Example 6 with IllegalSQLObjectViolation
use of com.alibaba.druid.wall.violation.IllegalSQLObjectViolation in project druid by alibaba.
the class MySqlWallVisitor method visit.
public boolean visit(SQLPropertyExpr x) {
if (x.getOwner() instanceof SQLVariantRefExpr) {
SQLVariantRefExpr varExpr = (SQLVariantRefExpr) x.getOwner();
SQLObject parent = x.getParent();
String varName = varExpr.getName();
if (varName.equalsIgnoreCase("@@session") || varName.equalsIgnoreCase("@@global")) {
if (!(parent instanceof SQLSelectItem) && !(parent instanceof SQLAssignItem)) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable in condition not allow", toSQL(x)));
return false;
}
if (!checkVar(x.getParent(), x.getName())) {
boolean isTop = WallVisitorUtils.isTopNoneFromSelect(this, x);
if (!isTop) {
boolean allow = true;
if (isDeny(varName) && (WallVisitorUtils.isWhereOrHaving(x) || WallVisitorUtils.checkSqlExpr(varExpr))) {
allow = false;
}
if (!allow) {
violations.add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + x.getName(), toSQL(x)));
}
}
}
return false;
}
}
WallVisitorUtils.check(this, x);
return true;
}
Also used :
SQLAssignItem(com.alibaba.druid.sql.ast.statement.SQLAssignItem)
SQLObject(com.alibaba.druid.sql.ast.SQLObject)
SQLSelectItem(com.alibaba.druid.sql.ast.statement.SQLSelectItem)
IllegalSQLObjectViolation(com.alibaba.druid.wall.violation.IllegalSQLObjectViolation)
SQLVariantRefExpr(com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)
Example 7 with IllegalSQLObjectViolation
use of com.alibaba.druid.wall.violation.IllegalSQLObjectViolation in project druid by alibaba.
the class MySqlWallVisitor method visit.
@Override
public boolean visit(SQLLimit x) {
if (x.getRowCount() instanceof SQLNumericLiteralExpr) {
WallContext context = WallContext.current();
int rowCount = ((SQLNumericLiteralExpr) x.getRowCount()).getNumber().intValue();
if (rowCount == 0) {
if (context != null) {
context.incrementWarnings();
}
if (!provider.getConfig().isLimitZeroAllow()) {
this.getViolations().add(new IllegalSQLObjectViolation(ErrorCode.LIMIT_ZERO, "limit row 0", this.toSQL(x)));
}
}
}
return true;
}
Also used :
SQLNumericLiteralExpr(com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)
IllegalSQLObjectViolation(com.alibaba.druid.wall.violation.IllegalSQLObjectViolation)
SQLCommentHint(com.alibaba.druid.sql.ast.SQLCommentHint)
WallContext(com.alibaba.druid.wall.WallContext)
Example 8 with IllegalSQLObjectViolation
use of com.alibaba.druid.wall.violation.IllegalSQLObjectViolation in project druid by alibaba.
the class PGWallVisitor method visit.
public boolean visit(SQLIdentifierExpr x) {
String name = x.getName();
name = WallVisitorUtils.form(name);
if (config.isVariantCheck() && config.getDenyVariants().contains(name)) {
getViolations().add(new IllegalSQLObjectViolation(ErrorCode.VARIANT_DENY, "variable not allow : " + name, toSQL(x)));
}
return true;
}
Also used :
IllegalSQLObjectViolation(com.alibaba.druid.wall.violation.IllegalSQLObjectViolation)
Aggregations
IllegalSQLObjectViolation (com.alibaba.druid.wall.violation.IllegalSQLObjectViolation)8
WallTopStatementContext (com.alibaba.druid.wall.spi.WallVisitorUtils.WallTopStatementContext)2
SQLCommentHint (com.alibaba.druid.sql.ast.SQLCommentHint)1
SQLObject (com.alibaba.druid.sql.ast.SQLObject)1
SQLStatement (com.alibaba.druid.sql.ast.SQLStatement)1
SQLNumericLiteralExpr (com.alibaba.druid.sql.ast.expr.SQLNumericLiteralExpr)1
SQLVariantRefExpr (com.alibaba.druid.sql.ast.expr.SQLVariantRefExpr)1
SQLAssignItem (com.alibaba.druid.sql.ast.statement.SQLAssignItem)1
SQLSelectItem (com.alibaba.druid.sql.ast.statement.SQLSelectItem)1
MySqlHintStatement (com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlHintStatement)1
NotAllowCommentException (com.alibaba.druid.sql.parser.NotAllowCommentException)1
ParserException (com.alibaba.druid.sql.parser.ParserException)1
SQLStatementParser (com.alibaba.druid.sql.parser.SQLStatementParser)1
Token (com.alibaba.druid.sql.parser.Token)1
WallContext (com.alibaba.druid.wall.WallContext)1
SyntaxErrorViolation (com.alibaba.druid.wall.violation.SyntaxErrorViolation)1
ArrayList (java.util.ArrayList)1
