Examples with MySqlWallProvider com.alibaba.druid.wall.spi.MySqlWallProvider used on opensource projects

Search in sources :

Example 41 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest_comment method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setCommentAllow(false);
    assertTrue(provider.checkValid("/* this is comment */ SELECT id FROM t "));
    assertTrue(provider.checkValid("-- this is comment \n SELECT * FROM t"));
    assertTrue(provider.checkValid("#this is comment \n SELECT * FROM t"));
    assertTrue(provider.checkValid("/*!40101fff*/ select * from t"));
    assertFalse(provider.checkValid("select * from t/*!40101fff*/"));
    assertTrue(provider.checkValid("SELECT * FROM t where a=1 #this is comment \n and b=1"));
    assertTrue(provider.checkValid("SELECT * FROM t where a=1 -- this is comment \n and c=1"));
    assertTrue(provider.checkValid("SELECT * FROM t where a=1 /* this is comment */ and d=1"));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 #and c=1 \n and e=1"));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 -- AND c=1 \n and f=1"));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 /* and c=1 */ and g=1"));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 #and c=1 "));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 -- and c=1"));
    assertFalse(provider.checkValid("SELECT * FROM t where a=1 /* and c=1 */"));
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 42 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest_ifnull_2 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    Assert.assertFalse(// 
    provider.checkValid("SELECT * FROM T WHERE FID = ? OR IFNULL(CAST(CURRENT_USER() AS CHAR))"));
    Assert.assertEquals(1, provider.getTableStats().size());
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 43 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlWallTest_ifnull_1 method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    Assert.assertFalse(// 
    provider.checkValid("SELECT * FROM T WHERE FID = ? OR ISNULL(1) = 0"));
    Assert.assertEquals(1, provider.getTableStats().size());
}
Also used : WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider)

Example 44 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlResourceWallTest method test_lock_table.

@Test
public void test_lock_table() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setNoneBaseStatementAllow(true);
    String sql = "lock tables etstsun write";
    WallCheckResult result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock tables etstsun LOW_PRIORITY write";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "UNLOCK TABLES";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock table dsdfsdf read";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
    sql = "lock table dsdfsdf read local";
    result = provider.check(sql);
    if (result.getViolations().size() > 0) {
        Violation violation = result.getViolations().get(0);
        System.out.println("error () : " + violation.getMessage());
    }
    Assert.assertTrue(provider.checkValid(sql));
}
Also used : Violation(com.alibaba.druid.wall.Violation) WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) WallCheckResult(com.alibaba.druid.wall.WallCheckResult) Test(org.junit.Test)

Example 45 with MySqlWallProvider

use of com.alibaba.druid.wall.spi.MySqlWallProvider in project druid by alibaba.

the class MySqlResourceWallTest method test_false.

public void test_false() throws Exception {
    WallProvider provider = new MySqlWallProvider();
    provider.getConfig().setConditionDoubleConstAllow(true);
    provider.getConfig().setUseAllow(true);
    provider.getConfig().setStrictSyntaxCheck(false);
    provider.getConfig().setMultiStatementAllow(true);
    provider.getConfig().setConditionAndAlwayTrueAllow(true);
    provider.getConfig().setNoneBaseStatementAllow(true);
    provider.getConfig().setSelectUnionCheck(false);
    provider.getConfig().setSchemaCheck(true);
    provider.getConfig().setLimitZeroAllow(true);
    provider.getConfig().setCommentAllow(true);
    for (int i = 0; i < items.length; ++i) {
        String sql = items[i];
        if (sql.indexOf("''=''") != -1) {
            continue;
        }
        // if (i <= 121) {
        // continue;
        // }
        WallCheckResult result = provider.check(sql);
        if (result.getViolations().size() > 0) {
            Violation violation = result.getViolations().get(0);
            System.out.println("error (" + i + ") : " + violation.getMessage());
            System.out.println(sql);
            break;
        }
    }
    System.out.println(provider.getViolationCount());
// String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";
// Assert.assertFalse(provider.checkValid(sql));
}
Also used : Violation(com.alibaba.druid.wall.Violation) WallProvider(com.alibaba.druid.wall.WallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) MySqlWallProvider(com.alibaba.druid.wall.spi.MySqlWallProvider) WallCheckResult(com.alibaba.druid.wall.WallCheckResult)

Aggregations

MySqlWallProvider (com.alibaba.druid.wall.spi.MySqlWallProvider)191 WallProvider (com.alibaba.druid.wall.WallProvider)166 WallCheckResult (com.alibaba.druid.wall.WallCheckResult)21 WallTableStat (com.alibaba.druid.wall.WallTableStat)17 SQLServerWallProvider (com.alibaba.druid.wall.spi.SQLServerWallProvider)12 OracleWallProvider (com.alibaba.druid.wall.spi.OracleWallProvider)10 PGWallProvider (com.alibaba.druid.wall.spi.PGWallProvider)10 Violation (com.alibaba.druid.wall.Violation)3 SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)2 SchemaStatVisitor (com.alibaba.druid.sql.visitor.SchemaStatVisitor)2 WallConfig (com.alibaba.druid.wall.WallConfig)2 File (java.io.File)2 URL (java.net.URL)2 WallFunctionStat (com.alibaba.druid.wall.WallFunctionStat)1 WallProviderStatValue (com.alibaba.druid.wall.WallProviderStatValue)1 WallSqlStat (com.alibaba.druid.wall.WallSqlStat)1 Map (java.util.Map)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial