Example 91 with SQLName
use of com.alibaba.druid.sql.ast.SQLName in project druid by alibaba.
the class SchemaStatVisitor method visit.
public boolean visit(SQLSelectQueryBlock x) {
if (x.getFrom() == null) {
return false;
}
setMode(x, Mode.Select);
if (x.getFrom() instanceof SQLSubqueryTableSource) {
x.getFrom().accept(this);
return false;
}
if (x.getInto() != null && x.getInto().getExpr() instanceof SQLName) {
SQLName into = (SQLName) x.getInto().getExpr();
String ident = into.toString();
TableStat stat = getTableStat(ident);
if (stat != null) {
stat.incrementInsertCount();
}
}
String originalTable = getCurrentTable();
if (x.getFrom() instanceof SQLExprTableSource) {
SQLExprTableSource tableSource = (SQLExprTableSource) x.getFrom();
if (tableSource.getExpr() instanceof SQLName) {
String ident = tableSource.getExpr().toString();
setCurrentTable(x, ident);
x.putAttribute(ATTR_TABLE, ident);
if (x.getParent() instanceof SQLSelect) {
x.getParent().putAttribute(ATTR_TABLE, ident);
}
x.putAttribute("_old_local_", originalTable);
}
}
if (x.getFrom() != null) {
// 提前执行,获得aliasMap
x.getFrom().accept(this);
String table = (String) x.getFrom().getAttribute(ATTR_TABLE);
if (table != null) {
x.putAttribute(ATTR_TABLE, table);
}
}
if (x.getWhere() != null) {
x.getWhere().setParent(x);
}
return true;
}Example 92 with SQLName
use of com.alibaba.druid.sql.ast.SQLName in project druid by alibaba.
the class SchemaStatVisitor method visit.
@Override
public boolean visit(SQLInsertStatement x) {
setMode(x, Mode.Insert);
setAliasMap();
String originalTable = getCurrentTable();
if (x.getTableName() instanceof SQLName) {
String ident = ((SQLName) x.getTableName()).toString();
setCurrentTable(ident);
x.putAttribute("_old_local_", originalTable);
TableStat stat = getTableStat(ident);
stat.incrementInsertCount();
Map<String, String> aliasMap = getAliasMap();
putAliasMap(aliasMap, x.getAlias(), ident);
putAliasMap(aliasMap, ident, ident);
}
accept(x.getColumns());
accept(x.getQuery());
return false;
}Example 93 with SQLName
use of com.alibaba.druid.sql.ast.SQLName in project druid by alibaba.
the class MySqlWallVisitor method visit.
@Override
public boolean visit(MySqlShowCreateTableStatement x) {
String tableName = ((SQLName) x.getName()).getSimpleName();
WallContext context = WallContext.current();
if (context != null) {
WallSqlTableStat tableStat = context.getTableStat(tableName);
if (tableStat != null) {
tableStat.incrementShowCount();
}
}
return false;
}
Also used :
WallSqlTableStat(com.alibaba.druid.wall.WallSqlTableStat)
SQLName(com.alibaba.druid.sql.ast.SQLName)
WallContext(com.alibaba.druid.wall.WallContext)
Example 94 with SQLName
use of com.alibaba.druid.sql.ast.SQLName in project druid by alibaba.
the class WallVisitorUtils method check.
public static boolean check(WallVisitor visitor, SQLExprTableSource x) {
final WallTopStatementContext topStatementContext = wallTopStatementContextLocal.get();
SQLExpr expr = x.getExpr();
if (expr instanceof SQLPropertyExpr) {
boolean checkResult = checkSchema(visitor, ((SQLPropertyExpr) expr).getOwner());
if (!checkResult) {
return false;
}
}
if (expr instanceof SQLName) {
String tableName = ((SQLName) expr).getSimpleName();
WallContext context = WallContext.current();
if (context != null) {
WallSqlTableStat tableStat = context.getTableStat(tableName);
if (tableStat != null) {
SQLObject parent = x.getParent();
while (parent instanceof SQLTableSource) {
parent = parent.getParent();
}
if (parent instanceof SQLSelectQueryBlock) {
SQLSelectQueryBlock queryBlock = (SQLSelectQueryBlock) parent;
if (x == queryBlock.getInto()) {
tableStat.incrementSelectIntoCount();
} else {
tableStat.incrementSelectCount();
}
} else if (parent instanceof SQLTruncateStatement) {
tableStat.incrementTruncateCount();
} else if (parent instanceof SQLInsertStatement) {
tableStat.incrementInsertCount();
} else if (parent instanceof SQLDeleteStatement) {
tableStat.incrementDeleteCount();
} else if (parent instanceof SQLUpdateStatement) {
tableStat.incrementUpdateCount();
} else if (parent instanceof MySqlReplaceStatement) {
tableStat.incrementReplaceCount();
}
}
}
if (topStatementContext != null && (topStatementContext.fromSysSchema || topStatementContext.fromSysTable)) {
return true;
}
if (visitor.isDenyTable(tableName) && !(topStatementContext != null && topStatementContext.fromPermitTable())) {
if (isTopStatementWithTableSource(x) || isFirstSelectTableSource(x)) {
if (topStatementContext != null) {
topStatementContext.setFromSysTable(Boolean.TRUE);
clearViolation(visitor);
}
return false;
}
boolean isTopNoneFrom = isTopNoneFromSelect(visitor, x);
if (isTopNoneFrom) {
return false;
}
addViolation(visitor, ErrorCode.TABLE_DENY, "deny table : " + tableName, x);
return false;
}
if (visitor.getConfig().getPermitTables().contains(tableName)) {
if (isFirstSelectTableSource(x)) {
if (topStatementContext != null) {
topStatementContext.setFromPermitTable(Boolean.TRUE);
}
return false;
}
}
}
return true;
}
Also used :
WallSqlTableStat(com.alibaba.druid.wall.WallSqlTableStat)
SQLObject(com.alibaba.druid.sql.ast.SQLObject)
SQLName(com.alibaba.druid.sql.ast.SQLName)
SQLPropertyExpr(com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)
WallContext(com.alibaba.druid.wall.WallContext)
Example 95 with SQLName
use of com.alibaba.druid.sql.ast.SQLName in project druid by alibaba.
the class WallVisitorUtils method getValue.
public static Object getValue(WallVisitor visitor, SQLBinaryOpExpr x) {
if (x.getOperator() == SQLBinaryOperator.BooleanOr) {
List<SQLExpr> groupList = SQLUtils.split(x);
boolean allFalse = true;
for (int i = groupList.size() - 1; i >= 0; --i) {
SQLExpr item = groupList.get(i);
Object result = getValue(visitor, item);
Boolean booleanVal = SQLEvalVisitorUtils.castToBoolean(result);
if (Boolean.TRUE == booleanVal) {
final WallConditionContext wallContext = WallVisitorUtils.getWallConditionContext();
if (wallContext != null && !isFirst(item)) {
wallContext.setPartAlwayTrue(true);
}
return true;
}
if (Boolean.FALSE != booleanVal) {
allFalse = false;
}
}
if (allFalse) {
return false;
}
return null;
}
if (x.getOperator() == SQLBinaryOperator.BooleanAnd) {
List<SQLExpr> groupList = SQLUtils.split(x);
int dalConst = 0;
Boolean allTrue = Boolean.TRUE;
for (int i = groupList.size() - 1; i >= 0; --i) {
SQLExpr item = groupList.get(i);
Object result = getValue(visitor, item);
Boolean booleanVal = SQLEvalVisitorUtils.castToBoolean(result);
if (Boolean.TRUE == booleanVal) {
final WallConditionContext wallContext = WallVisitorUtils.getWallConditionContext();
if (wallContext != null && !isFirst(item)) {
wallContext.setPartAlwayTrue(true);
}
dalConst++;
} else if (Boolean.FALSE == booleanVal) {
final WallConditionContext wallContext = WallVisitorUtils.getWallConditionContext();
if (wallContext != null && !isFirst(item)) {
wallContext.setPartAlwayFalse(true);
}
allTrue = Boolean.FALSE;
dalConst++;
} else {
if (allTrue != Boolean.FALSE) {
allTrue = null;
}
dalConst = 0;
}
if (dalConst == 2 && visitor != null && !visitor.getConfig().isConditionDoubleConstAllow()) {
addViolation(visitor, ErrorCode.DOUBLE_CONST_CONDITION, "double const condition", x);
}
}
if (Boolean.TRUE == allTrue) {
return true;
} else if (Boolean.FALSE == allTrue) {
return false;
}
return null;
}
boolean checkCondition = visitor != null && (!visitor.getConfig().isConstArithmeticAllow() || !visitor.getConfig().isConditionOpBitwseAllow() || !visitor.getConfig().isConditionOpXorAllow());
if (x.getLeft() instanceof SQLName) {
if (x.getRight() instanceof SQLName) {
if (x.getLeft().toString().equalsIgnoreCase(x.getRight().toString())) {
switch(x.getOperator()) {
case Equality:
case Like:
return Boolean.TRUE;
case NotEqual:
case GreaterThan:
case GreaterThanOrEqual:
case LessThan:
case LessThanOrEqual:
case LessThanOrGreater:
case NotLike:
return Boolean.FALSE;
default:
break;
}
}
} else if (!checkCondition) {
switch(x.getOperator()) {
case Equality:
case NotEqual:
case GreaterThan:
case GreaterThanOrEqual:
case LessThan:
case LessThanOrEqual:
case LessThanOrGreater:
return null;
default:
break;
}
}
}
if (x.getLeft() instanceof SQLValuableExpr && x.getRight() instanceof SQLValuableExpr) {
Object leftValue = ((SQLValuableExpr) x.getLeft()).getValue();
Object rightValue = ((SQLValuableExpr) x.getRight()).getValue();
if (x.getOperator() == SQLBinaryOperator.Equality) {
boolean evalValue = SQLEvalVisitorUtils.eq(leftValue, rightValue);
x.putAttribute(EVAL_VALUE, evalValue);
return evalValue;
} else if (x.getOperator() == SQLBinaryOperator.NotEqual) {
boolean evalValue = SQLEvalVisitorUtils.eq(leftValue, rightValue);
x.putAttribute(EVAL_VALUE, !evalValue);
return !evalValue;
}
}
Object leftResult = getValue(visitor, x.getLeft());
Object rightResult = getValue(visitor, x.getRight());
if (x.getOperator() == SQLBinaryOperator.Like && leftResult instanceof String && leftResult.equals(rightResult)) {
addViolation(visitor, ErrorCode.SAME_CONST_LIKE, "same const like", x);
}
if (x.getOperator() == SQLBinaryOperator.Like || x.getOperator() == SQLBinaryOperator.NotLike) {
WallContext context = WallContext.current();
if (context != null) {
if (rightResult instanceof Number || leftResult instanceof Number) {
context.incrementLikeNumberWarnings();
}
}
}
String dbType = null;
WallContext wallContext = WallContext.current();
if (wallContext != null) {
dbType = wallContext.getDbType();
}
return eval(visitor, dbType, x, Collections.emptyList());
}
Also used :
SQLName(com.alibaba.druid.sql.ast.SQLName)
SQLObject(com.alibaba.druid.sql.ast.SQLObject)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)
SQLValuableExpr(com.alibaba.druid.sql.ast.expr.SQLValuableExpr)
WallContext(com.alibaba.druid.wall.WallContext)
Aggregations
SQLName (com.alibaba.druid.sql.ast.SQLName)102
SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)33
TableStat (com.alibaba.druid.stat.TableStat)20
ParserException (com.alibaba.druid.sql.parser.ParserException)17
SQLIdentifierExpr (com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr)8
SQLObject (com.alibaba.druid.sql.ast.SQLObject)6
SQLPropertyExpr (com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)6
SQLExprTableSource (com.alibaba.druid.sql.ast.statement.SQLExprTableSource)6
WallContext (com.alibaba.druid.wall.WallContext)6
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)5
SQLColumnDefinition (com.alibaba.druid.sql.ast.statement.SQLColumnDefinition)5
WallSqlTableStat (com.alibaba.druid.wall.WallSqlTableStat)5
SQLPartition (com.alibaba.druid.sql.ast.SQLPartition)4
SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)4
SQLQueryExpr (com.alibaba.druid.sql.ast.expr.SQLQueryExpr)4
SQLCreateTableStatement (com.alibaba.druid.sql.ast.statement.SQLCreateTableStatement)4
SQLTableElement (com.alibaba.druid.sql.ast.statement.SQLTableElement)4
SQLSubPartition (com.alibaba.druid.sql.ast.SQLSubPartition)3
SQLLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)3
SQLSelect (com.alibaba.druid.sql.ast.statement.SQLSelect)3
