use of com.alibaba.druid.wall.spi.WallVisitorUtils.WallTopStatementContext in project druid by alibaba.
the class SQLServerWallVisitor method visit.
public boolean visit(SQLVariantRefExpr x) {
String varName = x.getName();
if (varName == null) {
return false;
}
if (config.isVariantCheck() && varName.startsWith("@@")) {
final WallTopStatementContext topStatementContext = WallVisitorUtils.getWallTopStatementContext();
if (topStatementContext != null && (topStatementContext.fromSysSchema() || topStatementContext.fromSysTable())) {
return false;
}
boolean allow = true;
if (isDeny(varName) && (WallVisitorUtils.isWhereOrHaving(x) || WallVisitorUtils.checkSqlExpr(x))) {
allow = false;
}
if (!allow) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + x.getName(), toSQL(x)));
}
}
return false;
}
use of com.alibaba.druid.wall.spi.WallVisitorUtils.WallTopStatementContext in project druid by alibaba.
the class MySqlWallVisitor method visit.
public boolean visit(SQLVariantRefExpr x) {
String varName = x.getName();
if (varName == null) {
return false;
}
if (varName.startsWith("@@") && !checkVar(x.getParent(), x.getName())) {
final WallTopStatementContext topStatementContext = WallVisitorUtils.getWallTopStatementContext();
if (topStatementContext != null && (topStatementContext.fromSysSchema() || topStatementContext.fromSysTable())) {
return false;
}
boolean isTop = WallVisitorUtils.isTopNoneFromSelect(this, x);
if (!isTop) {
boolean allow = true;
if (isDeny(varName) && (WallVisitorUtils.isWhereOrHaving(x) || WallVisitorUtils.checkSqlExpr(x))) {
allow = false;
}
if (!allow) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + x.getName(), toSQL(x)));
}
}
}
return false;
}
Aggregations