From 682f66e6d9cd7729da6299db81e7fa69abdafa33 Mon Sep 17 00:00:00 2001
From: "Andrey.Tarashevskiy" <fantocci@gmail.com>
Date: Fri, 7 Aug 2020 14:48:40 +0300
Subject: [PATCH] `wrapAsExpression` somehow makes program fail with "debug"
 log level #1006

Possible injection point in inserts fixed
---
 .../exposed/sql/statements/InsertStatement.kt | 14 ++++++---
 .../sql/tests/shared/dml/InsertTests.kt       | 30 +++++++++++++++++++
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/exposed-core/src/main/kotlin/org/jetbrains/exposed/sql/statements/InsertStatement.kt b/exposed-core/src/main/kotlin/org/jetbrains/exposed/sql/statements/InsertStatement.kt
index 48de3d3167..9ade4186ab 100644
--- a/exposed-core/src/main/kotlin/org/jetbrains/exposed/sql/statements/InsertStatement.kt
+++ b/exposed-core/src/main/kotlin/org/jetbrains/exposed/sql/statements/InsertStatement.kt
@@ -157,9 +157,15 @@ open class InsertStatement<Key:Any>(val table: Table, val isIgnore: Boolean = fa
             listOf(result).apply { field = this }
         }
 
-    override fun arguments() = arguments!!.map { args ->
-        args.filter { (_, value) ->
-            value != DefaultValueMarker  && value !is Expression<*>
-        }.map { it.first.columnType to it.second }
+    override fun arguments() : List<Iterable<Pair<IColumnType, Any?>>> {
+        return arguments!!.map { args ->
+            val builder = QueryBuilder(true)
+            args.filter { (_, value) ->
+                value != DefaultValueMarker
+            }.forEach { (column, value) ->
+                builder.registerArgument(column, value)
+            }
+            builder.args
+        }
     }
 }
diff --git a/exposed-tests/src/test/kotlin/org/jetbrains/exposed/sql/tests/shared/dml/InsertTests.kt b/exposed-tests/src/test/kotlin/org/jetbrains/exposed/sql/tests/shared/dml/InsertTests.kt
index 2ef3531082..db86270c6e 100644
--- a/exposed-tests/src/test/kotlin/org/jetbrains/exposed/sql/tests/shared/dml/InsertTests.kt
+++ b/exposed-tests/src/test/kotlin/org/jetbrains/exposed/sql/tests/shared/dml/InsertTests.kt
@@ -244,6 +244,36 @@ class InsertTests : DatabaseTestsBase() {
         }
     }
 
+    @Test fun testInsertWithColumnExpression() {
+
+        val tbl1 = object : IntIdTable("testInsert1") {
+            val string1 = varchar("stringCol", 20)
+        }
+        val tbl2 = object : IntIdTable("testInsert2") {
+            val string2 = varchar("stringCol", 20).nullable()
+        }
+
+        fun verify(value: String) {
+            val row = tbl2.select{ tbl2.string2 eq value }.single()
+            assertEquals(row[tbl2.string2], value)
+        }
+
+        withTables(tbl1, tbl2) {
+            addLogger(StdOutSqlLogger)
+
+            val id = tbl1.insertAndGetId {
+                it[string1] = " _exp1_ "
+            }
+
+            val expr1 = tbl1.string1.trim().substring(2, 4)
+            tbl2.insert {
+                it[string2] = wrapAsExpression(tbl1.slice(expr1).select { tbl1.id eq id })
+            }
+
+            verify("exp1")
+        }
+    }
+
     private object OrderedDataTable : IntIdTable()
     {
         val name = text("name")