Package com.alibaba.druid.wall

Examples of com.alibaba.druid.wall.WallProvider$WallCommentHandler


        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        provider.getConfig().setCommentAllow(false);

        Assert.assertTrue(provider.checkValid("/* this is comment */ SELECT id FROM t "));
        Assert.assertTrue(provider.checkValid("-- this is comment \n SELECT * FROM t"));
        Assert.assertTrue(provider.checkValid("#this is comment \n SELECT * FROM t"));
       
        Assert.assertFalse(provider.checkValid("/*!40101fff*/ select * from t"));

        Assert.assertTrue(provider.checkValid("SELECT * FROM t where a=1 #this is comment \n and b=1"));
        Assert.assertTrue(provider.checkValid("SELECT * FROM t where a=1 -- this is comment \n and c=1"));
        Assert.assertTrue(provider.checkValid("SELECT * FROM t where a=1 /* this is comment */ and d=1"));

        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 #and c=1 \n and e=1"));
        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 -- AND c=1 \n and f=1"));
        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 /* and c=1 */ and g=1"));

        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 #and c=1 "));
        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 -- and c=1"));
        Assert.assertFalse(provider.checkValid("SELECT * FROM t where a=1 /* and c=1 */"));
    }
View Full Code Here


    protected void tearDown() throws Exception {
        WallContext.clearContext();
    }

    public void testMySql() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "select xx * x *";
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(0, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(1, provider.getCheckCount());
            Assert.assertEquals(1, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
       
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(1, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(2, provider.getCheckCount());
            Assert.assertEquals(2, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
    }
View Full Code Here

        is.close();
        items = text.split("\\|\\n\\|");
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
       
        provider.getConfig().setConditionDoubleConstAllow(true);
       
        provider.getConfig().setUseAllow(true);
        provider.getConfig().setStrictSyntaxCheck(false);
        provider.getConfig().setMultiStatementAllow(true);
        provider.getConfig().setConditionAndAlwayTrueAllow(true);
        provider.getConfig().setNoneBaseStatementAllow(true);
        provider.getConfig().setSelectUnionCheck(false);
        provider.getConfig().setSchemaCheck(true);
        provider.getConfig().setLimitZeroAllow(true);
        provider.getConfig().setCommentAllow(true);

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
            if (sql.indexOf("''=''") != -1) {
                continue;
            }
//            if (i <= 121) {
//                continue;
//            }
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.out.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                break;
            }
        }
        System.out.println(provider.getViolationCount());
//        String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";

//        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here

        items = all.split("\\|\\r\\n\\|");
    }

    public void test_xx() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
           
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.err.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                System.out.println();
//                break;
            }
        }

        System.out.println("violaionCount : " + provider.getViolationCount());
    }
View Full Code Here

import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest141 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "SELECT name, '******' password, createTime from user where length(name) = 999999.9 or ascii(substring((database()),1,1))=127";
        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here

import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest134 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setSelectUnionCheck(true);
        Assert.assertTrue(provider.checkValid("SELECT 1 FROM dual WHERE 1 = '1'''''''''''''UNION SELECT '2';"));
        Assert.assertFalse(provider.checkValid("SELECT 1 FROM t WHERE 1 = '1'''''''''''''UNION SELECT '2' --;")); //end of comment --> false
    }
View Full Code Here

* @see
*/
public class MySqlWallTest57 extends TestCase {

    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version"));

        Assert.assertEquals(0, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(0, provider.getTableStats().size());
    }

    public void test_true_1() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM DUAL"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_true_2() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM X"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertFalse(provider.checkValid(//
        "SELECT * FROM X where id=1 and 1!=1 union select @@version"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

TOP

Related Classes of com.alibaba.druid.wall.WallProvider$WallCommentHandler

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.