Search in sources :

Example 6 with SQLLiteralExpr

use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.

the class WallVisitorUtils method isSimpleConstExpr.

private static boolean isSimpleConstExpr(SQLExpr sqlExpr) {
    List<SQLExpr> parts = getParts(sqlExpr);
    if (parts.isEmpty()) {
        return false;
    }
    for (SQLExpr part : parts) {
        if (isFirst(part)) {
            Object evalValue = part.getAttribute(EVAL_VALUE);
            if (evalValue == null) {
                if (part instanceof SQLBooleanExpr) {
                    evalValue = ((SQLBooleanExpr) part).getValue();
                } else if (part instanceof SQLNumericLiteralExpr) {
                    evalValue = ((SQLNumericLiteralExpr) part).getNumber();
                } else if (part instanceof SQLCharExpr) {
                    evalValue = ((SQLCharExpr) part).getText();
                } else if (part instanceof SQLNCharExpr) {
                    evalValue = ((SQLNCharExpr) part).getText();
                }
            }
            Boolean result = SQLEvalVisitorUtils.castToBoolean(evalValue);
            if (result != null && result) {
                return true;
            }
        }
        boolean isSimpleConstExpr = false;
        if (part == sqlExpr || part instanceof SQLLiteralExpr) {
            isSimpleConstExpr = true;
        } else if (part instanceof SQLBinaryOpExpr) {
            SQLBinaryOpExpr binaryOpExpr = (SQLBinaryOpExpr) part;
            if (binaryOpExpr.getOperator() == SQLBinaryOperator.Equality || binaryOpExpr.getOperator() == SQLBinaryOperator.NotEqual || binaryOpExpr.getOperator() == SQLBinaryOperator.GreaterThan) {
                if (binaryOpExpr.getLeft() instanceof SQLIntegerExpr && binaryOpExpr.getRight() instanceof SQLIntegerExpr) {
                    isSimpleConstExpr = true;
                }
            }
        }
        if (!isSimpleConstExpr) {
            return false;
        }
    }
    return true;
}
Also used : SQLBooleanExpr(com.alibaba.druid.sql.ast.expr.SQLBooleanExpr) SQLNumericLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr) SQLCharExpr(com.alibaba.druid.sql.ast.expr.SQLCharExpr) SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr) SQLIntegerExpr(com.alibaba.druid.sql.ast.expr.SQLIntegerExpr) SQLObject(com.alibaba.druid.sql.ast.SQLObject) SQLNCharExpr(com.alibaba.druid.sql.ast.expr.SQLNCharExpr) SQLBinaryOpExpr(com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Example 7 with SQLLiteralExpr

use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.

the class MySqlStatementParser method parseLoadXml.

protected MySqlLoadXmlStatement parseLoadXml() {
    acceptIdentifier("XML");
    MySqlLoadXmlStatement stmt = new MySqlLoadXmlStatement();
    if (identifierEquals(LOW_PRIORITY)) {
        stmt.setLowPriority(true);
        lexer.nextToken();
    }
    if (identifierEquals("CONCURRENT")) {
        stmt.setConcurrent(true);
        lexer.nextToken();
    }
    if (identifierEquals(LOCAL)) {
        stmt.setLocal(true);
        lexer.nextToken();
    }
    acceptIdentifier("INFILE");
    SQLLiteralExpr fileName = (SQLLiteralExpr) exprParser.expr();
    stmt.setFileName(fileName);
    if (lexer.token() == Token.REPLACE) {
        stmt.setReplicate(true);
        lexer.nextToken();
    }
    if (identifierEquals(IGNORE)) {
        stmt.setIgnore(true);
        lexer.nextToken();
    }
    accept(Token.INTO);
    accept(Token.TABLE);
    SQLName tableName = exprParser.name();
    stmt.setTableName(tableName);
    if (identifierEquals(CHARACTER)) {
        lexer.nextToken();
        accept(Token.SET);
        if (lexer.token() != Token.LITERAL_CHARS) {
            throw new ParserException("syntax error, illegal charset");
        }
        String charset = lexer.stringVal();
        lexer.nextToken();
        stmt.setCharset(charset);
    }
    if (identifierEquals("ROWS")) {
        lexer.nextToken();
        accept(Token.IDENTIFIED);
        accept(Token.BY);
        SQLExpr rowsIdentifiedBy = exprParser.expr();
        stmt.setRowsIdentifiedBy(rowsIdentifiedBy);
    }
    if (identifierEquals(IGNORE)) {
        throw new ParserException("TODO");
    }
    if (lexer.token() == Token.SET) {
        throw new ParserException("TODO");
    }
    return stmt;
}
Also used : SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr) ParserException(com.alibaba.druid.sql.parser.ParserException) SQLName(com.alibaba.druid.sql.ast.SQLName) MySqlLoadXmlStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadXmlStatement) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Example 8 with SQLLiteralExpr

use of com.alibaba.druid.sql.ast.expr.SQLLiteralExpr in project druid by alibaba.

the class WallVisitorUtils method check.

public static boolean check(WallVisitor visitor, SQLBinaryOpExpr x) {
    if (x.getOperator() == SQLBinaryOperator.BooleanOr || x.getOperator() == SQLBinaryOperator.BooleanAnd) {
        List<SQLExpr> groupList = SQLUtils.split(x);
        for (SQLExpr item : groupList) {
            item.accept(visitor);
        }
        return false;
    }
    if (x.getOperator() == SQLBinaryOperator.Add || x.getOperator() == SQLBinaryOperator.Concat) {
        List<SQLExpr> groupList = SQLUtils.split(x);
        if (groupList.size() >= 4) {
            int chrCount = 0;
            for (int i = 0; i < groupList.size(); ++i) {
                SQLExpr item = groupList.get(i);
                if (item instanceof SQLMethodInvokeExpr) {
                    SQLMethodInvokeExpr methodExpr = (SQLMethodInvokeExpr) item;
                    String methodName = methodExpr.getMethodName().toLowerCase();
                    if ("chr".equals(methodName) || "char".equals(methodName)) {
                        if (methodExpr.getParameters().get(0) instanceof SQLLiteralExpr) {
                            chrCount++;
                        }
                    }
                } else if (item instanceof SQLCharExpr) {
                    if (((SQLCharExpr) item).getText().length() > 5) {
                        chrCount = 0;
                        continue;
                    }
                }
                if (chrCount >= 4) {
                    addViolation(visitor, ErrorCode.EVIL_CONCAT, "evil concat", x);
                    break;
                }
            }
        }
    }
    return true;
}
Also used : SQLLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLLiteralExpr) SQLCharExpr(com.alibaba.druid.sql.ast.expr.SQLCharExpr) SQLMethodInvokeExpr(com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)

Aggregations

SQLLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLLiteralExpr)8 SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)5 SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)4 SQLName (com.alibaba.druid.sql.ast.SQLName)3 SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)3 SQLObject (com.alibaba.druid.sql.ast.SQLObject)2 SQLIntegerExpr (com.alibaba.druid.sql.ast.expr.SQLIntegerExpr)2 ParserException (com.alibaba.druid.sql.parser.ParserException)2 SQLCommentHint (com.alibaba.druid.sql.ast.SQLCommentHint)1 SQLBooleanExpr (com.alibaba.druid.sql.ast.expr.SQLBooleanExpr)1 SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)1 SQLNCharExpr (com.alibaba.druid.sql.ast.expr.SQLNCharExpr)1 SQLNumericLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)1 SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)1 MySqlLoadDataInFileStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadDataInFileStatement)1 MySqlLoadXmlStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLoadXmlStatement)1 RouteResultset (io.mycat.route.RouteResultset)1 RouteResultsetNode (io.mycat.route.RouteResultsetNode)1 LoadData (io.mycat.sqlengine.mpp.LoadData)1