Examples with SQLServerWallProvider com.alibaba.druid.wall.spi.SQLServerWallProvider used on opensource projects

Example 11 with SQLServerWallProvider

use of com.alibaba.druid.wall.spi.SQLServerWallProvider in project druid by alibaba.

the class SQLServerWallTest_12 method test_true.

public void test_true() throws Exception {
    WallProvider provider = new SQLServerWallProvider();
    provider.getConfig().setCommentAllow(true);
    String sql = "EXEC master..xp_msver";
    Assert.assertTrue(provider.checkValid(sql));
}

Example 12 with SQLServerWallProvider

use of com.alibaba.druid.wall.spi.SQLServerWallProvider in project druid by alibaba.

the class SQLServerWallTest_6 method test_true.

public void test_true() throws Exception {
    WallProvider provider = new SQLServerWallProvider();
    provider.getConfig().setSelectHavingAlwayTrueCheck(true);
    Assert.assertFalse(// 
    provider.checkValid("update t set fid = 1 where LEN(HOST_NAME()) > 0"));
    Assert.assertEquals(1, provider.getTableStats().size());
    Assert.assertTrue(provider.getTableStats().containsKey("t"));
}

Example 13 with SQLServerWallProvider

use of com.alibaba.druid.wall.spi.SQLServerWallProvider in project druid by alibaba.

the class SQLServerWallTest_11 method test_true.

public void test_true() throws Exception {
    WallProvider provider = new SQLServerWallProvider();
    provider.getConfig().setCommentAllow(true);
    String sql = // 
    "SELECT KL_ArticleContent,KL_ArticleTitle " + // 
    "FROM dbo.KL_Article " + // 
    "WHERE KL_ArticleId =-4731 " + // 
    "UNION ALL " + "SELECT (SELECT TOP 1 CHAR(58)+CHAR(108)+CHAR(107)+CHAR(103)+CHAR(58)+ISNULL(CAST(name AS NVARCHAR(4000)),CHAR(32))+CHAR(58)+CHAR(109)+CHAR(122)+CHAR(104)+CHAR(58) FROM sys.sql_logins WHERE ISNULL(name,CHAR(32)) NOT IN (SELECT TOP 0 ISNULL(name,CHAR(32)) FROM sys.sql_logins ORDER BY 1) ORDER BY 1),NULL-- ";
    Assert.assertFalse(provider.checkValid(sql));
}

Example 14 with SQLServerWallProvider

use of com.alibaba.druid.wall.spi.SQLServerWallProvider in project druid by alibaba.

the class WallCommentTest method testsqlserver.

public void testsqlserver() throws Exception {
    String sql = "SELECT F1, F2 FROM ABC --test";
    SQLServerWallProvider provider = new SQLServerWallProvider();
    Assert.assertFalse(provider.checkValid(sql));
    Assert.assertEquals(1, provider.getCommentDenyStat().getDenyCount());
}

Example 15 with SQLServerWallProvider

use of com.alibaba.druid.wall.spi.SQLServerWallProvider in project druid by alibaba.

the class WallPerformanceTest_1 method evaluate.

public Long evaluate(String sql, String dbType, Long num) {
    if (sql == null || dbType == null) {
        return new Long(-1);
    }
    try {
        WallProvider provider = null;
        if ("mssql".equalsIgnoreCase(dbType)) {
            provider = new SQLServerWallProvider();
        } else if ("mysql".equalsIgnoreCase(dbType)) {
            provider = new MySqlWallProvider();
        } else {
            return new Long(-1);
        }
        provider.getConfig().setStrictSyntaxCheck(false);
        provider.getConfig().setMultiStatementAllow(true);
        provider.getConfig().setConditionAndAlwayTrueAllow(true);
        provider.getConfig().setConditionAndAlwayFalseAllow(true);
        provider.getConfig().setNoneBaseStatementAllow(true);
        provider.getConfig().setLimitZeroAllow(true);
        provider.getConfig().setConditionDoubleConstAllow(true);
        provider.getConfig().setCommentAllow(true);
        // provider.getConfig().setSelectUnionCheck(false);
        // add by yanhui.liyh
        provider.setBlackListEnable(false);
        provider.setWhiteListEnable(false);
        long time = System.nanoTime();
        for (int i = 0; i < num; i++) {
            provider.checkValid(sql);
        }
        return (System.nanoTime() - time) / num / 1000;
    } catch (Exception e) {
        return new Long(-1);
    }
}