[tools] testbot/orm: Protect DBIBackend::LoadItem() from invalid keys.

[Francois Gouget]

Check that the requested key has the right number of parts to avoid a
crash during the SQL execution.

Signed-off-by: Francois Gouget <fgouget at codeweavers.com>
---
 testbot/lib/ObjectModel/DBIBackEnd.pm | 29 +++++++++++++--------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/testbot/lib/ObjectModel/DBIBackEnd.pm b/testbot/lib/ObjectModel/DBIBackEnd.pm
index 07b838d74..62332c1f6 100644
--- a/testbot/lib/ObjectModel/DBIBackEnd.pm
+++ b/testbot/lib/ObjectModel/DBIBackEnd.pm
@@ -169,22 +169,19 @@ sub BuildKeyWhere($$$)
 {
   my ($self, $PropertyDescriptors, $Where) = @_;
 
+  # Faster than join+map+grep
+  my $PartCount;
   foreach my $PropertyDescriptor (@{$PropertyDescriptors})
   {
-    if ($PropertyDescriptor->GetIsKey())
+    next if (!$PropertyDescriptor->GetIsKey());
+    foreach my $ColName (@{$PropertyDescriptor->GetColNames()})
     {
-      foreach my $ColName (@{$PropertyDescriptor->GetColNames()})
-      {
-        if ($Where ne "")
-        {
-          $Where .= " AND ";
-        }
-        $Where .= "$ColName = ?";
-      }
+      $Where .= " AND " if ($Where ne "");
+      $Where .= "$ColName = ?";
+      $PartCount++;
     }
   }
-
-  return $Where;
+  return ($PartCount, $Where);
 }
 
 =pod
@@ -422,8 +419,10 @@ sub LoadItem($$$)
     $Where = join(" = ? AND ", @{$MasterColNames}) . " = ?";
     push @Data, @{$MasterColValues};
   }
-  $Where = $self->BuildKeyWhere($Collection->GetPropertyDescriptors(), $Where);
-  push @Data, $Collection->SplitKey($RequestedKey);
+  (my $PartCount, $Where) = $self->BuildKeyWhere($Collection->GetPropertyDescriptors(), $Where);
+  my @KeyParts = $Collection->SplitKey($RequestedKey);
+  return undef if ($PartCount != @KeyParts);
+  push @Data, @KeyParts;
 
   my $Query = "SELECT $Fields FROM " . $Collection->GetTableName();
   if ($Where ne "")
@@ -572,7 +571,7 @@ sub BuildUpdateStatement($$$$)
   {
     $Where = join(" = ? AND ", @{$MasterColNames}) . " = ?";
   }
-  $Where = $self->BuildKeyWhere($PropertyDescriptors, $Where);
+  (my $_PartCount, $Where) = $self->BuildKeyWhere($PropertyDescriptors, $Where);
 
   return "UPDATE $TableName SET $Fields WHERE $Where";
 }
@@ -713,7 +712,7 @@ sub DeleteItem($$)
     $Where = join(" = ? AND ", @{$MasterColNames}) . " = ?";
     push @Data, @{$MasterColValues};
   }
-  $Where = $self->BuildKeyWhere($Item->GetPropertyDescriptors(), $Where);
+  (my $_PartCount, $Where) = $self->BuildKeyWhere($Item->GetPropertyDescriptors(), $Where);
   push @Data, $Item->GetKeyComponents();
 
   my $Statement = $self->GetDb()->prepare("DELETE FROM " .
-- 
2.30.2