Search in sources :

Example 1 with WallCheckResult

use of com.alibaba.druid.wall.WallCheckResult in project Mycat_plus by coderczp.

the class MycatPrivileges method checkFirewallSQLPolicy.

/**
 * @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
 */
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {
    boolean isPassed = true;
    if (contextLocal.get() == null) {
        FirewallConfig firewallConfig = MycatServer.getInstance().getConfig().getFirewall();
        if (firewallConfig != null) {
            if (firewallConfig.isCheck()) {
                contextLocal.set(firewallConfig.getProvider());
                check = true;
            }
        }
    }
    if (check) {
        WallCheckResult result = contextLocal.get().check(sql);
        if (!result.getViolations().isEmpty()) {
            isPassed = false;
            ALARM.warn("Firewall to intercept the '" + user + "' unsafe SQL , errMsg:" + result.getViolations().get(0).getMessage() + " \r\n " + sql);
        }
    }
    return isPassed;
}
Also used : FirewallConfig(io.mycat.config.model.FirewallConfig) WallCheckResult(com.alibaba.druid.wall.WallCheckResult)

Example 2 with WallCheckResult

use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.

the class PGWallTest method testDoublePrecision.

@Test
public void testDoublePrecision() throws Exception {
    WallProvider provider = new PGWallProvider(new WallConfig(PGWallProvider.DEFAULT_CONFIG_DIR));
    String sql = "CREATE TABLE test_pg_wall (col_int INT NOT NULL, col_double_x DOUBLE PRECISION NOT NULL DEFAULT 0, col_varchar VARCHAR(200) NULL)";
    WallCheckResult result = provider.check(sql);
    Assert.assertTrue(result.getViolations().size() == 0);
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) PGWallProvider(com.alibaba.druid.wall.spi.PGWallProvider) PGWallProvider(com.alibaba.druid.wall.spi.PGWallProvider) WallConfig(com.alibaba.druid.wall.WallConfig) WallCheckResult(com.alibaba.druid.wall.WallCheckResult) Test(org.junit.Test)

Example 3 with WallCheckResult

use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.

the class MySqlResourceWallTest method test_lock_table.

@Test
public void test_lock_table() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setNoneBaseStatementAllow(true);
    String sql = "lock tables etstsun write";
    WallCheckResult result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock tables etstsun LOW_PRIORITY write";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "UNLOCK TABLES";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock table dsdfsdf read";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock table dsdfsdf read local";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
}
Also used : Violation(com.alibaba.druid.wall.Violation) WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) WallCheckResult(com.alibaba.druid.wall.WallCheckResult) Test(org.junit.Test)

Example 4 with WallCheckResult

use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.

the class MySqlResourceWallTest method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setConditionDoubleConstAllow(true);
    provider.getConfig().setUseAllow(true);
    provider.getConfig().setStrictSyntaxCheck(false);
    provider.getConfig().setMultiStatementAllow(true);
    provider.getConfig().setConditionAndAlwayTrueAllow(true);
    provider.getConfig().setNoneBaseStatementAllow(true);
    provider.getConfig().setSelectUnionCheck(false);
    provider.getConfig().setSchemaCheck(true);
    provider.getConfig().setLimitZeroAllow(true);
    provider.getConfig().setCommentAllow(true);
    for (int i = 0; i < items.length; ++i) {
        String sql = items[i];
        if (sql.indexOf("''=''") != -1) {
            continue;
        }
        // if (i <= 121) {
        // continue;
        // }
        WallCheckResult result = provider.check(sql);
        if (result.getViolations().size() > 0) {
            Violation violation = result.getViolations().get(0);
            System.out.println("error (" + i + ") : " + violation.getMessage());
            System.out.println(sql);
            break;
        }
    }
    System.out.println(provider.getViolationCount());
// String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";
// Assert.assertFalse(provider.checkValid(sql));
}
Also used : Violation(com.alibaba.druid.wall.Violation) WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) WallCheckResult(com.alibaba.druid.wall.WallCheckResult)

Example 5 with WallCheckResult

use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.

the class ResourceTest method test_xx.

public void test_xx() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    for (int i = 0; i < items.length; ++i) {
        String sql = items[i];
        WallCheckResult result = provider.check(sql);
        if (result.getViolations().size() > 0) {
            Violation violation = result.getViolations().get(0);
            System.err.println("error (" + i + ") : " + violation.getMessage());
            System.out.println(sql);
            System.out.println();
        // break;
        }
    }
    System.out.println("violaionCount : " + provider.getViolationCount());
}
Also used : Violation(com.alibaba.druid.wall.Violation) WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) WallCheckResult(com.alibaba.druid.wall.WallCheckResult)

Aggregations

WallCheckResult (com.alibaba.druid.wall.WallCheckResult)38 MySqlWallProvider (com.alibaba.druid.wall.spi.MySqlWallProvider)21 WallProvider (com.alibaba.druid.wall.WallProvider)18 Violation (com.alibaba.druid.wall.Violation)3 WallConfig (com.alibaba.druid.wall.WallConfig)3 FirewallConfig (io.mycat.config.model.FirewallConfig)2 Test (org.junit.Test)2 FirewallConfig (com.actiontech.dble.config.model.FirewallConfig)1 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1 OracleStatementParser (com.alibaba.druid.sql.dialect.oracle.parser.OracleStatementParser)1 WallUpdateCheckHandler (com.alibaba.druid.wall.WallUpdateCheckHandler)1 OracleWallProvider (com.alibaba.druid.wall.spi.OracleWallProvider)1 PGWallProvider (com.alibaba.druid.wall.spi.PGWallProvider)1