Example 1 with SQLInsertStatement
use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project Mycat-Server by MyCATApache.
the class MycatPrivileges method checkDmlPrivilege.
// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
if (schema == null) {
return true;
}
boolean isPassed = false;
MycatConfig conf = MycatServer.getInstance().getConfig();
UserConfig userConfig = conf.getUsers().get(user);
if (userConfig != null) {
UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
if (userPrivilege != null && userPrivilege.isCheck()) {
UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
if (schemaPrivilege != null) {
String tableName = null;
int index = -1;
//TODO 此处待优化,寻找更优SQL 解析器
SQLStatementParser parser = new MycatStatementParser(sql);
SQLStatement stmt = parser.parseStatement();
if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
index = 0;
} else if (stmt instanceof SQLUpdateStatement) {
index = 1;
} else if (stmt instanceof SQLSelectStatement) {
index = 2;
} else if (stmt instanceof SQLDeleteStatement) {
index = 3;
}
if (index > -1) {
SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
stmt.accept(schemaStatVisitor);
String key = schemaStatVisitor.getCurrentTable();
if (key != null) {
if (key.contains("`")) {
key = key.replaceAll("`", "");
}
int dotIndex = key.indexOf(".");
if (dotIndex > 0) {
tableName = key.substring(dotIndex + 1);
} else {
tableName = key;
}
//获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
if (tablePrivilege.getDml()[index] > 0) {
isPassed = true;
}
} else {
//skip
isPassed = true;
}
} else {
//skip
isPassed = true;
}
} else {
//skip
isPassed = true;
}
} else {
//skip
isPassed = true;
}
} else {
//skip
isPassed = true;
}
if (!isPassed) {
ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
}
return isPassed;
}
Also used :
SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser)
MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)
UserConfig(io.mycat.config.model.UserConfig)
UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)
SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement)
SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor)
MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)
Example 2 with SQLInsertStatement
use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project Mycat-Server by MyCATApache.
the class DruidMycatRouteStrategy method routeDisTable.
private RouteResultset routeDisTable(SQLStatement statement, RouteResultset rrs) throws SQLSyntaxErrorException {
SQLTableSource tableSource = null;
if (statement instanceof SQLInsertStatement) {
SQLInsertStatement insertStatement = (SQLInsertStatement) statement;
tableSource = insertStatement.getTableSource();
for (RouteResultsetNode node : rrs.getNodes()) {
SQLExprTableSource from2 = getDisTable(tableSource, node);
insertStatement.setTableSource(from2);
node.setStatement(insertStatement.toString());
}
}
if (statement instanceof SQLDeleteStatement) {
SQLDeleteStatement deleteStatement = (SQLDeleteStatement) statement;
tableSource = deleteStatement.getTableSource();
for (RouteResultsetNode node : rrs.getNodes()) {
SQLExprTableSource from2 = getDisTable(tableSource, node);
deleteStatement.setTableSource(from2);
node.setStatement(deleteStatement.toString());
}
}
if (statement instanceof SQLUpdateStatement) {
SQLUpdateStatement updateStatement = (SQLUpdateStatement) statement;
tableSource = updateStatement.getTableSource();
for (RouteResultsetNode node : rrs.getNodes()) {
SQLExprTableSource from2 = getDisTable(tableSource, node);
updateStatement.setTableSource(from2);
node.setStatement(updateStatement.toString());
}
}
return rrs;
}
Also used :
SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)
SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)
RouteResultsetNode(io.mycat.route.RouteResultsetNode)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
SQLExprTableSource(com.alibaba.druid.sql.ast.statement.SQLExprTableSource)
SQLTableSource(com.alibaba.druid.sql.ast.statement.SQLTableSource)
Example 3 with SQLInsertStatement
use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.
the class MySqlInsertTest_9 method test_0.
public void test_0() throws Exception {
String sql = "insert into sequence values('seq_wlb_order_log',268234128+10000000,now());";
MySqlStatementParser parser = new MySqlStatementParser(sql);
List<SQLStatement> statementList = parser.parseStatementList();
SQLStatement stmt = statementList.get(0);
SQLInsertStatement insertStmt = (SQLInsertStatement) stmt;
Assert.assertEquals(3, insertStmt.getValues().getValues().size());
Assert.assertEquals(0, insertStmt.getColumns().size());
Assert.assertEquals(1, statementList.size());
MySqlSchemaStatVisitor visitor = new MySqlSchemaStatVisitor();
stmt.accept(visitor);
Assert.assertEquals("INSERT INTO sequence" + "\nVALUES ('seq_wlb_order_log', 268234128 + 10000000, now())", SQLUtils.toMySqlString(insertStmt));
}
Also used :
MySqlSchemaStatVisitor(com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
Example 4 with SQLInsertStatement
use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.
the class MySqlInsertTest_1 method test_0.
public void test_0() throws Exception {
String sql = "INSERT INTO tbl_name () VALUES();";
MySqlStatementParser parser = new MySqlStatementParser(sql);
List<SQLStatement> statementList = parser.parseStatementList();
SQLStatement stmt = statementList.get(0);
SQLInsertStatement insertStmt = (SQLInsertStatement) stmt;
Assert.assertEquals(0, insertStmt.getValues().getValues().size());
Assert.assertEquals(0, insertStmt.getColumns().size());
Assert.assertEquals(1, statementList.size());
MySqlSchemaStatVisitor visitor = new MySqlSchemaStatVisitor();
stmt.accept(visitor);
Assert.assertEquals(//
"INSERT INTO tbl_name" + "\nVALUES ()", SQLUtils.toMySqlString(insertStmt));
}
Also used :
MySqlSchemaStatVisitor(com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)
SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)
Example 5 with SQLInsertStatement
use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.
the class SQLASTVisitorAdapterTest method test_adapter.
public void test_adapter() throws Exception {
SQLASTVisitorAdapter adapter = new SQLASTVisitorAdapter();
new SQLBinaryOpExpr().accept(adapter);
new SQLInListExpr().accept(adapter);
new SQLSelectQueryBlock().accept(adapter);
new SQLDropTableStatement().accept(adapter);
new SQLCreateTableStatement().accept(adapter);
new SQLDeleteStatement().accept(adapter);
new SQLCurrentOfCursorExpr().accept(adapter);
new SQLInsertStatement().accept(adapter);
new SQLUpdateStatement().accept(adapter);
new SQLNotNullConstraint().accept(adapter);
new SQLMethodInvokeExpr().accept(adapter);
new SQLCallStatement().accept(adapter);
new SQLSomeExpr().accept(adapter);
new SQLAnyExpr().accept(adapter);
new SQLAllExpr().accept(adapter);
new SQLDefaultExpr().accept(adapter);
new SQLCommentStatement().accept(adapter);
new SQLDropViewStatement().accept(adapter);
new SQLSavePointStatement().accept(adapter);
new SQLReleaseSavePointStatement().accept(adapter);
new SQLCreateDatabaseStatement().accept(adapter);
new SQLAlterTableDropIndex().accept(adapter);
new SQLOver().accept(adapter);
new SQLWithSubqueryClause().accept(adapter);
new SQLAlterTableAlterColumn().accept(adapter);
new SQLAlterTableStatement().accept(adapter);
new SQLAlterTableDisableConstraint().accept(adapter);
new SQLAlterTableEnableConstraint().accept(adapter);
new SQLColumnCheck().accept(adapter);
new SQLExprHint().accept(adapter);
new SQLAlterTableDropConstraint().accept(adapter);
}
Also used :
SQLASTVisitorAdapter(com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter)
SQLCreateTableStatement(com.alibaba.druid.sql.ast.statement.SQLCreateTableStatement)
SQLMethodInvokeExpr(com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)
SQLAlterTableDropIndex(com.alibaba.druid.sql.ast.statement.SQLAlterTableDropIndex)
SQLAlterTableStatement(com.alibaba.druid.sql.ast.statement.SQLAlterTableStatement)
SQLAllExpr(com.alibaba.druid.sql.ast.expr.SQLAllExpr)
SQLReleaseSavePointStatement(com.alibaba.druid.sql.ast.statement.SQLReleaseSavePointStatement)
SQLNotNullConstraint(com.alibaba.druid.sql.ast.statement.SQLNotNullConstraint)
SQLOver(com.alibaba.druid.sql.ast.SQLOver)
SQLDropTableStatement(com.alibaba.druid.sql.ast.statement.SQLDropTableStatement)
SQLCreateDatabaseStatement(com.alibaba.druid.sql.ast.statement.SQLCreateDatabaseStatement)
SQLDropViewStatement(com.alibaba.druid.sql.ast.statement.SQLDropViewStatement)
SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement)
SQLBinaryOpExpr(com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)
SQLAlterTableDisableConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableDisableConstraint)
SQLSavePointStatement(com.alibaba.druid.sql.ast.statement.SQLSavePointStatement)
SQLAlterTableDropConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableDropConstraint)
SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)
SQLCallStatement(com.alibaba.druid.sql.ast.statement.SQLCallStatement)
SQLSomeExpr(com.alibaba.druid.sql.ast.expr.SQLSomeExpr)
SQLInListExpr(com.alibaba.druid.sql.ast.expr.SQLInListExpr)
SQLExprHint(com.alibaba.druid.sql.ast.statement.SQLExprHint)
SQLWithSubqueryClause(com.alibaba.druid.sql.ast.statement.SQLWithSubqueryClause)
SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)
SQLCurrentOfCursorExpr(com.alibaba.druid.sql.ast.expr.SQLCurrentOfCursorExpr)
SQLCommentStatement(com.alibaba.druid.sql.ast.statement.SQLCommentStatement)
SQLColumnCheck(com.alibaba.druid.sql.ast.statement.SQLColumnCheck)
SQLAnyExpr(com.alibaba.druid.sql.ast.expr.SQLAnyExpr)
SQLAlterTableAlterColumn(com.alibaba.druid.sql.ast.statement.SQLAlterTableAlterColumn)
SQLSelectQueryBlock(com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock)
SQLDefaultExpr(com.alibaba.druid.sql.ast.expr.SQLDefaultExpr)
SQLAlterTableEnableConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableEnableConstraint)
Aggregations
SQLInsertStatement (com.alibaba.druid.sql.ast.statement.SQLInsertStatement)8
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)6
MySqlStatementParser (com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)5
MySqlSchemaStatVisitor (com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)5
SQLDeleteStatement (com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)3
SQLUpdateStatement (com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)3
SQLOver (com.alibaba.druid.sql.ast.SQLOver)1
SQLAllExpr (com.alibaba.druid.sql.ast.expr.SQLAllExpr)1
SQLAnyExpr (com.alibaba.druid.sql.ast.expr.SQLAnyExpr)1
SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)1
SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)1
SQLCurrentOfCursorExpr (com.alibaba.druid.sql.ast.expr.SQLCurrentOfCursorExpr)1
SQLDefaultExpr (com.alibaba.druid.sql.ast.expr.SQLDefaultExpr)1
SQLInListExpr (com.alibaba.druid.sql.ast.expr.SQLInListExpr)1
SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)1
SQLSomeExpr (com.alibaba.druid.sql.ast.expr.SQLSomeExpr)1
SQLAlterTableAlterColumn (com.alibaba.druid.sql.ast.statement.SQLAlterTableAlterColumn)1
SQLAlterTableDisableConstraint (com.alibaba.druid.sql.ast.statement.SQLAlterTableDisableConstraint)1
SQLAlterTableDropConstraint (com.alibaba.druid.sql.ast.statement.SQLAlterTableDropConstraint)1
SQLAlterTableDropIndex (com.alibaba.druid.sql.ast.statement.SQLAlterTableDropIndex)1
