Search in sources :

Example 1 with SQLShowTablesStatement

use of com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement in project druid by alibaba.

the class OdpsStatementParser method parseShow.

public SQLStatement parseShow() {
    accept(Token.SHOW);
    if (identifierEquals("PARTITIONS")) {
        lexer.nextToken();
        OdpsShowPartitionsStmt stmt = new OdpsShowPartitionsStmt();
        SQLExpr expr = this.exprParser.expr();
        stmt.setTableSource(new SQLExprTableSource(expr));
        return stmt;
    }
    if (identifierEquals("STATISTIC")) {
        lexer.nextToken();
        OdpsShowStatisticStmt stmt = new OdpsShowStatisticStmt();
        SQLExpr expr = this.exprParser.expr();
        stmt.setTableSource(new SQLExprTableSource(expr));
        return stmt;
    }
    if (identifierEquals("TABLES")) {
        lexer.nextToken();
        SQLShowTablesStatement stmt = new SQLShowTablesStatement();
        if (lexer.token() == Token.FROM) {
            lexer.nextToken();
            stmt.setDatabase(this.exprParser.name());
        }
        if (lexer.token() == Token.LIKE) {
            lexer.nextToken();
            stmt.setLike(this.exprParser.expr());
        }
        return stmt;
    }
    if (identifierEquals("GRANTS")) {
        lexer.nextToken();
        OdpsShowGrantsStmt stmt = new OdpsShowGrantsStmt();
        if (lexer.token() == Token.FOR) {
            lexer.nextToken();
            stmt.setUser(this.exprParser.expr());
        }
        if (lexer.token() == Token.ON) {
            lexer.nextToken();
            acceptIdentifier("type");
            stmt.setObjectType(this.exprParser.expr());
        }
        return stmt;
    }
    throw new ParserException("TODO " + lexer.token() + " " + lexer.stringVal());
}
Also used : ParserException(com.alibaba.druid.sql.parser.ParserException) OdpsShowStatisticStmt(com.alibaba.druid.sql.dialect.odps.ast.OdpsShowStatisticStmt) SQLShowTablesStatement(com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement) SQLExprTableSource(com.alibaba.druid.sql.ast.statement.SQLExprTableSource) OdpsShowGrantsStmt(com.alibaba.druid.sql.dialect.odps.ast.OdpsShowGrantsStmt) OdpsShowPartitionsStmt(com.alibaba.druid.sql.dialect.odps.ast.OdpsShowPartitionsStmt) SQLExpr(com.alibaba.druid.sql.ast.SQLExpr)

Example 2 with SQLShowTablesStatement

use of com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement in project Mycat-Server by MyCATApache.

the class MycatPrivileges method checkFirewallSQLPolicy.

/**
	 * @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
	 */
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {
    boolean isPassed = true;
    if (contextLocal.get() == null) {
        FirewallConfig firewallConfig = MycatServer.getInstance().getConfig().getFirewall();
        if (firewallConfig != null) {
            if (firewallConfig.isCheck()) {
                contextLocal.set(firewallConfig.getProvider());
                check = true;
            }
        }
    }
    if (check) {
        WallCheckResult result = contextLocal.get().check(sql);
        // 修复 druid 防火墙在处理SHOW FULL TABLES WHERE Table_type != 'VIEW' 的时候存在的 BUG
        List<SQLStatement> stmts = result.getStatementList();
        if (!stmts.isEmpty() && !(stmts.get(0) instanceof SQLShowTablesStatement)) {
            if (!result.getViolations().isEmpty()) {
                isPassed = false;
                ALARM.warn("Firewall to intercept the '" + user + "' unsafe SQL , errMsg:" + result.getViolations().get(0).getMessage() + " \r\n " + sql);
            }
        }
    }
    return isPassed;
}
Also used : SQLShowTablesStatement(com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement) FirewallConfig(io.mycat.config.model.FirewallConfig) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) WallCheckResult(com.alibaba.druid.wall.WallCheckResult)

Aggregations

SQLShowTablesStatement (com.alibaba.druid.sql.ast.statement.SQLShowTablesStatement)2 SQLExpr (com.alibaba.druid.sql.ast.SQLExpr)1 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1 SQLExprTableSource (com.alibaba.druid.sql.ast.statement.SQLExprTableSource)1 OdpsShowGrantsStmt (com.alibaba.druid.sql.dialect.odps.ast.OdpsShowGrantsStmt)1 OdpsShowPartitionsStmt (com.alibaba.druid.sql.dialect.odps.ast.OdpsShowPartitionsStmt)1 OdpsShowStatisticStmt (com.alibaba.druid.sql.dialect.odps.ast.OdpsShowStatisticStmt)1 ParserException (com.alibaba.druid.sql.parser.ParserException)1 WallCheckResult (com.alibaba.druid.wall.WallCheckResult)1 FirewallConfig (io.mycat.config.model.FirewallConfig)1