Package com.alibaba.druid.wall

Examples of com.alibaba.druid.wall.WallProvider


import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest106 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setCommentAllow(false);

        String sql = "select * from t where id = ? or bin(1) = 1";

        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here


* @see
*/
public class MySqlWallTest65 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setSchemaCheck(true);

        Assert.assertFalse(provider.checkValid(//
        "SELECT email, passwd, login_id, full_name" +
        " FROM members" +
        " WHERE member_id = 3 AND 0<(SELECT COUNT(*) FROM tabname);"));

        Assert.assertEquals(2, provider.getTableStats().size());
    }
View Full Code Here

import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest103 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setCommentAllow(false);

        String sql = "select * from t where id = ? or 97 & 1";

        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here

* @see
*/
public class SQLServerWallTest_0 extends TestCase {

    private WallProvider initWallProvider() {
        WallProvider provider = new SQLServerWallProvider();

        provider.getConfig().setStrictSyntaxCheck(false);
        provider.getConfig().setMultiStatementAllow(true);
        provider.getConfig().setConditionAndAlwayTrueAllow(true);
        provider.getConfig().setNoneBaseStatementAllow(true);
        provider.getConfig().setLimitZeroAllow(true);
        provider.getConfig().setConditionDoubleConstAllow(true);

        provider.getConfig().setCommentAllow(true);
        provider.getConfig().setSelectUnionCheck(false);

        return provider;
    }
View Full Code Here

        return provider;
    }

    public void test_false() {
        WallProvider provider = initWallProvider();
        {
            String sql = "SELECT KL_ArticleContent,KL_ArticleTitle FROM dbo.KL_Article WHERE KL_ArticleId =13 And (Select Top 1 unicode(substring(isNull(cast(name as varchar(8000)),char(32)),7,1)) From (Select Top 9 [dbid],[name] From master..sysdatabases Order by [dbid] desc) T Order by [dbid]) between 105 and 105";
            Assert.assertFalse(provider.checkValid(sql));
        }
        {
            String sql = "SELECT KL_ArticleContent,KL_ArticleTitle FROM dbo.KL_Article WHERE KL_ArticleId =13 and (select unicode(substring(isNull(cast(db_name() as varchar(8000)),char(32)),1,1))) between 105 and 108";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false1() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select OrderId,Order_Time,oResult,oState,show_Exp_Num,Is_Exp_Print,sel_Exp_Id,Order_Th,Th_Audit_Time,Th_Delay_Days from Pro_Order_List where OrderId='2012110125252' AND HOST_NAME()=HOST_NAME() AND 'kbwg'='kbwg'";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false2() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "SELECT characteristic.columnname + '|' + RTRIM(characteristic.rpid) as rpid ," //
                         + " characteristic.columnname, characteristic.chnname " //
                         + "FROM characteristic" //
                         + "     inner join content_sort" //
                         + "         on characteristic.rpid = content_sort.rpid and content_sort.opid = 2"
                         + "WHERE (characteristic.columnname IN (" //
                         + "         SELECT name FROM syscolumns" //
                         + "         WHERE (id =(SELECT id FROM sysobjects WHERE (name = 'content')))" //
                         + "                 AND (name NOT IN ('billid', 'itemno', 'tableid', 'rpid'))" //
                         + "         ))" //
                         + "     AND (characteristic.closed = 0)" //
                         + "ORDER BY content_sort.sort, characteristic.code";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false3() throws Exception {
        WallProvider provider = initWallProvider();

        {
            String sql = "SELECT rpid, columnname, chnname, type, textfield" //
                         + "     , valuefield, ddlbtable, ddlbwhere, ddlbsort, datatype "//
                         + "FROM characteristic "//
                         + "WHERE (closed = 0)" //
                         + "     AND ((SELECT COUNT(*) FROM sysobjects WHERE (id IN (SELECT id FROM syscolumns WHERE name = columnname)) AND (name = 'content')) > 0) ORDER BY code";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_true2() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select Fg.name as TableFg, dsp.name as TexImageFg, FtCat.name as FulltextCatalog, OBJECTPROPERTY(tbl.object_id, 'TableTextInRowLimit') as TextInrowLimit, OBJECTPROPERTY(tbl.object_id, 'IsIndexable'), user_name(tbl.principal_id) as DirectOwner, tbl.is_replicated, tbl.lock_escalation_desc from sys.tables tbl left outer join sys.data_spaces dsp on dsp.data_space_id = tbl.lob_data_space_id left outer join (sys.fulltext_indexes fti inner join sys.fulltext_catalogs FtCat on FtCat.fulltext_catalog_id = fti.fulltext_catalog_id ) on fti.object_id = tbl.object_id inner join (sys.indexes idx inner join sys.data_spaces Fg on (idx.index_id = 0 or idx.index_id = 1) and Fg.data_space_id = idx.data_space_id) on idx.object_id = tbl.object_id and (idx.index_id = 0 or idx.index_id = 1) where tbl.object_id = is_member(N'dbo.nqh_TelOrder') ";
            Assert.assertTrue(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertTrue(provider.checkValid(sql));
        }
    }

    public void test_true3() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select '' relation,count(*) addr,0 cha_id,'' cha_name,0 icon,'' motto from (   select distinct master.relation relation from character INNER JOIN   master ON character.cha_id = master.cha_id1 where master.cha_id2 = 11272   ) cc union select master.relation relation,count(character.mem_addr) addr,0   cha_id,'' cha_name,1 icon,'' motto from character INNER JOIN master ON   character.cha_id = master.cha_id1 where master.cha_id2 = 11272 group by relation   union select master.relation relation,character.mem_addr addr,character.cha_id   cha_id,character.cha_name cha_name,character.icon icon,character.motto motto   from character INNER JOIN master ON character.cha_id = master.cha_id1   where master.cha_id2 = 11272 order by relation,cha_id,icon";
            Assert.assertTrue(provider.checkValid(sql));
        }
    }
View Full Code Here

TOP

Related Classes of com.alibaba.druid.wall.WallProvider

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.