Search in sources :

Example 1 with MySqlSetNamesStatement

use of com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement in project druid by alibaba.

the class MySqlStatementParser method parseSet.

public SQLStatement parseSet() {
    accept(Token.SET);
    if (identifierEquals("PASSWORD")) {
        lexer.nextToken();
        MySqlSetPasswordStatement stmt = new MySqlSetPasswordStatement();
        if (lexer.token() == Token.FOR) {
            lexer.nextToken();
            stmt.setUser(this.exprParser.name());
        }
        accept(Token.EQ);
        stmt.setPassword(this.exprParser.expr());
        return stmt;
    }
    Boolean global = null;
    if (identifierEquals(GLOBAL)) {
        global = Boolean.TRUE;
        lexer.nextToken();
    } else if (identifierEquals(SESSION)) {
        global = Boolean.FALSE;
        lexer.nextToken();
    }
    if (identifierEquals("TRANSACTION")) {
        MySqlSetTransactionStatement stmt = new MySqlSetTransactionStatement();
        stmt.setGlobal(global);
        lexer.nextToken();
        if (identifierEquals("ISOLATION")) {
            lexer.nextToken();
            acceptIdentifier("LEVEL");
            if (identifierEquals(READ)) {
                lexer.nextToken();
                if (identifierEquals("UNCOMMITTED")) {
                    stmt.setIsolationLevel("READ UNCOMMITTED");
                    lexer.nextToken();
                } else if (identifierEquals(WRITE)) {
                    stmt.setIsolationLevel("READ WRITE");
                    lexer.nextToken();
                } else if (identifierEquals("ONLY")) {
                    stmt.setIsolationLevel("READ ONLY");
                    lexer.nextToken();
                } else if (identifierEquals("COMMITTED")) {
                    stmt.setIsolationLevel("READ COMMITTED");
                    lexer.nextToken();
                } else {
                    throw new ParserException("UNKOWN TRANSACTION LEVEL : " + lexer.stringVal());
                }
            } else if (identifierEquals("SERIALIZABLE")) {
                stmt.setIsolationLevel("SERIALIZABLE");
                lexer.nextToken();
            } else if (identifierEquals("REPEATABLE")) {
                lexer.nextToken();
                if (identifierEquals(READ)) {
                    stmt.setIsolationLevel("REPEATABLE READ");
                    lexer.nextToken();
                } else {
                    throw new ParserException("UNKOWN TRANSACTION LEVEL : " + lexer.stringVal());
                }
            } else {
                throw new ParserException("UNKOWN TRANSACTION LEVEL : " + lexer.stringVal());
            }
        } else if (identifierEquals(READ)) {
            lexer.nextToken();
            if (identifierEquals("ONLY")) {
                stmt.setAccessModel("ONLY");
                lexer.nextToken();
            } else if (identifierEquals("WRITE")) {
                stmt.setAccessModel("WRITE");
                lexer.nextToken();
            } else {
                throw new ParserException("UNKOWN ACCESS MODEL : " + lexer.stringVal());
            }
        }
        return stmt;
    } else if (identifierEquals("NAMES")) {
        lexer.nextToken();
        MySqlSetNamesStatement stmt = new MySqlSetNamesStatement();
        if (lexer.token() == Token.DEFAULT) {
            lexer.nextToken();
            stmt.setDefault(true);
        } else {
            String charSet = lexer.stringVal();
            stmt.setCharSet(charSet);
            lexer.nextToken();
            if (identifierEquals(COLLATE2)) {
                lexer.nextToken();
                String collate = lexer.stringVal();
                stmt.setCollate(collate);
                lexer.nextToken();
            }
        }
        return stmt;
    } else if (identifierEquals(CHARACTER)) {
        lexer.nextToken();
        accept(Token.SET);
        MySqlSetCharSetStatement stmt = new MySqlSetCharSetStatement();
        if (lexer.token() == Token.DEFAULT) {
            lexer.nextToken();
            stmt.setDefault(true);
        } else {
            String charSet = lexer.stringVal();
            stmt.setCharSet(charSet);
            lexer.nextToken();
            if (identifierEquals(COLLATE2)) {
                lexer.nextToken();
                String collate = lexer.stringVal();
                stmt.setCollate(collate);
                lexer.nextToken();
            }
        }
        return stmt;
    } else {
        SQLSetStatement stmt = new SQLSetStatement(getDbType());
        parseAssignItems(stmt.getItems(), stmt);
        if (global != null && global.booleanValue()) {
            SQLVariantRefExpr varRef = (SQLVariantRefExpr) stmt.getItems().get(0).getTarget();
            varRef.setGlobal(true);
        }
        if (lexer.token() == Token.HINT) {
            stmt.setHints(this.exprParser.parseHints());
        }
        return stmt;
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlSetTransactionStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetTransactionStatement) ParserException(com.alibaba.druid.sql.parser.ParserException) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) SQLVariantRefExpr(com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr) MySqlSetPasswordStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetPasswordStatement)

Example 2 with MySqlSetNamesStatement

use of com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement in project druid by alibaba.

the class WallVisitorUtils method check.

public static void check(WallVisitor visitor, SQLCommentHint x) {
    if (!visitor.getConfig().isHintAllow()) {
        addViolation(visitor, ErrorCode.EVIL_HINTS, "hint not allow", x);
        return;
    }
    String text = x.getText();
    text = text.trim();
    if (text.startsWith("!")) {
        text = text.substring(1);
    }
    if (text.length() == 0) {
        return;
    }
    int pos = 0;
    for (; pos < text.length(); pos++) {
        char ch = text.charAt(pos);
        if (ch >= '0' && ch <= '9') {
            continue;
        } else {
            break;
        }
    }
    if (pos == 5) {
        text = text.substring(5);
        text = text.trim();
    }
    text = text.toUpperCase();
    boolean isWhite = false;
    for (String hint : whiteHints) {
        if (text.equals(hint)) {
            isWhite = true;
            break;
        }
    }
    if (!isWhite) {
        if (text.startsWith("FORCE INDEX") || text.startsWith("IGNORE INDEX")) {
            isWhite = true;
        }
    }
    if (!isWhite) {
        if (text.startsWith("SET")) {
            SQLStatementParser parser = new MySqlStatementParser(text);
            List<SQLStatement> statementList = parser.parseStatementList();
            if (statementList != null && statementList.size() > 0) {
                SQLStatement statement = statementList.get(0);
                if (statement instanceof SQLSetStatement || statement instanceof MySqlSetCharSetStatement || statement instanceof MySqlSetNamesStatement) {
                    isWhite = true;
                }
            }
        }
    }
    if (!isWhite) {
        addViolation(visitor, ErrorCode.EVIL_HINTS, "hint not allow", x);
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) SQLStatementParser(com.alibaba.druid.sql.parser.SQLStatementParser) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)

Example 3 with MySqlSetNamesStatement

use of com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement in project druid by alibaba.

the class WallVisitorUtils method preVisitCheck.

public static void preVisitCheck(WallVisitor visitor, SQLObject x) {
    WallConfig config = visitor.getProvider().getConfig();
    if (!(x instanceof SQLStatement)) {
        return;
    }
    boolean allow = false;
    int errorCode;
    String denyMessage;
    if (x instanceof SQLInsertStatement) {
        allow = config.isInsertAllow();
        denyMessage = "insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLSelectStatement) {
        allow = true;
        denyMessage = "select not allow";
        errorCode = ErrorCode.SELECT_NOT_ALLOW;
    } else if (x instanceof SQLDeleteStatement) {
        allow = config.isDeleteAllow();
        denyMessage = "delete not allow";
        errorCode = ErrorCode.DELETE_NOT_ALLOW;
    } else if (x instanceof SQLUpdateStatement) {
        allow = config.isUpdateAllow();
        denyMessage = "update not allow";
        errorCode = ErrorCode.UPDATE_NOT_ALLOW;
    } else if (x instanceof OracleMultiInsertStatement) {
        allow = true;
        denyMessage = "multi-insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLMergeStatement) {
        allow = config.isMergeAllow();
        denyMessage = "merge not allow";
        errorCode = ErrorCode.MERGE_NOT_ALLOW;
    } else if (x instanceof SQLCallStatement || x instanceof SQLServerExecStatement) {
        allow = config.isCallAllow();
        denyMessage = "call not allow";
        errorCode = ErrorCode.CALL_NOT_ALLOW;
    } else if (x instanceof SQLTruncateStatement) {
        allow = config.isTruncateAllow();
        denyMessage = "truncate not allow";
        errorCode = ErrorCode.TRUNCATE_NOT_ALLOW;
    } else if (//
    x instanceof SQLCreateTableStatement || //
    x instanceof SQLCreateIndexStatement || //
    x instanceof SQLCreateViewStatement || //
    x instanceof SQLCreateTriggerStatement || //
    x instanceof SQLCreateSequenceStatement) {
        allow = config.isCreateTableAllow();
        denyMessage = "create table not allow";
        errorCode = ErrorCode.CREATE_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLAlterTableStatement) {
        allow = config.isAlterTableAllow();
        denyMessage = "alter table not allow";
        errorCode = ErrorCode.ALTER_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof SQLDropTableStatement || //
    x instanceof SQLDropIndexStatement || //
    x instanceof SQLDropViewStatement || //
    x instanceof SQLDropTriggerStatement || //
    x instanceof SQLDropSequenceStatement || //
    x instanceof SQLDropProcedureStatement) {
        allow = config.isDropTableAllow();
        denyMessage = "drop table not allow";
        errorCode = ErrorCode.DROP_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof MySqlSetCharSetStatement || //
    x instanceof MySqlSetNamesStatement || //
    x instanceof SQLSetStatement || x instanceof SQLServerSetStatement) {
        allow = config.isSetAllow();
        denyMessage = "set not allow";
        errorCode = ErrorCode.SET_NOT_ALLOW;
    } else if (x instanceof MySqlReplaceStatement) {
        allow = config.isReplaceAllow();
        denyMessage = "replace not allow";
        errorCode = ErrorCode.REPLACE_NOT_ALLOW;
    } else if (x instanceof MySqlDescribeStatement) {
        allow = config.isDescribeAllow();
        denyMessage = "describe not allow";
        errorCode = ErrorCode.DESC_NOT_ALLOW;
    } else if (x instanceof MySqlShowStatement || x instanceof PGShowStatement || x instanceof SQLShowTablesStatement) {
        allow = config.isShowAllow();
        denyMessage = "show not allow";
        errorCode = ErrorCode.SHOW_NOT_ALLOW;
    } else if (x instanceof MySqlCommitStatement || x instanceof SQLServerCommitStatement) {
        allow = config.isCommitAllow();
        denyMessage = "commit not allow";
        errorCode = ErrorCode.COMMIT_NOT_ALLOW;
    } else if (x instanceof SQLRollbackStatement) {
        allow = config.isRollbackAllow();
        denyMessage = "rollback not allow";
        errorCode = ErrorCode.ROLLBACK_NOT_ALLOW;
    } else if (x instanceof SQLUseStatement) {
        allow = config.isUseAllow();
        denyMessage = "use not allow";
        errorCode = ErrorCode.USE_NOT_ALLOW;
    } else if (x instanceof MySqlRenameTableStatement) {
        allow = config.isRenameTableAllow();
        denyMessage = "rename table not allow";
        errorCode = ErrorCode.RENAME_TABLE_NOT_ALLOW;
    } else if (x instanceof MySqlHintStatement) {
        allow = config.isHintAllow();
        denyMessage = "hint not allow";
        errorCode = ErrorCode.HINT_NOT_ALLOW;
    } else if (x instanceof MySqlLockTableStatement) {
        allow = config.isLockTableAllow();
        denyMessage = "lock table not allow";
        errorCode = ErrorCode.LOCK_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLStartTransactionStatement) {
        allow = config.isStartTransactionAllow();
        denyMessage = "start transaction not allow";
        errorCode = ErrorCode.START_TRANSACTION_NOT_ALLOW;
    } else if (x instanceof SQLBlockStatement) {
        allow = config.isBlockAllow();
        denyMessage = "block statement not allow";
        errorCode = ErrorCode.BLOCK_NOT_ALLOW;
    } else {
        allow = config.isNoneBaseStatementAllow();
        errorCode = ErrorCode.NONE_BASE_STATEMENT_NOT_ALLOW;
        denyMessage = x.getClass() + " not allow";
    }
    if (!allow) {
        addViolation(visitor, errorCode, denyMessage, x);
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlDescribeStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDescribeStatement) PGShowStatement(com.alibaba.druid.sql.dialect.postgresql.ast.stmt.PGShowStatement) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlShowStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlShowStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLServerCommitStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerCommitStatement) SQLStartTransactionStatement(com.alibaba.druid.sql.ast.statement.SQLStartTransactionStatement) MySqlRenameTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlRenameTableStatement) SQLServerExecStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement) OracleMultiInsertStatement(com.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleMultiInsertStatement) MySqlLockTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLockTableStatement) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) MySqlHintStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlHintStatement) WallConfig(com.alibaba.druid.wall.WallConfig) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint) SQLServerSetStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerSetStatement) MySqlCommitStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCommitStatement)

Example 4 with MySqlSetNamesStatement

use of com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement in project druid by alibaba.

the class DALParserTest method test_setNames_1.

public void test_setNames_1() throws Exception {
    String sql = "SET NAMEs 'utf8' collatE \"latin1_danish_ci\" ";
    MySqlStatementParser parser = new MySqlStatementParser(sql);
    MySqlSetNamesStatement set = (MySqlSetNamesStatement) parser.parseStatementList().get(0);
    parser.match(Token.EOF);
    String output = SQLUtils.toMySqlString(set);
    Assert.assertEquals("SET NAMES utf8 COLLATE latin1_danish_ci", output);
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)

Example 5 with MySqlSetNamesStatement

use of com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement in project druid by alibaba.

the class DALParserTest method test_setNames.

public void test_setNames() throws Exception {
    String sql = "SET names default ";
    MySqlStatementParser parser = new MySqlStatementParser(sql);
    MySqlSetNamesStatement set = (MySqlSetNamesStatement) parser.parseStatementList().get(0);
    parser.match(Token.EOF);
    String output = SQLUtils.toMySqlString(set);
    Assert.assertEquals("SET NAMES DEFAULT", output);
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlStatementParser(com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)

Aggregations

MySqlSetNamesStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement)7 MySqlSetCharSetStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement)4 MySqlStatementParser (com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser)4 SQLCommentHint (com.alibaba.druid.sql.ast.SQLCommentHint)2 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)2 SQLStartTransactionStatement (com.alibaba.druid.sql.ast.statement.SQLStartTransactionStatement)2 MySqlLockTableStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLockTableStatement)2 MySqlRenameTableStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlRenameTableStatement)2 MySqlReplaceStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)2 SQLLimit (com.alibaba.druid.sql.ast.SQLLimit)1 SQLBinaryExpr (com.alibaba.druid.sql.ast.expr.SQLBinaryExpr)1 SQLBooleanExpr (com.alibaba.druid.sql.ast.expr.SQLBooleanExpr)1 SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)1 MySqlForceIndexHint (com.alibaba.druid.sql.dialect.mysql.ast.MySqlForceIndexHint)1 MySqlIgnoreIndexHint (com.alibaba.druid.sql.dialect.mysql.ast.MySqlIgnoreIndexHint)1 MySqlKey (com.alibaba.druid.sql.dialect.mysql.ast.MySqlKey)1 MySqlPrimaryKey (com.alibaba.druid.sql.dialect.mysql.ast.MySqlPrimaryKey)1 MySqlUnique (com.alibaba.druid.sql.dialect.mysql.ast.MySqlUnique)1 MySqlUseIndexHint (com.alibaba.druid.sql.dialect.mysql.ast.MySqlUseIndexHint)1 MySqlCharExpr (com.alibaba.druid.sql.dialect.mysql.ast.expr.MySqlCharExpr)1