Package com.alibaba.druid.wall

Examples of com.alibaba.druid.wall.WallProvider


            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false3() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "SELECT * FROM mp_Sites WHERE SiteID = -1 OR -1 = -1 ORDER BY SiteID LIMIT 1 ";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here


            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false4() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select cid,title,id,img,fan from duoduo_mall where cid = cid and 1=1 order by sort desc limit 17 ";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false5() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select count(1) as cot from w36ma_picking where (picking_no='' or ''='') and (DATE_FORMAT(create_time,'%Y-%m-%d') = '' or ''='')";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false6() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = " select pg.*,an1.w36ma_name as create_name, an2.w36ma_name as print_name, an2.w36ma_name as receive_name, an2.w36ma_name as products_name, an2.w36ma_name as warehouse_name from w36ma_picking as pg left join iweb_admin as an1 on pg.create_name_id=an1.id left join iweb_admin as an2 on pg.print_name_id=an2.id left join iweb_admin as an3 on pg.receive_name_id=an3.id left join iweb_admin as an4 on pg.products_name_id=an4.id left join iweb_admin as an5 on pg.warehouse_name_id=an5.id where (pg.picking_no='' or ''='') and (DATE_FORMAT(pg.create_time,'%Y-%m-%d') = '' or ''='') limit 0,20 ";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false7() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select sysuser0_.sysuser_id as sysuser1_163_, sysuser0_.sysuser_name as sysuser2_163_, sysuser0_.sysuser_loginname as sysuser3_163_, sysuser0_.sysuser_password as sysuser4_163_, sysuser0_.sysuser_mobilenum as sysuser5_163_, sysuser0_.sysuser_email as sysuser6_163_, sysuser0_.sysuser_phonenum as sysuser7_163_, sysuser0_.sysuser_createtime as sysuser8_163_, sysuser0_.sysuser_lastupdate as sysuser9_163_, sysuser0_.sysuser_status as sysuser10_163_, sysuser0_.sysuser_loginip as sysuser11_163_, sysuser0_.sysuser_interfacesn as sysuser12_163_, sysuser0_.customer_customer_id as customer13_163_, sysuser0_.role_role_id as role14_163_ from sysuser sysuser0_ where sysuser0_.sysuser_status=1 and sysuser0_.role_role_id=5 and sysuser0_.sysuser_loginname='sms_bftl2' and USER()=USER() and 'EYrc'='EYrc'";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false8() throws Exception {
        WallProvider provider = initWallProvider();
        {
            String sql = "select sum(payment_ft) from order_goods where order_id=72353 AND (SELECT 3791 FROM(SELECT COUNT(*),CONCAT(CHAR(58,110,106,120,58),(SELECT (CASE WHEN (3791=3791) THEN 1 ELSE 0 END)),CHAR(58,116,116,113,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false10() {
        WallProvider provider = initWallProvider();
        {
            String sql = "select count(*) from messages a where a.id in (2 and 1 AND 9881=IF((ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),6,1))>117),SLEEP(5),9881)) and a.message <> 'hello' and a.message like 'Little'";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false11() {
        WallProvider provider = initWallProvider();
        {
            String sql = "select * from messages where id=1 limit (select count(*) from products group by concat(version(),0x27202020,floor(rand(0)*2-1)));";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false12() {
        WallProvider provider = initWallProvider();
        {
            String sql = "select * from dede_admin where id=1 order by if((ascii(substr(user(),1,1))>95),1,2);";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

            Assert.assertFalse(provider.checkValid(sql));
        }
    }

    public void test_false13() {
        WallProvider provider = initWallProvider();
        {
            String sql = "select * from dede_admin where id=1 limit if((ascii(substr(user(),1,1))>95),1,0);";
            Assert.assertFalse(provider.checkValid(sql));
        }
    }
View Full Code Here

TOP

Related Classes of com.alibaba.druid.wall.WallProvider

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.