Examples with MySqlWallProvider com.alibaba.druid.wall.spi.MySqlWallProvider used on opensource projects

Search in sources :

Example 11 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest128 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setCommentAllow(false);
    String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";
    Assert.assertFalse(provider.checkValid(sql));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 12 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest131 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setCommentAllow(true);
    Assert.assertFalse(provider.checkValid("select * from t where id = 1 /*!30000union all select 2*/"));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 13 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest135 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    Assert.assertFalse(provider.checkValid("SELECT * FROM Users WHERE id = '1' AND MID(VERSION(),1,1) = '5';"));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 14 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest139 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    String sql = // 
    "select count(1) as total " + // 
    " from (" + // 
    "    select '' buyer_nick from dual " + // 
    "    where 1=0  " + // 
    "    union " + // 
    "    select distinct buyer_nick " + // 
    "    from sys_info.orders " + // 
    "    where 1=1  and receiver_district in ('平谷区')" + // 
    ") a " + // 
    "inner join (" + // 
    "    select buyer_nick from (" + // 
    "        select distinct buyer_nick " + // 
    "        from sys_info.orders " + // 
    "        where 1=1  and created > '2013-07-28' " + // 
    "    ) recent_days " + // 
    "inner join (" + // 
    "    select distinct buyer_nick " + // 
    "    from sys_info.orders " + // 
    "    where 1=1  and seller_nick in ('创维官方旗舰店') " + // 
    "    ) seller_nick using(buyer_nick) " + ") b using(buyer_nick)";
    Assert.assertTrue(provider.checkValid(sql));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 15 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest140 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    String sql = // 
    "SELECT name, '******' password, createTime from user " + // 
    "where name like 'admin%' " + "    AND 8600=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(100)+CHAR(114)+CHAR(113)+(SELECT (CASE WHEN (8600=8600) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(97)+CHAR(113))) AND '%'=''";
    Assert.assertFalse(provider.checkValid(sql));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Aggregations

MySqlWallProvider (com.alibaba.druid.wall.spi.MySqlWallProvider)191 WallProvider (com.alibaba.druid.wall.WallProvider)166 WallCheckResult (com.alibaba.druid.wall.WallCheckResult)21 WallTableStat (com.alibaba.druid.wall.WallTableStat)17 SQLServerWallProvider (com.alibaba.druid.wall.spi.SQLServerWallProvider)12 OracleWallProvider (com.alibaba.druid.wall.spi.OracleWallProvider)10 PGWallProvider (com.alibaba.druid.wall.spi.PGWallProvider)10 Violation (com.alibaba.druid.wall.Violation)3 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)2 SchemaStatVisitor (com.alibaba.druid.sql.visitor.SchemaStatVisitor)2 WallConfig (com.alibaba.druid.wall.WallConfig)2 File (java.io.File)2 URL (java.net.URL)2 WallFunctionStat (com.alibaba.druid.wall.WallFunctionStat)1 WallProviderStatValue (com.alibaba.druid.wall.WallProviderStatValue)1 WallSqlStat (com.alibaba.druid.wall.WallSqlStat)1 Map (java.util.Map)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial