Example 1 with WallCheckResult
use of com.alibaba.druid.wall.WallCheckResult in project Mycat_plus by coderczp.
the class MycatPrivileges method checkFirewallSQLPolicy.
/**
* @see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
*/
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {
boolean isPassed = true;
if (contextLocal.get() == null) {
FirewallConfig firewallConfig = MycatServer.getInstance().getConfig().getFirewall();
if (firewallConfig != null) {
if (firewallConfig.isCheck()) {
contextLocal.set(firewallConfig.getProvider());
check = true;
}
}
}
if (check) {
WallCheckResult result = contextLocal.get().check(sql);
if (!result.getViolations().isEmpty()) {
isPassed = false;
ALARM.warn("Firewall to intercept the '" + user + "' unsafe SQL , errMsg:" + result.getViolations().get(0).getMessage() + " \r\n " + sql);
}
}
return isPassed;
}
Also used :
FirewallConfig(io.mycat.config.model.FirewallConfig)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Example 2 with WallCheckResult
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class PGWallTest method testDoublePrecision.
@Test
public void testDoublePrecision() throws Exception {
WallProvider provider = new PGWallProvider(new WallConfig(PGWallProvider.DEFAULT_CONFIG_DIR));
String sql = "CREATE TABLE test_pg_wall (col_int INT NOT NULL, col_double_x DOUBLE PRECISION NOT NULL DEFAULT 0, col_varchar VARCHAR(200) NULL)";
WallCheckResult result = provider.check(sql);
Assert.assertTrue(result.getViolations().size() == 0);
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
PGWallProvider(com.alibaba.druid.wall.spi.PGWallProvider)
PGWallProvider(com.alibaba.druid.wall.spi.PGWallProvider)
WallConfig(com.alibaba.druid.wall.WallConfig)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Test(org.junit.Test)
Example 3 with WallCheckResult
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class MySqlResourceWallTest method test_lock_table.
@Test
public void test_lock_table() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setNoneBaseStatementAllow(true);
String sql = "lock tables etstsun write";
WallCheckResult result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error () : " + violation.getMessage());
}
Assert.assertTrue(provider.checkValid(sql));
sql = "lock tables etstsun LOW_PRIORITY write";
result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error () : " + violation.getMessage());
}
Assert.assertTrue(provider.checkValid(sql));
sql = "UNLOCK TABLES";
result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error () : " + violation.getMessage());
}
Assert.assertTrue(provider.checkValid(sql));
sql = "lock table dsdfsdf read";
result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error () : " + violation.getMessage());
}
Assert.assertTrue(provider.checkValid(sql));
sql = "lock table dsdfsdf read local";
result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error () : " + violation.getMessage());
}
Assert.assertTrue(provider.checkValid(sql));
}
Also used :
Violation(com.alibaba.druid.wall.Violation)
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Test(org.junit.Test)
Example 4 with WallCheckResult
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class MySqlResourceWallTest method test_false.
public void test_false() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setConditionDoubleConstAllow(true);
provider.getConfig().setUseAllow(true);
provider.getConfig().setStrictSyntaxCheck(false);
provider.getConfig().setMultiStatementAllow(true);
provider.getConfig().setConditionAndAlwayTrueAllow(true);
provider.getConfig().setNoneBaseStatementAllow(true);
provider.getConfig().setSelectUnionCheck(false);
provider.getConfig().setSchemaCheck(true);
provider.getConfig().setLimitZeroAllow(true);
provider.getConfig().setCommentAllow(true);
for (int i = 0; i < items.length; ++i) {
String sql = items[i];
if (sql.indexOf("''=''") != -1) {
continue;
}
// if (i <= 121) {
// continue;
// }
WallCheckResult result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.out.println("error (" + i + ") : " + violation.getMessage());
System.out.println(sql);
break;
}
}
System.out.println(provider.getViolationCount());
// String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";
// Assert.assertFalse(provider.checkValid(sql));
}
Also used :
Violation(com.alibaba.druid.wall.Violation)
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Example 5 with WallCheckResult
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class ResourceTest method test_xx.
public void test_xx() throws Exception {
WallProvider provider = new MySqlWallProvider();
for (int i = 0; i < items.length; ++i) {
String sql = items[i];
WallCheckResult result = provider.check(sql);
if (result.getViolations().size() > 0) {
Violation violation = result.getViolations().get(0);
System.err.println("error (" + i + ") : " + violation.getMessage());
System.out.println(sql);
System.out.println();
// break;
}
}
System.out.println("violaionCount : " + provider.getViolationCount());
}
Also used :
Violation(com.alibaba.druid.wall.Violation)
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
WallCheckResult(com.alibaba.druid.wall.WallCheckResult)
Aggregations
WallCheckResult (com.alibaba.druid.wall.WallCheckResult)38
MySqlWallProvider (com.alibaba.druid.wall.spi.MySqlWallProvider)21
WallProvider (com.alibaba.druid.wall.WallProvider)18
Violation (com.alibaba.druid.wall.Violation)3
WallConfig (com.alibaba.druid.wall.WallConfig)3
FirewallConfig (io.mycat.config.model.FirewallConfig)2
Test (org.junit.Test)2
FirewallConfig (com.actiontech.dble.config.model.FirewallConfig)1
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1
OracleStatementParser (com.alibaba.druid.sql.dialect.oracle.parser.OracleStatementParser)1
WallUpdateCheckHandler (com.alibaba.druid.wall.WallUpdateCheckHandler)1
OracleWallProvider (com.alibaba.druid.wall.spi.OracleWallProvider)1
PGWallProvider (com.alibaba.druid.wall.spi.PGWallProvider)1
