Package com.alibaba.druid.wall.spi

Examples of com.alibaba.druid.wall.spi.MySqlWallProvider


    protected void tearDown() throws Exception {
        WallContext.clearContext();
    }

    public void testMySql() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "select xx * x *";
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(0, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(1, provider.getCheckCount());
            Assert.assertEquals(1, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
       
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(1, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(2, provider.getCheckCount());
            Assert.assertEquals(2, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
    }
View Full Code Here


        is.close();
        items = text.split("\\|\\n\\|");
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
       
        provider.getConfig().setConditionDoubleConstAllow(true);
       
        provider.getConfig().setUseAllow(true);
        provider.getConfig().setStrictSyntaxCheck(false);
        provider.getConfig().setMultiStatementAllow(true);
        provider.getConfig().setConditionAndAlwayTrueAllow(true);
        provider.getConfig().setNoneBaseStatementAllow(true);
        provider.getConfig().setSelectUnionCheck(false);
        provider.getConfig().setSchemaCheck(true);
        provider.getConfig().setLimitZeroAllow(true);
        provider.getConfig().setCommentAllow(true);

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
            if (sql.indexOf("''=''") != -1) {
                continue;
            }
//            if (i <= 121) {
//                continue;
//            }
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.out.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                break;
            }
        }
        System.out.println(provider.getViolationCount());
//        String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";

//        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here

        items = all.split("\\|\\r\\n\\|");
    }

    public void test_xx() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
           
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.err.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                System.out.println();
//                break;
            }
        }

        System.out.println("violaionCount : " + provider.getViolationCount());
    }
View Full Code Here

import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest141 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "SELECT name, '******' password, createTime from user where length(name) = 999999.9 or ascii(substring((database()),1,1))=127";
        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here

import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest134 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setSelectUnionCheck(true);
        Assert.assertTrue(provider.checkValid("SELECT 1 FROM dual WHERE 1 = '1'''''''''''''UNION SELECT '2';"));
        Assert.assertFalse(provider.checkValid("SELECT 1 FROM t WHERE 1 = '1'''''''''''''UNION SELECT '2' --;")); //end of comment --> false
    }
View Full Code Here

* @see
*/
public class MySqlWallTest57 extends TestCase {

    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version"));

        Assert.assertEquals(0, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(0, provider.getTableStats().size());
    }

    public void test_true_1() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM DUAL"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_true_2() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM X"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertFalse(provider.checkValid(//
        "SELECT * FROM X where id=1 and 1!=1 union select @@version"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

* @see
*/
public class MySqlWallTest80 extends TestCase {

    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT * FROM T WHERE FID = ? OR FID LIKE 1"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here

TOP

Related Classes of com.alibaba.druid.wall.spi.MySqlWallProvider

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.