Search in sources :

Example 1 with SQLInsertStatement

use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project Mycat-Server by MyCATApache.

the class MycatPrivileges method checkDmlPrivilege.

// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
    if (schema == null) {
        return true;
    }
    boolean isPassed = false;
    MycatConfig conf = MycatServer.getInstance().getConfig();
    UserConfig userConfig = conf.getUsers().get(user);
    if (userConfig != null) {
        UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
        if (userPrivilege != null && userPrivilege.isCheck()) {
            UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
            if (schemaPrivilege != null) {
                String tableName = null;
                int index = -1;
                //TODO 此处待优化,寻找更优SQL 解析器
                SQLStatementParser parser = new MycatStatementParser(sql);
                SQLStatement stmt = parser.parseStatement();
                if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
                    index = 0;
                } else if (stmt instanceof SQLUpdateStatement) {
                    index = 1;
                } else if (stmt instanceof SQLSelectStatement) {
                    index = 2;
                } else if (stmt instanceof SQLDeleteStatement) {
                    index = 3;
                }
                if (index > -1) {
                    SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
                    stmt.accept(schemaStatVisitor);
                    String key = schemaStatVisitor.getCurrentTable();
                    if (key != null) {
                        if (key.contains("`")) {
                            key = key.replaceAll("`", "");
                        }
                        int dotIndex = key.indexOf(".");
                        if (dotIndex > 0) {
                            tableName = key.substring(dotIndex + 1);
                        } else {
                            tableName = key;
                        }
                        //获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
                        UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
                        if (tablePrivilege.getDml()[index] > 0) {
                            isPassed = true;
                        }
                    } else {
                        //skip
                        isPassed = true;
                    }
                } else {
                    //skip
                    isPassed = true;
                }
            } else {
                //skip
                isPassed = true;
            }
        } else {
            //skip
            isPassed = true;
        }
    } else {
        //skip
        isPassed = true;
    }
    if (!isPassed) {
        ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
    }
    return isPassed;
}
Also used : SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor) SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement) UserConfig(io.mycat.config.model.UserConfig) UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)

Example 2 with SQLInsertStatement

use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project Mycat-Server by MyCATApache.

the class DruidMycatRouteStrategy method routeDisTable.

private RouteResultset routeDisTable(SQLStatement statement, RouteResultset rrs) throws SQLSyntaxErrorException {
    SQLTableSource tableSource = null;
    if (statement instanceof SQLInsertStatement) {
        SQLInsertStatement insertStatement = (SQLInsertStatement) statement;
        tableSource = insertStatement.getTableSource();
        for (RouteResultsetNode node : rrs.getNodes()) {
            SQLExprTableSource from2 = getDisTable(tableSource, node);
            insertStatement.setTableSource(from2);
            node.setStatement(insertStatement.toString());
        }
    }
    if (statement instanceof SQLDeleteStatement) {
        SQLDeleteStatement deleteStatement = (SQLDeleteStatement) statement;
        tableSource = deleteStatement.getTableSource();
        for (RouteResultsetNode node : rrs.getNodes()) {
            SQLExprTableSource from2 = getDisTable(tableSource, node);
            deleteStatement.setTableSource(from2);
            node.setStatement(deleteStatement.toString());
        }
    }
    if (statement instanceof SQLUpdateStatement) {
        SQLUpdateStatement updateStatement = (SQLUpdateStatement) statement;
        tableSource = updateStatement.getTableSource();
        for (RouteResultsetNode node : rrs.getNodes()) {
            SQLExprTableSource from2 = getDisTable(tableSource, node);
            updateStatement.setTableSource(from2);
            node.setStatement(updateStatement.toString());
        }
    }
    return rrs;
}
Also used : SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement) SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement) RouteResultsetNode(io.mycat.route.RouteResultsetNode) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) SQLExprTableSource(com.alibaba.druid.sql.ast.statement.SQLExprTableSource) SQLTableSource(com.alibaba.druid.sql.ast.statement.SQLTableSource)

Example 3 with SQLInsertStatement

use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.

the class MySqlInsertTest_9 method test_0.

public void test_0() throws Exception {
    String sql = "insert into sequence values('seq_wlb_order_log',268234128+10000000,now());";
    MySqlStatementParser parser = new MySqlStatementParser(sql);
    List<SQLStatement> statementList = parser.parseStatementList();
    SQLStatement stmt = statementList.get(0);
    SQLInsertStatement insertStmt = (SQLInsertStatement) stmt;
    Assert.assertEquals(3, insertStmt.getValues().getValues().size());
    Assert.assertEquals(0, insertStmt.getColumns().size());
    Assert.assertEquals(1, statementList.size());
    MySqlSchemaStatVisitor visitor = new MySqlSchemaStatVisitor();
    stmt.accept(visitor);
    Assert.assertEquals("INSERT INTO sequence" + "\nVALUES ('seq_wlb_order_log', 268234128 + 10000000, now())", SQLUtils.toMySqlString(insertStmt));
}
Also used : MySqlSchemaStatVisitor(com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)

Example 4 with SQLInsertStatement

use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.

the class MySqlInsertTest_1 method test_0.

public void test_0() throws Exception {
    String sql = "INSERT INTO tbl_name () VALUES();";
    MySqlStatementParser parser = new MySqlStatementParser(sql);
    List<SQLStatement> statementList = parser.parseStatementList();
    SQLStatement stmt = statementList.get(0);
    SQLInsertStatement insertStmt = (SQLInsertStatement) stmt;
    Assert.assertEquals(0, insertStmt.getValues().getValues().size());
    Assert.assertEquals(0, insertStmt.getColumns().size());
    Assert.assertEquals(1, statementList.size());
    MySqlSchemaStatVisitor visitor = new MySqlSchemaStatVisitor();
    stmt.accept(visitor);
    Assert.assertEquals(//
    "INSERT INTO tbl_name" + "\nVALUES ()", SQLUtils.toMySqlString(insertStmt));
}
Also used : MySqlSchemaStatVisitor(com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)

Example 5 with SQLInsertStatement

use of com.alibaba.druid.sql.ast.statement.SQLInsertStatement in project druid by alibaba.

the class SQLASTVisitorAdapterTest method test_adapter.

public void test_adapter() throws Exception {
    SQLASTVisitorAdapter adapter = new SQLASTVisitorAdapter();
    new SQLBinaryOpExpr().accept(adapter);
    new SQLInListExpr().accept(adapter);
    new SQLSelectQueryBlock().accept(adapter);
    new SQLDropTableStatement().accept(adapter);
    new SQLCreateTableStatement().accept(adapter);
    new SQLDeleteStatement().accept(adapter);
    new SQLCurrentOfCursorExpr().accept(adapter);
    new SQLInsertStatement().accept(adapter);
    new SQLUpdateStatement().accept(adapter);
    new SQLNotNullConstraint().accept(adapter);
    new SQLMethodInvokeExpr().accept(adapter);
    new SQLCallStatement().accept(adapter);
    new SQLSomeExpr().accept(adapter);
    new SQLAnyExpr().accept(adapter);
    new SQLAllExpr().accept(adapter);
    new SQLDefaultExpr().accept(adapter);
    new SQLCommentStatement().accept(adapter);
    new SQLDropViewStatement().accept(adapter);
    new SQLSavePointStatement().accept(adapter);
    new SQLReleaseSavePointStatement().accept(adapter);
    new SQLCreateDatabaseStatement().accept(adapter);
    new SQLAlterTableDropIndex().accept(adapter);
    new SQLOver().accept(adapter);
    new SQLWithSubqueryClause().accept(adapter);
    new SQLAlterTableAlterColumn().accept(adapter);
    new SQLAlterTableStatement().accept(adapter);
    new SQLAlterTableDisableConstraint().accept(adapter);
    new SQLAlterTableEnableConstraint().accept(adapter);
    new SQLColumnCheck().accept(adapter);
    new SQLExprHint().accept(adapter);
    new SQLAlterTableDropConstraint().accept(adapter);
}
Also used : SQLASTVisitorAdapter(com.alibaba.druid.sql.visitor.SQLASTVisitorAdapter) SQLCreateTableStatement(com.alibaba.druid.sql.ast.statement.SQLCreateTableStatement) SQLMethodInvokeExpr(com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr) SQLAlterTableDropIndex(com.alibaba.druid.sql.ast.statement.SQLAlterTableDropIndex) SQLAlterTableStatement(com.alibaba.druid.sql.ast.statement.SQLAlterTableStatement) SQLAllExpr(com.alibaba.druid.sql.ast.expr.SQLAllExpr) SQLReleaseSavePointStatement(com.alibaba.druid.sql.ast.statement.SQLReleaseSavePointStatement) SQLNotNullConstraint(com.alibaba.druid.sql.ast.statement.SQLNotNullConstraint) SQLOver(com.alibaba.druid.sql.ast.SQLOver) SQLDropTableStatement(com.alibaba.druid.sql.ast.statement.SQLDropTableStatement) SQLCreateDatabaseStatement(com.alibaba.druid.sql.ast.statement.SQLCreateDatabaseStatement) SQLDropViewStatement(com.alibaba.druid.sql.ast.statement.SQLDropViewStatement) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) SQLBinaryOpExpr(com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr) SQLAlterTableDisableConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableDisableConstraint) SQLSavePointStatement(com.alibaba.druid.sql.ast.statement.SQLSavePointStatement) SQLAlterTableDropConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableDropConstraint) SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement) SQLCallStatement(com.alibaba.druid.sql.ast.statement.SQLCallStatement) SQLSomeExpr(com.alibaba.druid.sql.ast.expr.SQLSomeExpr) SQLInListExpr(com.alibaba.druid.sql.ast.expr.SQLInListExpr) SQLExprHint(com.alibaba.druid.sql.ast.statement.SQLExprHint) SQLWithSubqueryClause(com.alibaba.druid.sql.ast.statement.SQLWithSubqueryClause) SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement) SQLCurrentOfCursorExpr(com.alibaba.druid.sql.ast.expr.SQLCurrentOfCursorExpr) SQLCommentStatement(com.alibaba.druid.sql.ast.statement.SQLCommentStatement) SQLColumnCheck(com.alibaba.druid.sql.ast.statement.SQLColumnCheck) SQLAnyExpr(com.alibaba.druid.sql.ast.expr.SQLAnyExpr) SQLAlterTableAlterColumn(com.alibaba.druid.sql.ast.statement.SQLAlterTableAlterColumn) SQLSelectQueryBlock(com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock) SQLDefaultExpr(com.alibaba.druid.sql.ast.expr.SQLDefaultExpr) SQLAlterTableEnableConstraint(com.alibaba.druid.sql.ast.statement.SQLAlterTableEnableConstraint)

Aggregations

SQLInsertStatement (com.alibaba.druid.sql.ast.statement.SQLInsertStatement)8 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)6 MySqlStatementParser (com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)5 MySqlSchemaStatVisitor (com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)5 SQLDeleteStatement (com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)3 SQLUpdateStatement (com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)3 SQLOver (com.alibaba.druid.sql.ast.SQLOver)1 SQLAllExpr (com.alibaba.druid.sql.ast.expr.SQLAllExpr)1 SQLAnyExpr (com.alibaba.druid.sql.ast.expr.SQLAnyExpr)1 SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)1 SQLCharExpr (com.alibaba.druid.sql.ast.expr.SQLCharExpr)1 SQLCurrentOfCursorExpr (com.alibaba.druid.sql.ast.expr.SQLCurrentOfCursorExpr)1 SQLDefaultExpr (com.alibaba.druid.sql.ast.expr.SQLDefaultExpr)1 SQLInListExpr (com.alibaba.druid.sql.ast.expr.SQLInListExpr)1 SQLMethodInvokeExpr (com.alibaba.druid.sql.ast.expr.SQLMethodInvokeExpr)1 SQLSomeExpr (com.alibaba.druid.sql.ast.expr.SQLSomeExpr)1 SQLAlterTableAlterColumn (com.alibaba.druid.sql.ast.statement.SQLAlterTableAlterColumn)1 SQLAlterTableDisableConstraint (com.alibaba.druid.sql.ast.statement.SQLAlterTableDisableConstraint)1 SQLAlterTableDropConstraint (com.alibaba.druid.sql.ast.statement.SQLAlterTableDropConstraint)1 SQLAlterTableDropIndex (com.alibaba.druid.sql.ast.statement.SQLAlterTableDropIndex)1