Search in sources :

Example 1 with SQLSelectStatement

use of com.alibaba.druid.sql.ast.statement.SQLSelectStatement in project Mycat-Server by MyCATApache.

the class ShareRowOutPutDataHandler method route.

public void route(SystemConfig sysConfig, SchemaConfig schema, int sqlType, String realSQL, String charset, ServerConnection sc, LayerCachePool cachePool) {
    int rs = ServerParse.parse(realSQL);
    this.sqltype = rs & 0xff;
    this.sysConfig = sysConfig;
    this.schema = schema;
    this.charset = charset;
    this.sc = sc;
    this.cachePool = cachePool;
    try {
        //  RouteStrategy routes=RouteStrategyFactory.getRouteStrategy();	
        // rrs =RouteStrategyFactory.getRouteStrategy().route(sysConfig, schema, sqlType2, realSQL,charset, sc, cachePool);		   
        MySqlStatementParser parser = new MySqlStatementParser(realSQL);
        SQLStatement statement = parser.parseStatement();
        if (statement instanceof SQLSelectStatement) {
            SQLSelectStatement st = (SQLSelectStatement) statement;
            SQLSelectQuery sqlSelectQuery = st.getSelect().getQuery();
            if (sqlSelectQuery instanceof MySqlSelectQueryBlock) {
                MySqlSelectQueryBlock mysqlSelectQuery = (MySqlSelectQueryBlock) st.getSelect().getQuery();
                joinParser = new JoinParser(mysqlSelectQuery, realSQL);
                joinParser.parser();
            }
        }
    /*	
		   if (routes instanceof DruidMysqlRouteStrategy) {
			   SQLSelectStatement st=((DruidMysqlRouteStrategy) routes).getSQLStatement();
			   SQLSelectQuery sqlSelectQuery =st.getSelect().getQuery();
				if(sqlSelectQuery instanceof MySqlSelectQueryBlock) {
					MySqlSelectQueryBlock mysqlSelectQuery = (MySqlSelectQueryBlock)st.getSelect().getQuery();
					joinParser=new JoinParser(mysqlSelectQuery,realSQL);
					joinParser.parser();
				}
		   }
		   */
    } catch (Exception e) {
    }
}
Also used : SQLSelectQuery(com.alibaba.druid.sql.ast.statement.SQLSelectQuery) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlSelectQueryBlock(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock)

Example 2 with SQLSelectStatement

use of com.alibaba.druid.sql.ast.statement.SQLSelectStatement in project Mycat-Server by MyCATApache.

the class MycatPrivileges method checkDmlPrivilege.

// 审计SQL权限
@Override
public boolean checkDmlPrivilege(String user, String schema, String sql) {
    if (schema == null) {
        return true;
    }
    boolean isPassed = false;
    MycatConfig conf = MycatServer.getInstance().getConfig();
    UserConfig userConfig = conf.getUsers().get(user);
    if (userConfig != null) {
        UserPrivilegesConfig userPrivilege = userConfig.getPrivilegesConfig();
        if (userPrivilege != null && userPrivilege.isCheck()) {
            UserPrivilegesConfig.SchemaPrivilege schemaPrivilege = userPrivilege.getSchemaPrivilege(schema);
            if (schemaPrivilege != null) {
                String tableName = null;
                int index = -1;
                //TODO 此处待优化,寻找更优SQL 解析器
                SQLStatementParser parser = new MycatStatementParser(sql);
                SQLStatement stmt = parser.parseStatement();
                if (stmt instanceof MySqlReplaceStatement || stmt instanceof SQLInsertStatement) {
                    index = 0;
                } else if (stmt instanceof SQLUpdateStatement) {
                    index = 1;
                } else if (stmt instanceof SQLSelectStatement) {
                    index = 2;
                } else if (stmt instanceof SQLDeleteStatement) {
                    index = 3;
                }
                if (index > -1) {
                    SchemaStatVisitor schemaStatVisitor = new MycatSchemaStatVisitor();
                    stmt.accept(schemaStatVisitor);
                    String key = schemaStatVisitor.getCurrentTable();
                    if (key != null) {
                        if (key.contains("`")) {
                            key = key.replaceAll("`", "");
                        }
                        int dotIndex = key.indexOf(".");
                        if (dotIndex > 0) {
                            tableName = key.substring(dotIndex + 1);
                        } else {
                            tableName = key;
                        }
                        //获取table 权限, 此处不需要检测空值, 无设置则自动继承父级权限
                        UserPrivilegesConfig.TablePrivilege tablePrivilege = schemaPrivilege.getTablePrivilege(tableName);
                        if (tablePrivilege.getDml()[index] > 0) {
                            isPassed = true;
                        }
                    } else {
                        //skip
                        isPassed = true;
                    }
                } else {
                    //skip
                    isPassed = true;
                }
            } else {
                //skip
                isPassed = true;
            }
        } else {
            //skip
            isPassed = true;
        }
    } else {
        //skip
        isPassed = true;
    }
    if (!isPassed) {
        ALARM.error(new StringBuilder().append(Alarms.DML_ATTACK).append("[sql=").append(sql).append(",user=").append(user).append(']').toString());
    }
    return isPassed;
}
Also used : SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) MycatStatementParser(io.mycat.route.parser.druid.MycatStatementParser) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor) SQLUpdateStatement(com.alibaba.druid.sql.ast.statement.SQLUpdateStatement) UserConfig(io.mycat.config.model.UserConfig) UserPrivilegesConfig(io.mycat.config.model.UserPrivilegesConfig) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLDeleteStatement(com.alibaba.druid.sql.ast.statement.SQLDeleteStatement) SQLInsertStatement(com.alibaba.druid.sql.ast.statement.SQLInsertStatement) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) SchemaStatVisitor(com.alibaba.druid.sql.visitor.SchemaStatVisitor) MycatSchemaStatVisitor(io.mycat.route.parser.druid.MycatSchemaStatVisitor)

Example 3 with SQLSelectStatement

use of com.alibaba.druid.sql.ast.statement.SQLSelectStatement in project Mycat-Server by MyCATApache.

the class DruidSelectParser method isConditionAlwaysTrue.

private boolean isConditionAlwaysTrue(SQLStatement statement) {
    SQLSelectStatement selectStmt = (SQLSelectStatement) statement;
    SQLSelectQuery sqlSelectQuery = selectStmt.getSelect().getQuery();
    if (sqlSelectQuery instanceof MySqlSelectQueryBlock) {
        MySqlSelectQueryBlock mysqlSelectQuery = (MySqlSelectQueryBlock) selectStmt.getSelect().getQuery();
        SQLExpr expr = mysqlSelectQuery.getWhere();
        Object o = WallVisitorUtils.getValue(expr);
        if (Boolean.TRUE.equals(o)) {
            return true;
        }
        return false;
    } else {
        //union
        return false;
    }
}
Also used : SQLSelectQuery(com.alibaba.druid.sql.ast.statement.SQLSelectQuery) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) MySqlSelectQueryBlock(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Example 4 with SQLSelectStatement

use of com.alibaba.druid.sql.ast.statement.SQLSelectStatement in project druid by alibaba.

the class MySqlMockExecuteHandlerImpl method executeQuery.

@Override
public ResultSet executeQuery(MockStatementBase statement, String sql) throws SQLException {
    SQLStatementParser parser = new MySqlStatementParser(sql);
    //
    List<SQLStatement> stmtList = parser.parseStatementList();
    if (stmtList.size() > 1) {
        throw new SQLException("not support multi-statment. " + sql);
    }
    if (stmtList.size() == 0) {
        throw new SQLException("executeQueryError : " + sql);
    }
    SQLStatement stmt = stmtList.get(0);
    if (stmt instanceof CobarShowStatus) {
        return showStatus(statement);
    }
    if (!(stmt instanceof SQLSelectStatement)) {
        throw new SQLException("executeQueryError : " + sql);
    }
    SQLSelect select = ((SQLSelectStatement) stmt).getSelect();
    SQLSelectQuery query = select.getQuery();
    if (query instanceof SQLSelectQueryBlock) {
        return executeQuery(statement, (SQLSelectQueryBlock) query);
    }
    throw new SQLException("TODO");
}
Also used : SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) SQLException(java.sql.SQLException) SQLSelect(com.alibaba.druid.sql.ast.statement.SQLSelect) CobarShowStatus(com.alibaba.druid.sql.dialect.mysql.ast.statement.CobarShowStatus) SQLSelectQuery(com.alibaba.druid.sql.ast.statement.SQLSelectQuery) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) SQLSelectQueryBlock(com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)

Example 5 with SQLSelectStatement

use of com.alibaba.druid.sql.ast.statement.SQLSelectStatement in project druid by alibaba.

the class PagerUtils method getLimit.

/**
     * 
     * @param sql
     * @param dbType
     * @return if not exists limit, return -1;
     */
public static int getLimit(String sql, String dbType) {
    List<SQLStatement> stmtList = SQLUtils.parseStatements(sql, dbType);
    if (stmtList.size() != 1) {
        return -1;
    }
    SQLStatement stmt = stmtList.get(0);
    if (stmt instanceof SQLSelectStatement) {
        SQLSelectStatement selectStmt = (SQLSelectStatement) stmt;
        SQLSelectQuery query = selectStmt.getSelect().getQuery();
        if (query instanceof SQLSelectQueryBlock) {
            if (query instanceof MySqlSelectQueryBlock) {
                SQLLimit limit = ((MySqlSelectQueryBlock) query).getLimit();
                if (limit == null) {
                    return -1;
                }
                SQLExpr rowCountExpr = limit.getRowCount();
                if (rowCountExpr instanceof SQLNumericLiteralExpr) {
                    int rowCount = ((SQLNumericLiteralExpr) rowCountExpr).getNumber().intValue();
                    return rowCount;
                }
                return Integer.MAX_VALUE;
            }
            if (query instanceof OdpsSelectQueryBlock) {
                SQLLimit limit = ((OdpsSelectQueryBlock) query).getLimit();
                SQLExpr rowCountExpr = limit != null ? limit.getRowCount() : null;
                if (rowCountExpr instanceof SQLNumericLiteralExpr) {
                    int rowCount = ((SQLNumericLiteralExpr) rowCountExpr).getNumber().intValue();
                    return rowCount;
                }
                return Integer.MAX_VALUE;
            }
            return -1;
        }
    }
    return -1;
}
Also used : SQLNumericLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr) SQLLimit(com.alibaba.druid.sql.ast.SQLLimit) SQLSelectQuery(com.alibaba.druid.sql.ast.statement.SQLSelectQuery) SQLSelectStatement(com.alibaba.druid.sql.ast.statement.SQLSelectStatement) SQLSelectQueryBlock(com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock) OdpsSelectQueryBlock(com.alibaba.druid.sql.dialect.odps.ast.OdpsSelectQueryBlock) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlSelectQueryBlock(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Aggregations

SQLSelectStatement (com.alibaba.druid.sql.ast.statement.SQLSelectStatement)78 OracleStatementParser (com.alibaba.druid.sql.dialect.oracle.parser.OracleStatementParser)39 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)25 MySqlSelectQueryBlock (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock)23 SQLSelect (com.alibaba.druid.sql.ast.statement.SQLSelect)21 MySqlStatementParser (com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)17 MySqlSchemaStatVisitor (com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor)15 SQLSelectQuery (com.alibaba.druid.sql.ast.statement.SQLSelectQuery)14 SQLSelectQueryBlock (com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock)10 SQLServerStatementParser (com.alibaba.druid.sql.dialect.sqlserver.parser.SQLServerStatementParser)6 SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)4 SQLBinaryOpExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryOpExpr)4 SQLStatementParser (com.alibaba.druid.sql.parser.SQLStatementParser)4 SQLServerSelectQueryBlock (com.alibaba.druid.sql.dialect.sqlserver.ast.SQLServerSelectQueryBlock)3 SQLDeleteStatement (com.alibaba.druid.sql.ast.statement.SQLDeleteStatement)2 SQLSelectItem (com.alibaba.druid.sql.ast.statement.SQLSelectItem)2 SQLSubqueryTableSource (com.alibaba.druid.sql.ast.statement.SQLSubqueryTableSource)2 SQLTableSource (com.alibaba.druid.sql.ast.statement.SQLTableSource)2 SQLUpdateStatement (com.alibaba.druid.sql.ast.statement.SQLUpdateStatement)2 Limit (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSelectQueryBlock.Limit)2