use of com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr in project druid by alibaba.
the class MySqlWallVisitor method visit.
public boolean visit(SQLPropertyExpr x) {
if (x.getOwner() instanceof SQLVariantRefExpr) {
SQLVariantRefExpr varExpr = (SQLVariantRefExpr) x.getOwner();
SQLObject parent = x.getParent();
String varName = varExpr.getName();
if (varName.equalsIgnoreCase("@@session") || varName.equalsIgnoreCase("@@global")) {
if (!(parent instanceof SQLSelectItem) && !(parent instanceof SQLAssignItem)) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable in condition not allow", toSQL(x)));
return false;
}
if (!checkVar(x.getParent(), x.getName())) {
boolean isTop = WallVisitorUtils.isTopNoneFromSelect(this, x);
if (!isTop) {
boolean allow = true;
if (isDeny(varName) && (WallVisitorUtils.isWhereOrHaving(x) || WallVisitorUtils.checkSqlExpr(varExpr))) {
allow = false;
}
if (!allow) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + x.getName(), toSQL(x)));
}
}
}
return false;
}
}
WallVisitorUtils.check(this, x);
return true;
}
use of com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr in project druid by alibaba.
the class Demo3 method convert.
private String convert(String sql, List<Object> parameters) {
SQLStatementParser parser = new MySqlStatementParser(sql);
//
List<SQLStatement> stmtList = parser.parseStatementList();
SQLStatement first = (SQLStatement) stmtList.get(0);
MyVisitor visitor = new MyVisitor();
first.accept(visitor);
if (visitor.getVariantList().size() > 0) {
SQLExpr firstVar = visitor.getVariantList().get(0);
int userId;
if (firstVar instanceof SQLVariantRefExpr) {
int varIndex = (Integer) firstVar.getAttribute("varIndex");
userId = (Integer) parameters.get(varIndex);
} else {
userId = ((SQLNumericLiteralExpr) firstVar).getNumber().intValue();
}
String tableName;
if (userId == 1) {
tableName = "user_1";
} else {
tableName = "user_x";
}
for (SQLExprTableSource tableSource : visitor.getTableSourceList()) {
SQLExpr expr = tableSource.getExpr();
if (expr instanceof SQLIdentifierExpr) {
SQLIdentifierExpr identExpr = (SQLIdentifierExpr) expr;
String ident = identExpr.getName();
if (ident.equals("user")) {
identExpr.setName(tableName);
}
} else if (expr instanceof SQLPropertyExpr) {
SQLPropertyExpr proExpr = (SQLPropertyExpr) expr;
String ident = proExpr.getName();
if (ident.equals("user")) {
proExpr.setName(tableName);
}
}
}
}
String realSql = SQLUtils.toOracleString(first);
return realSql;
}
Aggregations