From fc6a92526472000b90a6c691193e9a7b0ce299fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jacek=20G=C4=99bal?= Date: Mon, 2 Sep 2019 12:11:36 +0100 Subject: [PATCH 1/2] Resolve security issues around insecure username for utplsql owner Resolves #920 --- source/core/ut_utils.pkb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/core/ut_utils.pkb b/source/core/ut_utils.pkb index 9641275ea..693b56441 100644 --- a/source/core/ut_utils.pkb +++ b/source/core/ut_utils.pkb @@ -554,7 +554,7 @@ create or replace package body ut_utils is function ut_owner return varchar2 is begin - return sys_context('userenv','current_schema'); + return qualified_sql_name( sys_context('userenv','current_schema') ); end; function scale_cardinality(a_cardinality natural) return natural is From 055ea8d79c7014c4fbaf3a7fa54b97dc676701d9 Mon Sep 17 00:00:00 2001 From: Samuel Nitsche Date: Tue, 3 Sep 2019 22:43:29 +0200 Subject: [PATCH 2/2] Adjusted download script to use some cookie logic --- .travis/download.js | 18 +++++++++--------- .travis/download.sh | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.travis/download.js b/.travis/download.js index 339001c57..67c45fac6 100644 --- a/.travis/download.js +++ b/.travis/download.js @@ -19,20 +19,19 @@ var agreementUrl = casper.cli.get(2); var downloadUrl = casper.cli.get(3); var downloaded = false; +phantom.addCookie({ + 'name': 'oraclelicense', + 'value': '152021', + 'domain': 'oracle.com' + }); + casper.start(); // TODO: Error handling. -// Accept the license agreement. -casper.thenOpen(agreementUrl, function () { - // this.echo("Accepting License"); - this.evaluate(function () { - acceptAgreement(window.self); - }); -}); // Try to access the download page, wait for redirection and submit the login form. casper.thenOpen(downloadUrl).waitForUrl(/signon\.jsp$/, function (re) { - // this.echo("Injecting Login Info"); + //this.echo("Injecting Login Info"); this.evaluate(function (username, password) { document.getElementById("sso_username").value = username; document.getElementById("ssopassword").value = password; @@ -42,8 +41,9 @@ casper.thenOpen(downloadUrl).waitForUrl(/signon\.jsp$/, function (re) { }); casper.on("resource.received", function (resource) { + //this.echo("Received something: " + resource.url); if (resource.url.indexOf("AuthParam") !== -1 && !downloaded) { - // this.echo("DownloadUrl:"); + //this.echo("DownloadUrl:"); // Print the download url. this.echo(resource.url); downloaded = true; diff --git a/.travis/download.sh b/.travis/download.sh index fdbcdef7c..8dfa1942d 100755 --- a/.travis/download.sh +++ b/.travis/download.sh @@ -62,6 +62,7 @@ fi if [ "$PRODUCT" == "sqlcl" ]; then agreementUrl="http://www.oracle.com/technetwork/developer-tools/sqlcl/downloads/index.html" downloadUrl="https://download.oracle.com/otn/java/sqldeveloper/sqlcl-18.3.0.259.2029.zip" + #downloadUrl="https://download.oracle.com/otn/java/sqldeveloper/sqlcl-19.2.1.206.1649.zip" outputFile=sqlcl-18.3.0.259.2029.zip downloadFile $agreementUrl $downloadUrl $outputFile exit 0