {
+        } else if (firstStatementChar == 'T' && StringUtils.startsWithIgnoreCaseAndWs(sql, "TABLE", statementKeywordPos)
+                && !containsIntoClause(statementKeywordPos, sql, noBackslashEscapes)) {
             return QueryReturnType.PRODUCES_RESULT_SET;
         } else if (firstStatementChar == 'V' && StringUtils.startsWithIgnoreCaseAndWs(sql, "VALUES", statementKeywordPos)) {
             return QueryReturnType.PRODUCES_RESULT_SET;
@@ -870,6 +876,23 @@ public static QueryReturnType getQueryReturnType(String sql, boolean noBackslash
         return QueryReturnType.DOES_NOT_PRODUCE_RESULT_SET;
     }
 
+    /**
+     * Checks whether the given input string contains an "INTO" clause, starting from the specified position, while optionally considering MySQL's
+     * NO_BACKSLASH_ESCAPES SQL mode for escape sequence handling.
+     *
+     * @param startingPosition
+     *            the position in the string to begin the search
+     * @param searchIn
+     *            the string to search for the "INTO" clause
+     * @param noBackslashEscapes
+     *            whether backslash escapes should be ignored (true for NO_BACKSLASH_ESCAPES mode)
+     * @return {@code true} if the "INTO" clause is found in the input string from the given position, {@code false} otherwise
+     */
+    private static boolean containsIntoClause(int startingPosition, String searchIn, boolean noBackslashEscapes) {
+        return StringUtils.indexOfIgnoreCase(startingPosition, searchIn, INTO_CLAUSE, OPENING_MARKERS_WITH_PARENS, CLOSING_MARKERS_WITH_PARENS,
+                noBackslashEscapes ? SearchMode.__MRK_COM_MYM_HNT_WS : SearchMode.__FULL) != -1;
+    }
+
     /**
      * Returns the context of the WITH statement. The context can be: SELECT, TABLE, VALUES, UPDATE or DELETE. This operation does not take into consideration
      * the multiplicity of queries in the specified SQL.
@@ -885,7 +908,7 @@ private static String getContextForWithStatement(String sql, boolean noBackslash
         String commentsFreeSql = StringUtils.stripCommentsAndHints(sql, OPENING_MARKERS, CLOSING_MARKERS, !noBackslashEscapes);
 
         // Iterate through statement words, skipping all sub-queries sections enclosed by parens.
-        StringInspector strInspector = new StringInspector(commentsFreeSql, OPENING_MARKERS + "(", CLOSING_MARKERS + ")", OPENING_MARKERS,
+        StringInspector strInspector = new StringInspector(commentsFreeSql, OPENING_MARKERS_WITH_PARENS, CLOSING_MARKERS_WITH_PARENS, OPENING_MARKERS,
                 noBackslashEscapes ? SearchMode.__MRK_COM_MYM_HNT_WS : SearchMode.__BSE_MRK_COM_MYM_HNT_WS);
         boolean asFound = false;
         while (true) {

src/test/java/testsuite/regression/StatementRegressionTest.java

@@ -11810,10 +11810,8 @@ public void testBug103878() throws Exception {
      */
     @Test
     public void testBug23204652() throws Exception {
-        assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.", () -> {
-            this.stmt.executeQuery("DO 1 + 2");
-            return null;
-        });
+        assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.",
+                () -> this.stmt.executeQuery("DO 1 + 2"));
     }
 
     /**
@@ -11826,19 +11824,15 @@ public void testBug71929() throws Exception {
         String[] queries = new String[] { "CREATE TABLE testBug71929 (id INT)", "/* comments */CREATE TABLE testBug71929 (id INT)",
                 "/* comments *//* more comments */CREATE TABLE testBug71929 (id INT)" };
         for (String query : queries) {
-            assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.", () -> {
-                this.stmt.executeQuery(query);
-                return null;
-            });
+            assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.",
+                    () -> this.stmt.executeQuery(query));
         }
 
         queries = new String[] { "SELECT 1", "/* comments */SELECT 1", "/* comments *//* more comments */SELECT 1" };
         for (String query : queries) {
             assertThrows(SQLException.class,
-                    "Statement\\.executeUpdate\\(\\) or Statement\\.executeLargeUpdate\\(\\) cannot issue statements that produce result sets\\.", () -> {
-                        this.stmt.executeUpdate(query);
-                        return null;
-                    });
+                    "Statement\\.executeUpdate\\(\\) or Statement\\.executeLargeUpdate\\(\\) cannot issue statements that produce result sets\\.",
+                    () -> this.stmt.executeUpdate(query));
         }
     }
 
@@ -14580,4 +14574,90 @@ private void testBug17881458Clob() throws Exception {
         }
     }
 
+    /**
+     * Tests fix for Bug#107543 (Bug#34464351), Cannot execute a SELECT statement that writes to an OUTFILE.
+     * (INTO variable variant)
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testBug107543_IntoVar() throws Exception {
+        // Test 1: execute() with INTO @var
+        this.stmt.execute("SELECT 'testBug107543_1' INTO @testbug107543_a");
+        assertEquals("testBug107543_1", getSingleValueWithQuery("SELECT @testbug107543_a"));
+
+        // Test 2: executeUpdate() with INTO @var
+        this.stmt.executeUpdate("SELECT 'testBug107543_2' INTO @testbug107543_b");
+        assertEquals("testBug107543_2", getSingleValueWithQuery("SELECT @testbug107543_b"));
+
+        // Test 3: executeQuery() with INTO @var
+        assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.",
+                () -> this.stmt.executeQuery("SELECT 'testBug107543_3' INTO @testbug107543_c"));
+    }
+
+    /**
+     * Tests fix for Bug#107543 (Bug#34464351), Cannot execute a SELECT statement that writes to an OUTFILE.
+     * (INTO file variant)
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testBug107543_IntoFile() throws Exception {
+        String filePrivDir = getMysqlVariable("secure_file_priv");
+        assumeTrue(filePrivDir != null && !"NULL".equalsIgnoreCase(filePrivDir),
+                "To run this test the server needs to be started with the option\"--secure-file-priv=\"");
+        filePrivDir = filePrivDir.isEmpty() ? Paths.get("").toAbsolutePath().toString() : Paths.get(filePrivDir).toRealPath().toString();
+        filePrivDir = filePrivDir.endsWith(File.separator) ? filePrivDir : filePrivDir + File.separator;
+
+        createTable("testBug107543", "(txt VARCHAR(100))");
+        this.stmt.executeUpdate("INSERT INTO testBug107543 VALUES ('MySQL Connector/J')");
+
+        Path dataFilePath = Paths.get(filePrivDir, "testbug107543.dat");
+        for (String statement : new String[] { "SELECT * FROM", "TABLE" }) {
+            for (String outType : new String[] { "OUTFILE", "DUMPFILE" }) {
+                final String sql = statement + " testBug107543 INTO " + outType + " '" + dataFilePath.toString() + "'";
+
+                // Test 1: execute() with INTO [OUTFILE | DUMPFILE]
+                try {
+                    this.stmt.execute(sql);
+                    List<String> lines = Files.readAllLines(dataFilePath);
+                    assertEquals(1, lines.size());
+                    assertEquals("MySQL Connector/J", lines.get(0));
+                } finally {
+                    try {
+                        Files.delete(dataFilePath);
+                    } catch (Exception e) {
+                        // Ignore.
+                    }
+                }
+
+                // Test 2: executeUpdate() with INTO [OUTFILE | DUMPFILE]
+                try {
+                    this.stmt.executeUpdate(sql);
+                    List<String> lines = Files.readAllLines(dataFilePath);
+                    assertEquals(1, lines.size());
+                    assertEquals("MySQL Connector/J", lines.get(0));
+                } finally {
+                    try {
+                        Files.delete(dataFilePath);
+                    } catch (Exception e) {
+                        // Ignore.
+                    }
+                }
+
+                // Test 3: executeQuery() with INTO [OUTFILE | DUMPFILE]
+                try {
+                    assertThrows(SQLException.class, "Statement\\.executeQuery\\(\\) cannot issue statements that do not produce result sets\\.",
+                            () -> this.stmt.executeQuery(sql));
+                } finally {
+                    try {
+                        Files.delete(dataFilePath);
+                    } catch (Exception e) {
+                        // Ignore.
+                    }
+                }
+            }
+        }
+    }
+
 }