Example 96 with SQLExpr
use of com.alibaba.druid.sql.ast.SQLExpr in project druid by alibaba.
the class OneParamFunctions method eval.
public Object eval(SQLEvalVisitor visitor, SQLMethodInvokeExpr x) {
if (x.getParameters().size() == 0) {
return SQLEvalVisitor.EVAL_ERROR;
}
SQLExpr param = x.getParameters().get(0);
param.accept(visitor);
Object paramValue = param.getAttributes().get(EVAL_VALUE);
if (paramValue == null) {
return SQLEvalVisitor.EVAL_ERROR;
}
if (paramValue == EVAL_VALUE_NULL) {
return EVAL_VALUE_NULL;
}
String method = x.getMethodName();
if ("md5".equalsIgnoreCase(method)) {
String text = paramValue.toString();
return Utils.md5(text);
}
if ("bit_count".equalsIgnoreCase(method)) {
if (paramValue instanceof BigInteger) {
return ((BigInteger) paramValue).bitCount();
}
if (paramValue instanceof BigDecimal) {
BigDecimal decimal = (BigDecimal) paramValue;
BigInteger bigInt = decimal.setScale(0, BigDecimal.ROUND_HALF_UP).toBigInteger();
return bigInt.bitCount();
}
Long val = SQLEvalVisitorUtils.castToLong(paramValue);
return Long.bitCount(val);
}
if ("soundex".equalsIgnoreCase(method)) {
String text = paramValue.toString();
return soundex(text);
}
if ("space".equalsIgnoreCase(method)) {
int intVal = SQLEvalVisitorUtils.castToInteger(paramValue);
char[] chars = new char[intVal];
for (int i = 0; i < chars.length; ++i) {
chars[i] = ' ';
}
return new String(chars);
}
throw new UnsupportedOperationException(method);
}
Also used :
BigInteger(java.math.BigInteger)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
BigDecimal(java.math.BigDecimal)
Example 97 with SQLExpr
use of com.alibaba.druid.sql.ast.SQLExpr in project druid by alibaba.
the class WallVisitorUtils method checkSelelct.
public static void checkSelelct(WallVisitor visitor, SQLSelectQueryBlock x) {
for (SQLSelectItem item : x.getSelectList()) {
item.setParent(x);
}
if (x.getInto() != null) {
checkReadOnly(visitor, x.getInto());
}
if (!visitor.getConfig().isSelectIntoAllow() && x.getInto() != null) {
addViolation(visitor, ErrorCode.SELECT_INTO_NOT_ALLOW, "select into not allow", x);
return;
}
if (x.getFrom() != null) {
x.getFrom().setParent(x);
}
SQLExpr where = x.getWhere();
if (where != null) {
where.setParent(x);
checkCondition(visitor, x.getWhere());
Object whereValue = getConditionValue(visitor, where, visitor.getConfig().isSelectWhereAlwayTrueCheck());
if (Boolean.TRUE == whereValue) {
if (visitor.getConfig().isSelectWhereAlwayTrueCheck() && visitor.isSqlEndOfComment() && !isSimpleConstExpr(where)) {
// 简单表达式
addViolation(visitor, ErrorCode.ALWAYS_TRUE, "select alway true condition not allow", x);
}
}
}
checkSelectForMultiTenant(visitor, x);
// checkConditionForMultiTenant(visitor, x.getWhere(), x);
}Example 98 with SQLExpr
use of com.alibaba.druid.sql.ast.SQLExpr in project druid by alibaba.
the class WallVisitorUtils method checkSchema.
private static boolean checkSchema(WallVisitor visitor, SQLExpr x) {
final WallTopStatementContext topStatementContext = wallTopStatementContextLocal.get();
if (topStatementContext != null && (topStatementContext.fromSysSchema || topStatementContext.fromSysTable)) {
return true;
}
if (x instanceof SQLName) {
String owner = ((SQLName) x).getSimpleName();
owner = WallVisitorUtils.form(owner);
if (isInTableSource(x) && !visitor.getProvider().checkDenySchema(owner)) {
if (!isTopStatementWithTableSource(x) && !isFirstSelectTableSource(x) && !isFirstInSubQuery(x)) {
SQLObject parent = x.getParent();
while (parent != null && !(parent instanceof SQLStatement)) {
parent = parent.getParent();
}
boolean sameToTopSelectSchema = false;
if (parent instanceof SQLSelectStatement) {
SQLSelectStatement selectStmt = (SQLSelectStatement) parent;
SQLSelectQuery query = selectStmt.getSelect().getQuery();
if (query instanceof SQLSelectQueryBlock) {
SQLSelectQueryBlock queryBlock = (SQLSelectQueryBlock) query;
SQLTableSource from = queryBlock.getFrom();
while (from instanceof SQLJoinTableSource) {
from = ((SQLJoinTableSource) from).getLeft();
}
if (from instanceof SQLExprTableSource) {
SQLExpr expr = ((SQLExprTableSource) from).getExpr();
if (expr instanceof SQLPropertyExpr) {
SQLExpr schemaExpr = ((SQLPropertyExpr) expr).getOwner();
if (schemaExpr instanceof SQLIdentifierExpr) {
String schema = ((SQLIdentifierExpr) schemaExpr).getName();
schema = form(schema);
if (schema.equalsIgnoreCase(owner)) {
sameToTopSelectSchema = true;
}
}
}
}
}
}
if (!sameToTopSelectSchema) {
addViolation(visitor, ErrorCode.SCHEMA_DENY, "deny schema : " + owner, x);
}
} else {
if (topStatementContext != null) {
topStatementContext.setFromSysSchema(Boolean.TRUE);
clearViolation(visitor);
}
}
return true;
}
if (visitor.getConfig().isDenyObjects(owner)) {
addViolation(visitor, ErrorCode.OBJECT_DENY, "deny object : " + owner, x);
return true;
}
}
// if (ownerExpr instanceof SQLPropertyExpr) {
if (x instanceof SQLPropertyExpr) {
return checkSchema(visitor, ((SQLPropertyExpr) x).getOwner());
}
return true;
}
Also used :
SQLObject(com.alibaba.druid.sql.ast.SQLObject)
SQLName(com.alibaba.druid.sql.ast.SQLName)
SQLIdentifierExpr(com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr)
SQLPropertyExpr(com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
Example 99 with SQLExpr
use of com.alibaba.druid.sql.ast.SQLExpr in project druid by alibaba.
the class WallVisitorUtils method checkDelete.
public static void checkDelete(WallVisitor visitor, SQLDeleteStatement x) {
checkReadOnly(visitor, x.getTableSource());
WallConfig config = visitor.getConfig();
if (!config.isDeleteAllow()) {
addViolation(visitor, ErrorCode.INSERT_NOT_ALLOW, "delete not allow", x);
return;
}
boolean hasUsing = false;
if (x instanceof MySqlDeleteStatement) {
hasUsing = ((MySqlDeleteStatement) x).getUsing() != null;
}
boolean isJoinTableSource = x.getTableSource() instanceof SQLJoinTableSource;
if (x.getWhere() == null && (!hasUsing) && !isJoinTableSource) {
WallContext context = WallContext.current();
if (context != null) {
context.incrementDeleteNoneConditionWarnings();
}
if (config.isDeleteWhereNoneCheck()) {
addViolation(visitor, ErrorCode.NONE_CONDITION, "delete none condition not allow", x);
return;
}
}
SQLExpr where = x.getWhere();
if (where != null) {
checkCondition(visitor, where);
if (Boolean.TRUE == getConditionValue(visitor, where, config.isDeleteWhereAlwayTrueCheck())) {
if (config.isDeleteWhereAlwayTrueCheck() && visitor.isSqlEndOfComment() && !isSimpleConstExpr(where)) {
addViolation(visitor, ErrorCode.ALWAYS_TRUE, "delete alway true condition not allow", x);
}
}
}
// checkConditionForMultiTenant(visitor, x.getWhere(), x);
}
Also used :
MySqlDeleteStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDeleteStatement)
WallConfig(com.alibaba.druid.wall.WallConfig)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
WallContext(com.alibaba.druid.wall.WallContext)
Example 100 with SQLExpr
use of com.alibaba.druid.sql.ast.SQLExpr in project druid by alibaba.
the class WallVisitorUtils method checkSelectForMultiTenant.
private static void checkSelectForMultiTenant(WallVisitor visitor, SQLSelectQueryBlock x) {
TenantCallBack tenantCallBack = visitor.getConfig().getTenantCallBack();
String tenantTablePattern = visitor.getConfig().getTenantTablePattern();
if (tenantCallBack == null && (tenantTablePattern == null || tenantTablePattern.length() == 0)) {
return;
}
if (x == null) {
throw new IllegalStateException("x is null");
}
if (!isSelectStatmentForMultiTenant(x)) {
return;
}
SQLTableSource tableSource = x.getFrom();
String alias = null;
String matchTableName = null;
String tenantColumn = null;
if (tableSource instanceof SQLExprTableSource) {
SQLExpr tableExpr = ((SQLExprTableSource) tableSource).getExpr();
if (tableExpr instanceof SQLIdentifierExpr) {
String tableName = ((SQLIdentifierExpr) tableExpr).getName();
if (tenantCallBack != null) {
tenantColumn = tenantCallBack.getTenantColumn(StatementType.SELECT, tableName);
}
if (StringUtils.isEmpty(tenantColumn) && ServletPathMatcher.getInstance().matches(tenantTablePattern, tableName)) {
tenantColumn = visitor.getConfig().getTenantColumn();
}
if (!StringUtils.isEmpty(tenantColumn)) {
matchTableName = tableName;
alias = tableSource.getAlias();
}
}
} else if (tableSource instanceof SQLJoinTableSource) {
SQLJoinTableSource join = (SQLJoinTableSource) tableSource;
if (join.getLeft() instanceof SQLExprTableSource) {
SQLExpr tableExpr = ((SQLExprTableSource) join.getLeft()).getExpr();
if (tableExpr instanceof SQLIdentifierExpr) {
String tableName = ((SQLIdentifierExpr) tableExpr).getName();
if (tenantCallBack != null) {
tenantColumn = tenantCallBack.getTenantColumn(StatementType.SELECT, tableName);
}
if (StringUtils.isEmpty(tenantColumn) && ServletPathMatcher.getInstance().matches(tenantTablePattern, tableName)) {
tenantColumn = visitor.getConfig().getTenantColumn();
}
if (!StringUtils.isEmpty(tenantColumn)) {
matchTableName = tableName;
alias = join.getLeft().getAlias();
if (alias == null) {
alias = tableName;
}
}
}
checkJoinSelectForMultiTenant(visitor, join, x);
} else {
checkJoinSelectForMultiTenant(visitor, join, x);
}
}
if (matchTableName == null) {
return;
}
SQLExpr item = null;
if (alias != null) {
item = new SQLPropertyExpr(new SQLIdentifierExpr(alias), tenantColumn);
} else {
item = new SQLIdentifierExpr(tenantColumn);
}
SQLSelectItem selectItem = new SQLSelectItem(item);
x.getSelectList().add(selectItem);
visitor.setSqlModified(true);
}
Also used :
TenantCallBack(com.alibaba.druid.wall.WallConfig.TenantCallBack)
SQLIdentifierExpr(com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr)
SQLPropertyExpr(com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
Aggregations
SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)225
SQLIdentifierExpr (com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr)42
SQLName (com.alibaba.druid.sql.ast.SQLName)33
SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)30
ParserException (com.alibaba.druid.sql.parser.ParserException)23
SQLObject (com.alibaba.druid.sql.ast.SQLObject)22
SQLPropertyExpr (com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)17
SQLIntegerExpr (com.alibaba.druid.sql.ast.expr.SQLIntegerExpr)16
SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)13
SQLSelectQueryBlock (com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock)13
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)12
ArrayList (java.util.ArrayList)12
SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)11
SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)10
SQLSelectItem (com.alibaba.druid.sql.ast.statement.SQLSelectItem)10
SQLSelectQuery (com.alibaba.druid.sql.ast.statement.SQLSelectQuery)10
SQLOrderBy (com.alibaba.druid.sql.ast.SQLOrderBy)8
MySqlSelectQueryBlock (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock)8
SQLNumberExpr (com.alibaba.druid.sql.ast.expr.SQLNumberExpr)7
SQLExprTableSource (com.alibaba.druid.sql.ast.statement.SQLExprTableSource)7
