use of com.alibaba.druid.wall.WallCheckResult in project dble by actiontech.
the class ServerPrivileges method checkFirewallSQLPolicy.
/**
* @see <a href="https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter">wallfilter config guide</a>
*/
@Override
public boolean checkFirewallSQLPolicy(String user, String sql) {
if (isManagerUser(user)) {
// manager User will ignore firewall blacklist
return true;
}
boolean isPassed = true;
FirewallConfig firewallConfig = DbleServer.getInstance().getConfig().getFirewall();
if (firewallConfig != null && firewallConfig.isBlackListCheck()) {
WallCheckResult result = firewallConfig.getProvider().check(sql);
if (!result.getViolations().isEmpty()) {
isPassed = false;
ALARM.warn("Firewall to intercept the '" + user + "' unsafe SQL , errMsg:" + result.getViolations().get(0).getMessage() + " \r\n " + sql);
}
}
return isPassed;
}
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class Issue1759 method test_0.
public void test_0() throws Exception {
String sql = "COMMENT ON COLUMN \"TB_CRM_MATERIAL\".\"INVALID_TIME\" IS '生效时间'";
OracleStatementParser parser = new OracleStatementParser(sql);
// 分号之后多语句忽略
SQLStatement statement = parser.parseStatement();
OracleWallProvider provider = new OracleWallProvider();
WallCheckResult result1 = provider.check(sql);
assertTrue(result1.getViolations().size() == 0);
}
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class TenantInsertTest method testMySql5.
public void testMySql5() throws Exception {
String insert_sql = "INSERT INTO orders (ID, NAME) SELECT ID, NAME FROM temp WHERE age = 18";
String expect_sql = //
"INSERT INTO orders (ID, NAME, tenant)" + //
"\nSELECT ID, NAME, 123" + //
"\nFROM temp" + "\nWHERE age = 18";
{
MySqlWallProvider provider = new MySqlWallProvider(config_callback);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
{
WallProvider.setTenantValue(123);
MySqlWallProvider provider = new MySqlWallProvider(config);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
}
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class TenantInsertTest method testMySql3.
public void testMySql3() throws Exception {
String insert_sql = "INSERT INTO orders (ID, NAME) VALUES (1, \"KIKI\")";
String expect_sql = "INSERT INTO orders (ID, NAME, tenant)\n" + "VALUES (1, 'KIKI', 123)";
{
MySqlWallProvider provider = new MySqlWallProvider(config_callback);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
{
WallProvider.setTenantValue(123);
MySqlWallProvider provider = new MySqlWallProvider(config);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
}
use of com.alibaba.druid.wall.WallCheckResult in project druid by alibaba.
the class TenantInsertTest method testMySql4.
public void testMySql4() throws Exception {
String insert_sql = "INSERT INTO orders (ID, NAME) VALUES (1, \"KIKI\"), (1, \"CICI\")";
String expect_sql = "INSERT INTO orders (ID, NAME, tenant)\n" + "VALUES (1, 'KIKI', 123),\n" + "\t(1, 'CICI', 123)";
{
MySqlWallProvider provider = new MySqlWallProvider(config_callback);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
{
WallProvider.setTenantValue(123);
MySqlWallProvider provider = new MySqlWallProvider(config);
WallCheckResult checkResult = provider.check(insert_sql);
Assert.assertEquals(0, checkResult.getViolations().size());
String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
Assert.assertEquals(expect_sql, resultSql);
}
}
Aggregations