src/hg/lib/wiggleUtils.c 080a160c7b9595d516c9c70e83689a09b60839d0

080a160c7b9595d516c9c70e83689a09b60839d0
galt
  Mon Jun 3 12:16:53 2013 -0700
fix SQL Injection
diff --git src/hg/lib/wiggleUtils.c src/hg/lib/wiggleUtils.c
index 8d126a5..805d91c 100644
--- src/hg/lib/wiggleUtils.c
+++ src/hg/lib/wiggleUtils.c
@@ -217,31 +217,31 @@
 	safef(spanName, ArraySize(spanName), "%u", span);
 	el = hashLookup(spans, spanName);
 	if ( el == NULL)
 	    {
 	    if (span > maxSpan) maxSpan = span;
 	    if (span < minSpan) minSpan = span;
 	    ++spanCount;
 	    hashAddInt(spans, spanName, span);
 	    }
 	}
     prevTdbSpanList = TRUE;
     }
 else
     {
     /* just use first span if trackDb doesn't have spanList */
-    safef(query, ArraySize(query),
+    sqlSafef(query, ArraySize(query),
 	"SELECT span from %s where chrom = '%s' limit 1", table, chrom);
     char *tmpSpan = sqlQuickString(conn, query);
     // if there's no data on this chrom just return 1 arbitrarily
     minSpan = 1;
     if (tmpSpan != NULL)
 	minSpan = sqlUnsigned(tmpSpan);
     }
 
 freeHash(&spans);
 prevMin = minSpan;
 return minSpan;
 }	/*	int minSpan()	*/
 
 
 int spanInUse(struct sqlConnection *conn, char *table, char *chrom,
@@ -256,44 +256,44 @@
 int spanInUse = 0;
 struct hashCookie cookie;
 int insideWidth;
 int minSpan = BIGNUM;
 int maxSpan = 0;
 int spanCount = 0;
 struct hash *spans = newHash(0);	/*	list of spans in this table */
 struct hashEl *el;
 int insideX = hgDefaultGfxBorder;
 int pixWidth = atoi(cartUsualString(cart, "pix", DEFAULT_PIX_WIDTH ));
 boolean withLeftLabels = cartUsualBoolean(cart, "leftLabels", TRUE);
 
 /*	winEnd less than 1 (i.e. == 0), we need to find this chrom size	*/
 if (winEnd < 1)
     {
-    safef(query, ArraySize(query),
+    sqlSafef(query, ArraySize(query),
 	"SELECT size from chromInfo where chrom = '%s'", chrom);
     sr = sqlMustGetResult(conn,query);
     if ((row = sqlNextRow(sr)) == NULL)
 	errAbort("spanInUse: query failed: '%s'\n", query);
     winEnd = sqlUnsigned(row[0]);
     sqlFreeResult(&sr);
     if (winEnd < 1)
 	errAbort("spanInUse: failed to find valid chrom size via query: '%s'\n", query);
     }
 
 /*	This is a time expensive query,
  *	~3 to 6 seconds on large chroms full of data	*/
-safef(query, ArraySize(query),
+sqlSafef(query, ArraySize(query),
     "SELECT span from %s where chrom = '%s' group by span", table, chrom);
 
 sr = sqlMustGetResult(conn,query);
 while ((row = sqlNextRow(sr)) != NULL)
     {
     char spanName[128];
     unsigned span = sqlUnsigned(row[0]);
 
     safef(spanName, ArraySize(spanName), "%u", span);
     el = hashLookup(spans, spanName);
     if ( el == NULL)
 	{
 	if (span > maxSpan) maxSpan = span;
 	if (span < minSpan) minSpan = span;
 	++spanCount;
@@ -349,31 +349,31 @@
 	(tdb->settingsHash != (struct hash *)NULL))
 	{
 	if ((hel = hashLookup(tdb->settingsHash, SPANLIST)) != NULL)
 	    {
 	    freeMem(tdbDefault);
 	    tdbDefault = cloneString((char *)hel->val);
 	    }
 	}
     }
 /* if we still don't have a spanList, or we got "first" for spanList,
  * make up spanList by choosing the first span we find in the table */
 //if (sameWord("NONE",tdbDefault) || sameWord("first",tdbDefault))
 else if( sameWord("first",tdbDefault))
     {
     char query[1024];
-    snprintf(query, sizeof(query), "SELECT span FROM %s limit 1", tdb->table );
+    sqlSafef(query, sizeof(query), "SELECT span FROM %s limit 1", tdb->table );
     char *tmpSpan = sqlQuickString(conn, query);
     AllocArray(ret,2);
     ret[0] = sqlUnsigned(tmpSpan);
     ret[1] = 0;
     freeMem(tmpSpan);
     }
 else
     {
     /*	If something found, let's parse it	*/
     int i;
     char *words[MAX_SPAN_COUNT];
     int wc;
     wc = chopCommas(tdbDefault,words);
     AllocArray(ret,wc+1);	/*	+ 1 for the extra zero	*/
     for ( i = 0; i < wc; ++i )
@@ -600,31 +600,31 @@
     wigFree(&el);
     }
 *pList = NULL;
 }
 
 static struct bed *bedElement(char *chrom, unsigned start, unsigned end,
 	char *table, unsigned lineCount)
 {
 struct bed *bed;
 char name[128];
 
 AllocVar(bed);
 bed->chrom = cloneString(chrom);
 bed->chromStart = start;
 bed->chromEnd = end;
-snprintf(name, sizeof(name), "%s.%u",
+safef(name, sizeof(name), "%s.%u",
     chrom, lineCount);
 bed->name = cloneString(name);
 return bed;
 }
 
 struct wigStatsAcc
 /* statistic accumulators */
     {
     unsigned span;	/* span of this data */
     unsigned start;	/* beginning chrom position */
     unsigned end;	/* end chrom position */
     double lowerLimit;	/* lowest data value in this block */
     double upperLimit;	/* highest data value in this block */
     double sumData;	/* sum of data values in this block */
     double sumSquares;	/* sum of data values squared */
@@ -814,76 +814,76 @@
 spans = newHash(0);	/*	a listing of all spans found here	*/
 
 resetStats(&wigStatsAcc);	/*	zero everything	*/
 
 
 /*	Are the constraints going to interfere with our span search ? */
 if (constraints)
     {
     char *c = cloneString(constraints);
     tolowers(c);
     if (stringIn("span",c))
 	bewareConstraints = TRUE;
     }
 
 if (bewareConstraints)
-    snprintf(query, sizeof(query),
-	"SELECT span from %s where chrom = '%s' AND %s group by span",
+    sqlSafef(query, sizeof(query),
+	"SELECT span from %s where chrom = '%s' AND %-s group by span",
 	table, chromName, constraints );
 else
-    snprintf(query, sizeof(query),
+    sqlSafef(query, sizeof(query),
 	"SELECT span from %s where chrom = '%s' group by span",
 	table, chromName );
 
 /*	Survey the spans to see what the story is here */
 
 sr = sqlMustGetResult(conn,query);
 while ((row = sqlNextRow(sr)) != NULL)
 {
     unsigned span = sqlUnsigned(row[0]);
 
     ++rowCount;
 
-    snprintf(spanName, sizeof(spanName), "%u", span);
+    safef(spanName, sizeof(spanName), "%u", span);
     el = hashLookup(spans, spanName);
     if ( el == NULL)
 	{
 	if (span > mostSpan) mostSpan = span;
 	if (span < leastSpan) leastSpan = span;
 	++spanCount;
 	hashAddInt(spans, spanName, span);
 	}
 
     }
 sqlFreeResult(&sr);
 
 /*	Now, using that span list, go through each span, fetching data	*/
 cookie = hashFirst(spans);
 while ((! reachedDataLimit) && (el = hashNext(&cookie)) != NULL)
     {
     if ((struct wiggleStats **)NULL != wsList)
 	returnStats(&wigStatsAcc,wsList,chromName,winStart,winEnd,span);
 
     resetStats(&wigStatsAcc);
 
     if (bewareConstraints)
 	{
-	snprintf(whereSpan, sizeof(whereSpan), "((span = %s) AND %s)", el->name,
+	sqlSafef(whereSpan, sizeof(whereSpan), "((span = %s) AND %-s)", el->name,
 	    constraints);
 	}
     else
-	snprintf(whereSpan, sizeof(whereSpan), "span = %s", el->name);
+	sqlSafef(whereSpan, sizeof(whereSpan), "span = %s", el->name);
 
     span = atoi(el->name);
 
     sr = hOrderedRangeQuery(conn, table, chromName, winStart, winEnd,
         whereSpan, &rowOffset);
 
     rowCount = 0;
     while ((! reachedDataLimit) && (row = sqlNextRow(sr)) != NULL)
 	{
 	++rowCount;
 	wiggle = wiggleLoad(row + rowOffset);
 	if (wiggle->count > 0 && (! reachedDataLimit))
 	    {
 	    wigData = wigReadDataRow(wiggle, winStart, winEnd,
 		    tableId, summaryOnly, wiggleCompare );