Example 6 with SQLLiteralExpr
use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class WallVisitorUtils method isSimpleConstExpr.
private static boolean isSimpleConstExpr(SQLExpr sqlExpr) {
List<SQLExpr> parts = getParts(sqlExpr);
if (parts.isEmpty()) {
return false;
}
for (SQLExpr part : parts) {
if (isFirst(part)) {
Object evalValue = part.getAttribute(EVAL_VALUE);
if (evalValue == null) {
if (part instanceof SQLBooleanExpr) {
evalValue = ((SQLBooleanExpr) part).getValue();
} else if (part instanceof SQLNumericLiteralExpr) {
evalValue = ((SQLNumericLiteralExpr) part).getNumber();
} else if (part instanceof SQLCharExpr) {
evalValue = ((SQLCharExpr) part).getText();
} else if (part instanceof SQLNCharExpr) {
evalValue = ((SQLNCharExpr) part).getText();
}
}
Boolean result = SQLEvalVisitorUtils.castToBoolean(evalValue);
if (result != null && result) {
return true;
}
}
boolean isSimpleConstExpr = false;
if (part == sqlExpr || part instanceof SQLLiteralExpr) {
isSimpleConstExpr = true;
} else if (part instanceof SQLBinaryOpExpr) {
SQLBinaryOpExpr binaryOpExpr = (SQLBinaryOpExpr) part;
if (binaryOpExpr.getOperator() == SQLBinaryOperator.Equality || binaryOpExpr.getOperator() == SQLBinaryOperator.NotEqual || binaryOpExpr.getOperator() == SQLBinaryOperator.GreaterThan) {
if (binaryOpExpr.getLeft() instanceof SQLIntegerExpr && binaryOpExpr.getRight() instanceof SQLIntegerExpr) {
isSimpleConstExpr = true;
}
}
}
if (!isSimpleConstExpr) {
return false;
}
}
return true;
}
Also used :
SQLBooleanExpr(com.alibaba.druid.sql.ast.expr.SQLBooleanExpr)
SQLNumericLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)
SQLCharExpr(com.alibaba.druid.sql.ast.expr.SQLCharExpr)
SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)
SQLIntegerExpr(com.alibaba.druid.sql.ast.expr.SQLIntegerExpr)
SQLObject(com.alibaba.druid.sql.ast.SQLObject)
SQLNCharExpr(com.alibaba.druid.sql.ast.expr.SQLNCharExpr)
SQLBinaryOpExpr(com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
Example 7 with SQLLiteralExpr
use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class MySqlStatementParser method parseLoadXml.
protected MySqlLoadXmlStatement parseLoadXml() {
acceptIdentifier("XML");
MySqlLoadXmlStatement stmt = new MySqlLoadXmlStatement();
if (identifierEquals(LOW_PRIORITY)) {
stmt.setLowPriority(true);
lexer.nextToken();
}
if (identifierEquals("CONCURRENT")) {
stmt.setConcurrent(true);
lexer.nextToken();
}
if (identifierEquals(LOCAL)) {
stmt.setLocal(true);
lexer.nextToken();
}
acceptIdentifier("INFILE");
SQLLiteralExpr fileName = (SQLLiteralExpr) exprParser.expr();
stmt.setFileName(fileName);
if (lexer.token() == Token.REPLACE) {
stmt.setReplicate(true);
lexer.nextToken();
}
if (identifierEquals(IGNORE)) {
stmt.setIgnore(true);
lexer.nextToken();
}
accept(Token.INTO);
accept(Token.TABLE);
SQLName tableName = exprParser.name();
stmt.setTableName(tableName);
if (identifierEquals(CHARACTER)) {
lexer.nextToken();
accept(Token.SET);
if (lexer.token() != Token.LITERAL_CHARS) {
throw new ParserException("syntax error, illegal charset");
}
String charset = lexer.stringVal();
lexer.nextToken();
stmt.setCharset(charset);
}
if (identifierEquals("ROWS")) {
lexer.nextToken();
accept(Token.IDENTIFIED);
accept(Token.BY);
SQLExpr rowsIdentifiedBy = exprParser.expr();
stmt.setRowsIdentifiedBy(rowsIdentifiedBy);
}
if (identifierEquals(IGNORE)) {
throw new ParserException("TODO");
}
if (lexer.token() == Token.SET) {
throw new ParserException("TODO");
}
return stmt;
}
Also used :
SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)
ParserException(com.alibaba.druid.sql.parser.ParserException)
SQLName(com.alibaba.druid.sql.ast.SQLName)
MySqlLoadXmlStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadXmlStatement)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
Example 8 with SQLLiteralExpr
use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.
the class WallVisitorUtils method check.
public static boolean check(WallVisitor visitor, SQLBinaryOpExpr x) {
if (x.getOperator() == SQLBinaryOperator.BooleanOr || x.getOperator() == SQLBinaryOperator.BooleanAnd) {
List<SQLExpr> groupList = SQLUtils.split(x);
for (SQLExpr item : groupList) {
item.accept(visitor);
}
return false;
}
if (x.getOperator() == SQLBinaryOperator.Add || x.getOperator() == SQLBinaryOperator.Concat) {
List<SQLExpr> groupList = SQLUtils.split(x);
if (groupList.size() >= 4) {
int chrCount = 0;
for (int i = 0; i < groupList.size(); ++i) {
SQLExpr item = groupList.get(i);
if (item instanceof SQLMethodInvokeExpr) {
SQLMethodInvokeExpr methodExpr = (SQLMethodInvokeExpr) item;
String methodName = methodExpr.getMethodName().toLowerCase();
if ("chr".equals(methodName) || "char".equals(methodName)) {
if (methodExpr.getParameters().get(0) instanceof SQLLiteralExpr) {
chrCount++;
}
}
} else if (item instanceof SQLCharExpr) {
if (((SQLCharExpr) item).getText().length() > 5) {
chrCount = 0;
continue;
}
}
if (chrCount >= 4) {
addViolation(visitor, ErrorCode.EVIL_CONCAT, "evil concat", x);
break;
}
}
}
}
return true;
}
Also used :
SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)
SQLCharExpr(com.alibaba.druid.sql.ast.expr.SQLCharExpr)
SQLMethodInvokeExpr(com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)
SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)
SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)
Aggregations
SQLLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)8
SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)5
SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)4
SQLName (com.alibaba.druid.sql.ast.SQLName)3
SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)3
SQLObject (com.alibaba.druid.sql.ast.SQLObject)2
SQLIntegerExpr (com.alibaba.druid.sql.ast.expr.SQLIntegerExpr)2
ParserException (com.alibaba.druid.sql.parser.ParserException)2
SQLCommentHint (com.alibaba.druid.sql.ast.SQLCommentHint)1
SQLBooleanExpr (com.alibaba.druid.sql.ast.expr.SQLBooleanExpr)1
SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)1
SQLNCharExpr (com.alibaba.druid.sql.ast.expr.SQLNCharExpr)1
SQLNumericLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)1
SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)1
MySqlLoadDataInFileStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadDataInFileStatement)1
MySqlLoadXmlStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadXmlStatement)1
RouteResultset (io.mycat.route.RouteResultset)1
RouteResultsetNode (io.mycat.route.RouteResultsetNode)1
LoadData (io.mycat.sqlengine.mpp.LoadData)1
