SQLInjectionError DML/DDL Operations Not Allowed In BIP 12c
(Doc ID 2693837.1)
Last updated on SEPTEMBER 22, 2023
Applies to:
BI Publisher (formerly XML Publisher) - Version 12.2 to 12.2 [Release 12.2]Information in this document applies to any platform.
Symptoms
On : 12.2.1.4.0 version
When running reports directly from BI Publisher application the following error occurs:
[2020-07-09T11:34:16.013+03:00] [bi_server1] [NOTIFICATION] [] [oracle.xdo] [tid: 1507] [userId: <anonymous>] [ecid: e65e2953-73e2-4f84-9554-8268c1b26ff2-00002ce1,0:26] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] [200709_11340016][dp id:1555815887][sch info:]SQLInjection Error: DML / DDL Operations not allowed... INSERT[[
]]
[2020-07-09T11:34:16.013+03:00] [bi_server1] [NOTIFICATION] [] [oracle.xdo] [tid: 1507] [userId: <anonymous>] [ecid: e65e2953-73e2-4f84-9554-8268c1b26ff2-00002ce1,0:26] [APP: bipublisher] [partition-name: DOMAIN] [tenant-name: GLOBAL] [SI-Key: ssi] [200709_11340016][dp id:1555815887][sch info:]oracle.xdo.XDOException: oracle.xdo.dataengine.datasource.plugin.DataAccessException: SQLInjection Error: DML / DDL Operations not allowed[[
at oracle.xdo.dataengine.datasource.NSQueryStatement.<init>(NSQueryStatement.java:56)
at oracle.xdo.dataengine.datasource.DataSetStatement.createDataSetStatement(DataSetStatement.java:88)
at oracle.xdo.dataengine.XMLPGEN.processNSQuery(XMLPGEN.java:2921)
at oracle.xdo.dataengine.XMLPGEN.processMergedDataSet(XMLPGEN.java:1944)
at oracle.xdo.dataengine.XMLPGEN.processMergedDataSet(XMLPGEN.java:3601)
at oracle.xdo.dataengine.DataProcessor.processData(DataProcessor.java:386)
at oracle.xdo.servlet.dataengine.DataProcessorImpl.processData(DataProcessorImpl.java:310)
at oracle.xdo.servlet.dataengine.DataProcessorImpl.render(DataProcessorImpl.java:687)
at oracle.xdo.servlet.ReportModelContextImpl.getReportXMLData(ReportModelContextImpl.java:416)
at oracle.xdo.servlet.ReportContextImplV2.getReportXMLData(ReportContextImplV2.java:167)
at oracle.xdo.servlet.CoreProcessor.process(CoreProcessor.java:537)
at oracle.xdo.servlet.CoreProcessor.generateDocument(CoreProcessor.java:109)
at oracle.xdo.servlet.ReportImpl.renderBodyHTTP(ReportImpl.java:1435)
at oracle.xdo.servlet.ReportImpl.renderReportBodyHTTP(ReportImpl.java:397)
at oracle.xdo.servlet.resources.ReportItemServiceImpl$ReportItemRunner.call(ReportItemServiceImpl.java:113)
at oracle.xdo.servlet.resources.ReportItemServiceImpl$ReportItemRunner.call(ReportItemServiceImpl.java:78)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Caused by: oracle.xdo.dataengine.datasource.plugin.DataAccessException: SQLInjection Error: DML / DDL Operations not allowed
at oracle.xdo.dataengine.diagnostic.ExceptionHandler.createExceptionMsg(ExceptionHandler.java:146)
at oracle.xdo.dataengine.diagnostic.ExceptionHandler.createException(ExceptionHandler.java:154)
at oracle.xdo.dataengine.util.SQLUtil.checkForDMLKeyWords(SQLUtil.java:551)
at oracle.xdo.dataengine.datasource.plugin.sql.NSQueryDataSet.validateQueryForSQLInjection(NSQueryDataSet.java:504)
at oracle.xdo.dataengine.datasource.plugin.sql.NSQueryDataSet.setQueryString(NSQueryDataSet.java:96)
at oracle.xdo.dataengine.datasource.NSQueryStatement.initDataSet(NSQueryStatement.java:120)
at oracle.xdo.dataengine.datasource.NSQueryStatement.<init>(NSQueryStatement.java:53)
... 19 more
Changes
SQL INSERT statements are used in these BIP reports in 11g environment. These reports have been successfully migrated from 11g(11.1.1.7.1) to 12c (12.2.1.4.0) and they are working fine in 11g. Reports are throwing this error in 12c environment.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |