Examples with SQLVariantRefExpr - com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr

Example 21 with SQLVariantRefExpr

use of com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr in project druid by alibaba.

the class MySqlWallVisitor method visit.

public boolean visit(SQLPropertyExpr x) {
    if (x.getOwner() instanceof SQLVariantRefExpr) {
        SQLVariantRefExpr varExpr = (SQLVariantRefExpr) x.getOwner();
        SQLObject parent = x.getParent();
        String varName = varExpr.getName();
        if (varName.equalsIgnoreCase("@@session") || varName.equalsIgnoreCase("@@global")) {
            if (!(parent instanceof SQLSelectItem) && !(parent instanceof SQLAssignItem)) {
                violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable in condition not allow", toSQL(x)));
                return false;
            }
            if (!checkVar(x.getParent(), x.getName())) {
                boolean isTop = WallVisitorUtils.isTopNoneFromSelect(this, x);
                if (!isTop) {
                    boolean allow = true;
                    if (isDeny(varName) && (WallVisitorUtils.isWhereOrHaving(x) || WallVisitorUtils.checkSqlExpr(varExpr))) {
                        allow = false;
                    }
                    if (!allow) {
                        violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + x.getName(), toSQL(x)));
                    }
                }
            }
            return false;
        }
    }
    WallVisitorUtils.check(this, x);
    return true;
}

Also used : SQLAssignItem(com.alibaba.druid.sql.ast.statement.SQLAssignItem) SQLObject(com.alibaba.druid.sql.ast.SQLObject) SQLSelectItem(com.alibaba.druid.sql.ast.statement.SQLSelectItem) IllegalSQLObjectViolation(com.alibaba.druid.wall.violation.IllegalSQLObjectViolation) SQLVariantRefExpr(com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)

Example 22 with SQLVariantRefExpr

use of com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr in project druid by alibaba.

the class Demo3 method convert.

private String convert(String sql, List<Object> parameters) {
    SQLStatementParser parser = new MySqlStatementParser(sql);
    //
    List<SQLStatement> stmtList = parser.parseStatementList();
    SQLStatement first = (SQLStatement) stmtList.get(0);
    MyVisitor visitor = new MyVisitor();
    first.accept(visitor);
    if (visitor.getVariantList().size() > 0) {
        SQLExpr firstVar = visitor.getVariantList().get(0);
        int userId;
        if (firstVar instanceof SQLVariantRefExpr) {
            int varIndex = (Integer) firstVar.getAttribute("varIndex");
            userId = (Integer) parameters.get(varIndex);
        } else {
            userId = ((SQLNumericLiteralExpr) firstVar).getNumber().intValue();
        }
        String tableName;
        if (userId == 1) {
            tableName = "user_1";
        } else {
            tableName = "user_x";
        }
        for (SQLExprTableSource tableSource : visitor.getTableSourceList()) {
            SQLExpr expr = tableSource.getExpr();
            if (expr instanceof SQLIdentifierExpr) {
                SQLIdentifierExpr identExpr = (SQLIdentifierExpr) expr;
                String ident = identExpr.getName();
                if (ident.equals("user")) {
                    identExpr.setName(tableName);
                }
            } else if (expr instanceof SQLPropertyExpr) {
                SQLPropertyExpr proExpr = (SQLPropertyExpr) expr;
                String ident = proExpr.getName();
                if (ident.equals("user")) {
                    proExpr.setName(tableName);
                }
            }
        }
    }
    String realSql = SQLUtils.toOracleString(first);
    return realSql;
}

Also used : SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) SQLIdentifierExpr(com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr) SQLPropertyExpr(com.alibaba.druid.sql.ast.expr.SQLPropertyExpr) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr) SQLNumericLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr) SQLVariantRefExpr(com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr) SQLExprTableSource(com.alibaba.druid.sql.ast.statement.SQLExprTableSource) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)

Aggregations

SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)22 SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)11 SQLIdentifierExpr (com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr)9 SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)5 Test (org.junit.Test)5 SQLNumericLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)4 ParserException (com.alibaba.druid.sql.parser.ParserException)4 ArrayList (java.util.ArrayList)4 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)3 SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)3 SQLIntegerExpr (com.alibaba.druid.sql.ast.expr.SQLIntegerExpr)3 SQLNumberExpr (com.alibaba.druid.sql.ast.expr.SQLNumberExpr)3 SQLUnaryExpr (com.alibaba.druid.sql.ast.expr.SQLUnaryExpr)3 SQLStatementParser (com.alibaba.druid.sql.parser.SQLStatementParser)3 SQLObject (com.alibaba.druid.sql.ast.SQLObject)2 SQLBooleanExpr (com.alibaba.druid.sql.ast.expr.SQLBooleanExpr)2 SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)2 SQLPropertyExpr (com.alibaba.druid.sql.ast.expr.SQLPropertyExpr)2 SQLAssignItem (com.alibaba.druid.sql.ast.statement.SQLAssignItem)2 SQLExprTableSource (com.alibaba.druid.sql.ast.statement.SQLExprTableSource)2