Search in sources :

Example 1 with SQLServerExecStatement

use of com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement in project druid by alibaba.

the class WallVisitorUtils method preVisitCheck.

public static void preVisitCheck(WallVisitor visitor, SQLObject x) {
    WallConfig config = visitor.getProvider().getConfig();
    if (!(x instanceof SQLStatement)) {
        return;
    }
    boolean allow = false;
    int errorCode;
    String denyMessage;
    if (x instanceof SQLInsertStatement) {
        allow = config.isInsertAllow();
        denyMessage = "insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLSelectStatement) {
        allow = true;
        denyMessage = "select not allow";
        errorCode = ErrorCode.SELECT_NOT_ALLOW;
    } else if (x instanceof SQLDeleteStatement) {
        allow = config.isDeleteAllow();
        denyMessage = "delete not allow";
        errorCode = ErrorCode.DELETE_NOT_ALLOW;
    } else if (x instanceof SQLUpdateStatement) {
        allow = config.isUpdateAllow();
        denyMessage = "update not allow";
        errorCode = ErrorCode.UPDATE_NOT_ALLOW;
    } else if (x instanceof OracleMultiInsertStatement) {
        allow = true;
        denyMessage = "multi-insert not allow";
        errorCode = ErrorCode.INSERT_NOT_ALLOW;
    } else if (x instanceof SQLMergeStatement) {
        allow = config.isMergeAllow();
        denyMessage = "merge not allow";
        errorCode = ErrorCode.MERGE_NOT_ALLOW;
    } else if (x instanceof SQLCallStatement || x instanceof SQLServerExecStatement) {
        allow = config.isCallAllow();
        denyMessage = "call not allow";
        errorCode = ErrorCode.CALL_NOT_ALLOW;
    } else if (x instanceof SQLTruncateStatement) {
        allow = config.isTruncateAllow();
        denyMessage = "truncate not allow";
        errorCode = ErrorCode.TRUNCATE_NOT_ALLOW;
    } else if (//
    x instanceof SQLCreateTableStatement || //
    x instanceof SQLCreateIndexStatement || //
    x instanceof SQLCreateViewStatement || //
    x instanceof SQLCreateTriggerStatement || //
    x instanceof SQLCreateSequenceStatement) {
        allow = config.isCreateTableAllow();
        denyMessage = "create table not allow";
        errorCode = ErrorCode.CREATE_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLAlterTableStatement) {
        allow = config.isAlterTableAllow();
        denyMessage = "alter table not allow";
        errorCode = ErrorCode.ALTER_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof SQLDropTableStatement || //
    x instanceof SQLDropIndexStatement || //
    x instanceof SQLDropViewStatement || //
    x instanceof SQLDropTriggerStatement || //
    x instanceof SQLDropSequenceStatement || //
    x instanceof SQLDropProcedureStatement) {
        allow = config.isDropTableAllow();
        denyMessage = "drop table not allow";
        errorCode = ErrorCode.DROP_TABLE_NOT_ALLOW;
    } else if (//
    x instanceof MySqlSetCharSetStatement || //
    x instanceof MySqlSetNamesStatement || //
    x instanceof SQLSetStatement || x instanceof SQLServerSetStatement) {
        allow = config.isSetAllow();
        denyMessage = "set not allow";
        errorCode = ErrorCode.SET_NOT_ALLOW;
    } else if (x instanceof MySqlReplaceStatement) {
        allow = config.isReplaceAllow();
        denyMessage = "replace not allow";
        errorCode = ErrorCode.REPLACE_NOT_ALLOW;
    } else if (x instanceof MySqlDescribeStatement) {
        allow = config.isDescribeAllow();
        denyMessage = "describe not allow";
        errorCode = ErrorCode.DESC_NOT_ALLOW;
    } else if (x instanceof MySqlShowStatement || x instanceof PGShowStatement || x instanceof SQLShowTablesStatement) {
        allow = config.isShowAllow();
        denyMessage = "show not allow";
        errorCode = ErrorCode.SHOW_NOT_ALLOW;
    } else if (x instanceof MySqlCommitStatement || x instanceof SQLServerCommitStatement) {
        allow = config.isCommitAllow();
        denyMessage = "commit not allow";
        errorCode = ErrorCode.COMMIT_NOT_ALLOW;
    } else if (x instanceof SQLRollbackStatement) {
        allow = config.isRollbackAllow();
        denyMessage = "rollback not allow";
        errorCode = ErrorCode.ROLLBACK_NOT_ALLOW;
    } else if (x instanceof SQLUseStatement) {
        allow = config.isUseAllow();
        denyMessage = "use not allow";
        errorCode = ErrorCode.USE_NOT_ALLOW;
    } else if (x instanceof MySqlRenameTableStatement) {
        allow = config.isRenameTableAllow();
        denyMessage = "rename table not allow";
        errorCode = ErrorCode.RENAME_TABLE_NOT_ALLOW;
    } else if (x instanceof MySqlHintStatement) {
        allow = config.isHintAllow();
        denyMessage = "hint not allow";
        errorCode = ErrorCode.HINT_NOT_ALLOW;
    } else if (x instanceof MySqlLockTableStatement) {
        allow = config.isLockTableAllow();
        denyMessage = "lock table not allow";
        errorCode = ErrorCode.LOCK_TABLE_NOT_ALLOW;
    } else if (x instanceof SQLStartTransactionStatement) {
        allow = config.isStartTransactionAllow();
        denyMessage = "start transaction not allow";
        errorCode = ErrorCode.START_TRANSACTION_NOT_ALLOW;
    } else if (x instanceof SQLBlockStatement) {
        allow = config.isBlockAllow();
        denyMessage = "block statement not allow";
        errorCode = ErrorCode.BLOCK_NOT_ALLOW;
    } else {
        allow = config.isNoneBaseStatementAllow();
        errorCode = ErrorCode.NONE_BASE_STATEMENT_NOT_ALLOW;
        denyMessage = x.getClass() + " not allow";
    }
    if (!allow) {
        addViolation(visitor, errorCode, denyMessage, x);
    }
}
Also used : MySqlSetNamesStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement) MySqlDescribeStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDescribeStatement) PGShowStatement(com.alibaba.druid.sql.dialect.postgresql.ast.stmt.PGShowStatement) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement) MySqlShowStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlShowStatement) MySqlReplaceStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement) SQLServerCommitStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerCommitStatement) SQLStartTransactionStatement(com.alibaba.druid.sql.ast.statement.SQLStartTransactionStatement) MySqlRenameTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlRenameTableStatement) SQLServerExecStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement) OracleMultiInsertStatement(com.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleMultiInsertStatement) MySqlLockTableStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLockTableStatement) MySqlSetCharSetStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement) MySqlHintStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlHintStatement) WallConfig(com.alibaba.druid.wall.WallConfig) SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint) SQLServerSetStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerSetStatement) MySqlCommitStatement(com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCommitStatement)

Example 2 with SQLServerExecStatement

use of com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement in project druid by alibaba.

the class SQLServerStatementParser method parseStatementListDialect.

public boolean parseStatementListDialect(List<SQLStatement> statementList) {
    if (lexer.token() == Token.WITH) {
        SQLStatement stmt = parseSelect();
        statementList.add(stmt);
        return true;
    }
    if (identifierEquals("EXEC") || identifierEquals("EXECUTE")) {
        lexer.nextToken();
        SQLServerExecStatement execStmt = new SQLServerExecStatement();
        if (lexer.token() == Token.LPAREN) {
            lexer.nextToken();
            this.parseExecParameter(execStmt.getParameters(), execStmt);
            accept(Token.RPAREN);
        } else {
            SQLName sqlNameName = this.exprParser.name();
            if (lexer.token() == Token.EQ) {
                lexer.nextToken();
                execStmt.setReturnStatus(sqlNameName);
                execStmt.setModuleName(this.exprParser.name());
            } else {
                execStmt.setModuleName(sqlNameName);
            }
            this.parseExecParameter(execStmt.getParameters(), execStmt);
        }
        statementList.add(execStmt);
        return true;
    }
    if (lexer.token() == Token.DECLARE) {
        statementList.add(this.parseDeclare());
        return true;
    }
    if (lexer.token() == Token.IF) {
        statementList.add(this.parseIf());
        return true;
    }
    if (lexer.token() == Token.BEGIN) {
        statementList.add(this.parseBlock());
        return true;
    }
    if (lexer.token() == Token.COMMIT) {
        statementList.add(this.parseCommit());
        return true;
    }
    if (identifierEquals("WAITFOR")) {
        statementList.add(this.parseWaitFor());
        return true;
    }
    return false;
}
Also used : SQLServerExecStatement(com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement) SQLName(com.alibaba.druid.sql.ast.SQLName) SQLStatement(com.alibaba.druid.sql.ast.SQLStatement)

Aggregations

SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)2 SQLServerExecStatement (com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerExecStatement)2 SQLCommentHint (com.alibaba.druid.sql.ast.SQLCommentHint)1 SQLName (com.alibaba.druid.sql.ast.SQLName)1 SQLStartTransactionStatement (com.alibaba.druid.sql.ast.statement.SQLStartTransactionStatement)1 MySqlCommitStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlCommitStatement)1 MySqlDescribeStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDescribeStatement)1 MySqlHintStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlHintStatement)1 MySqlLockTableStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlLockTableStatement)1 MySqlRenameTableStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlRenameTableStatement)1 MySqlReplaceStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlReplaceStatement)1 MySqlSetCharSetStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetCharSetStatement)1 MySqlSetNamesStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlSetNamesStatement)1 MySqlShowStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlShowStatement)1 OracleMultiInsertStatement (com.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleMultiInsertStatement)1 PGShowStatement (com.alibaba.druid.sql.dialect.postgresql.ast.stmt.PGShowStatement)1 SQLServerCommitStatement (com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerCommitStatement)1 SQLServerSetStatement (com.alibaba.druid.sql.dialect.sqlserver.ast.stmt.SQLServerSetStatement)1 WallConfig (com.alibaba.druid.wall.WallConfig)1