Example 51 with MySqlWallProvider
use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.
the class MySqlWallTest47 method test_true.
public void test_true() throws Exception {
WallProvider provider = new MySqlWallProvider();
Assert.assertTrue(//
provider.checkValid(//
"update Fans," + //
" (select 361659 as ToID, 5 as Score " + //
" union all select 382885 as ToID, 2 as Score" + //
" union all select 407537 as ToID, 6 as Score) temp " + //
"set Fans.score = Fans.score+temp.Score " + "where Fans.FansID = 382885 and Fans.UserID = temp.ToID"));
Assert.assertEquals(1, provider.getTableStats().size());
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
Example 52 with MySqlWallProvider
use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.
the class MySqlWallTest118 method test_false.
public void test_false() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setCommentAllow(false);
String sql = "select * from t where id = ? or SPACE(6) = ' '";
Assert.assertFalse(provider.checkValid(sql));
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
Example 53 with MySqlWallProvider
use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.
the class MySqlWallTest125 method test_false.
public void test_false() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setCommentAllow(false);
String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND 5963=CONVERT(INT,(CHAR(58)+CHAR(108)+CHAR(105)+CHAR(112)+CHAR(58)+(SELECT (CASE WHEN (5963=5963) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(117)+CHAR(107)+CHAR(114)+CHAR(58))) AND 'bSho' LIKE 'bSho'";
Assert.assertFalse(provider.checkValid(sql));
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
Example 54 with MySqlWallProvider
use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.
the class MySqlWallTest74 method test_false.
public void test_false() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setCommentAllow(true);
Assert.assertTrue(//
provider.checkValid(//
"select _t0.`ownUser` as _c0, _t0.`showTime` as _c1, _t0.`showType` as _c2, " + //
" _t0.`itemId` as _c3, _t0.`queueId` as _c4 " + //
"from `itemshow_queue` as _t0 " + //
"where ( _t0.`isShowed` = 'F' and _t0.`showTime` <= ? ) " + //
" and _t0.`ownUser` in ( " + //
" select _t0.`userId` as _c0 from `users_top` as _t0 " + //
" where ( 1 = 1 ) " + //
" ) " + //
"order by _t0.`showTime` asc " + "limit 1000 offset 8000"));
Assert.assertEquals(2, provider.getTableStats().size());
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
Example 55 with MySqlWallProvider
use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.
the class MySqlWallTest75 method test_false.
public void test_false() throws Exception {
WallProvider provider = new MySqlWallProvider();
provider.getConfig().setCommentAllow(true);
Assert.assertFalse(//
provider.checkValid(//
"UPDATE friends_a SET requests='-^B}q^A(X \\0\\0\\0176403924cdatetime\\ndatetime\\nq^BU\\n^G--\\Z^K:5^Hw.-Rq^CX \\0\\0\\0942515122h^BU\\n^G--^X^G^^$\\n^NӅRq^DX \\0\\0\\0760857294h^BU\\n^G-- ^F8+ ---Rq^EX \\0\\0\\0207000491h^BU\\n^G--^X^E^_^L^F-$-Rq^FX \\0\\0\\0281067699h^BU\\n^G--^B^O^C-^A<13>Rq^GX \\0\\0\\0941678014h^BU\\n^G--^\\^W^N^W^F-$-Rq^HX \\0\\0\\0840070155h^BU\\n^G--^\\^L\\n6^D*ʅRq X \\0\\0\\0468440035h^BU\\n^G--^V^W*^N^Bp^K-Rq\\nU 169240315h^BU\\n^G--^W^U^W1^D-m-Rq^KX \\0\\0\\0199411251h^BU\\n^G--^V^W%^^^A---Rq^LU 210660648h^BU\\n^G--^\\^W^Y-^F\\Zd-Rq\\rU 262672217h^BU\\n^G--\\Z^V2:^O^U--Rq^NX \\0\\0\\0952838443h^BU\\n^G--^\\^W!7\\r-{-Rq^OX \\0\\0\\0263642777h^BU\\n^G--^B^U/^D^G-̅Rq^PX \\0\\0\\0286685152h^BU\\n^G--^W^T3,^Ggs-Rq^QU 290976173h^BU\\n^G--^\\^V)^X^D---Rq^RX \\0\\0\\0825427842h^BU\\n^G--\\Z^V;^Q^N- -Rq^SX \\0\\0\\0399352674h^BU\\n^G--^\\^V-0^KC\\0-Rq^TX \\0\\0\\0429293778h^BU\\n^G--^Y^U ^]^C-��Rq^UX \\0\\0\\0796702973h^BU\\n^G--^Y^S^U#^F\\\\^W-Rq^Vu.'" + //
",friends='-^B}q^A(X \\0\\0\\0288854421cdatetime\\ndatetime\\nq^BU\\n^G--^[^N38^L6---q^CX \\0\\0\\0307943786h^BU\\n^G--^F^V7 ^D---Rq^DX \\0\\0\\0290783072NX \\0\\0\\0498070760NX \\0\\0\\0457575155NX \\0\\0\\0304215892h^BU\\n^G--^F^W^L+^L---Rq^EX \\0\\0\\0300254457h^BU\\n^G--^F^G$)^A---Rq^FX \\0\\0\\0252042226h^BU\\n^G-- ^R8\\r ----q^GX \\0\\0\\0697110711NX \\0\\0\\0809118053h^BU\\n^G-- ^L^H^O\\0ɲ-Rq^HX \\0\\0\\0293303495h^BU\\n^G-- ^T!.^B/ʅRq X \\0\\0\\0302651538h^BU\\n^G--^G^P)^C^Fn---q\\nU 888879887h^BU\\n^G--^H^W.*^G---Rq^KX \\0\\0\\0240865621h^BU\\n^G--^G\\n2;\\n---Rq^LU 300728616h^BU\\n^G--^A^L^N8\\0\\'" + "--Rq\\rX \\0\\0\\0856456443NX \\0\\0\\0302371154h^BU\\n^G--^A^Q^R^^\\0---Rq^NX \\0\\0\\0696458616h^BU\\n^G--^G\\n98\\n---Rq^OU 297082613NX \\0\\0\\0811281930h^BU\\n^G--\\n^Q^P^X^L^OɅRq^PU 300986758h^BU\\n^G--^F^F\\r3^G-$-Rq^QU 276325435h^BU\\n^G--^B^P^P^T^E^N8-Rq^RX \\0\\0\\0299082034h^BU\\n^G--^H^W^_^Q^D<--Rq^SX \\0\\0\\0171238051h^BU\\n^G--\\n\\r)^S^Dܢ-Rq^TX \\0\\0\\0780724792h^BU\\n^G--\\n^N+ ^F*>-Rq^UX \\0\\0\\0893552392h^BU\\n^G--\\n^N^_-^K^L--Rq^VX \\0\\0\\0590290136h^BU\\n^G-- \\r^Y0\\r --Rq^WX \\0\\0\\0302913387h^BU\\n^G--^C^K#,\\0^X9-Rq^XX \\0\\0\\0252736446NX \\0\\0\\0302360033h^BU\\n^G--^C^O^A^^^H-[-Rq^YU 276564368h^BU\\n^G--\\n\\r:+^K-q-Rq\\ZX \\0\\0\\0296693715h^BU\\n^G-- ^G^[/^A-F-Rq^[X \\0\\0\\0223225019h^BU\\n^G-- ^S^X^C\\07\\Z-Rq^\\X \\0\\0\\0232453764h^BU\\n^G--^_\\r3^V\\0---Rq^]U 297276051h^BU\\n^G--^C^K/4^K-Rq^^X \\0\\0\\0184978889NX \\0\\0\\0813351784h^BU\\n^G--^H^H%^X^E&^S-Rq^_X \\0\\0\\03028705"));
Assert.assertEquals(0, provider.getTableStats().size());
}
Also used :
WallProvider(com.alibaba.druid.wall.WallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)
Aggregations
MySqlWallProvider (com.alibaba.druid.wall.spi.MySqlWallProvider)179
WallProvider (com.alibaba.druid.wall.WallProvider)157
WallCheckResult (com.alibaba.druid.wall.WallCheckResult)17
WallTableStat (com.alibaba.druid.wall.WallTableStat)17
SQLServerWallProvider (com.alibaba.druid.wall.spi.SQLServerWallProvider)12
OracleWallProvider (com.alibaba.druid.wall.spi.OracleWallProvider)10
PGWallProvider (com.alibaba.druid.wall.spi.PGWallProvider)10
Violation (com.alibaba.druid.wall.Violation)2
WallConfig (com.alibaba.druid.wall.WallConfig)2
WallFunctionStat (com.alibaba.druid.wall.WallFunctionStat)1
WallProviderStatValue (com.alibaba.druid.wall.WallProviderStatValue)1
WallSqlStat (com.alibaba.druid.wall.WallSqlStat)1
DB2WallProvider (com.alibaba.druid.wall.spi.DB2WallProvider)1
Map (java.util.Map)1
