use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class WallVisitorUtils method isSimpleConstExpr.
private static boolean isSimpleConstExpr(SQLExpr sqlExpr) {
List<SQLExpr> parts = getParts(sqlExpr);
if (parts.isEmpty()) {
return false;
}
for (SQLExpr part : parts) {
if (isFirst(part)) {
Object evalValue = part.getAttribute(EVAL_VALUE);
if (evalValue == null) {
if (part instanceof SQLBooleanExpr) {
evalValue = ((SQLBooleanExpr) part).getValue();
} else if (part instanceof SQLNumericLiteralExpr) {
evalValue = ((SQLNumericLiteralExpr) part).getNumber();
} else if (part instanceof SQLCharExpr) {
evalValue = ((SQLCharExpr) part).getText();
} else if (part instanceof SQLNCharExpr) {
evalValue = ((SQLNCharExpr) part).getText();
}
}
Boolean result = SQLEvalVisitorUtils.castToBoolean(evalValue);
if (result != null && result) {
return true;
}
}
boolean isSimpleConstExpr = false;
if (part == sqlExpr || part instanceof SQLLiteralExpr) {
isSimpleConstExpr = true;
} else if (part instanceof SQLBinaryOpExpr) {
SQLBinaryOpExpr binaryOpExpr = (SQLBinaryOpExpr) part;
if (binaryOpExpr.getOperator() == SQLBinaryOperator.Equality || binaryOpExpr.getOperator() == SQLBinaryOperator.NotEqual || binaryOpExpr.getOperator() == SQLBinaryOperator.GreaterThan) {
if (binaryOpExpr.getLeft() instanceof SQLIntegerExpr && binaryOpExpr.getRight() instanceof SQLIntegerExpr) {
isSimpleConstExpr = true;
}
}
}
if (!isSimpleConstExpr) {
return false;
}
}
return true;
}
use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class MySqlStatementParser method parseLoadXml.
protected MySqlLoadXmlStatement parseLoadXml() {
acceptIdentifier("XML");
MySqlLoadXmlStatement stmt = new MySqlLoadXmlStatement();
if (identifierEquals(LOW_PRIORITY)) {
stmt.setLowPriority(true);
lexer.nextToken();
}
if (identifierEquals("CONCURRENT")) {
stmt.setConcurrent(true);
lexer.nextToken();
}
if (identifierEquals(LOCAL)) {
stmt.setLocal(true);
lexer.nextToken();
}
acceptIdentifier("INFILE");
SQLLiteralExpr fileName = (SQLLiteralExpr) exprParser.expr();
stmt.setFileName(fileName);
if (lexer.token() == Token.REPLACE) {
stmt.setReplicate(true);
lexer.nextToken();
}
if (identifierEquals(IGNORE)) {
stmt.setIgnore(true);
lexer.nextToken();
}
accept(Token.INTO);
accept(Token.TABLE);
SQLName tableName = exprParser.name();
stmt.setTableName(tableName);
if (identifierEquals(CHARACTER)) {
lexer.nextToken();
accept(Token.SET);
if (lexer.token() != Token.LITERAL_CHARS) {
throw new ParserException("syntax error, illegal charset");
}
String charset = lexer.stringVal();
lexer.nextToken();
stmt.setCharset(charset);
}
if (identifierEquals("ROWS")) {
lexer.nextToken();
accept(Token.IDENTIFIED);
accept(Token.BY);
SQLExpr rowsIdentifiedBy = exprParser.expr();
stmt.setRowsIdentifiedBy(rowsIdentifiedBy);
}
if (identifierEquals(IGNORE)) {
throw new ParserException("TODO");
}
if (lexer.token() == Token.SET) {
throw new ParserException("TODO");
}
return stmt;
}
use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class WallVisitorUtils method check.
public static boolean check(WallVisitor visitor, SQLBinaryOpExpr x) {
if (x.getOperator() == SQLBinaryOperator.BooleanOr || x.getOperator() == SQLBinaryOperator.BooleanAnd) {
List<SQLExpr> groupList = SQLUtils.split(x);
for (SQLExpr item : groupList) {
item.accept(visitor);
}
return false;
}
if (x.getOperator() == SQLBinaryOperator.Add || x.getOperator() == SQLBinaryOperator.Concat) {
List<SQLExpr> groupList = SQLUtils.split(x);
if (groupList.size() >= 4) {
int chrCount = 0;
for (int i = 0; i < groupList.size(); ++i) {
SQLExpr item = groupList.get(i);
if (item instanceof SQLMethodInvokeExpr) {
SQLMethodInvokeExpr methodExpr = (SQLMethodInvokeExpr) item;
String methodName = methodExpr.getMethodName().toLowerCase();
if ("chr".equals(methodName) || "char".equals(methodName)) {
if (methodExpr.getParameters().get(0) instanceof SQLLiteralExpr) {
chrCount++;
}
}
} else if (item instanceof SQLCharExpr) {
if (((SQLCharExpr) item).getText().length() > 5) {
chrCount = 0;
continue;
}
}
if (chrCount >= 4) {
addViolation(visitor, ErrorCode.EVIL_CONCAT, "evil concat", x);
break;
}
}
}
}
return true;
}
Aggregations