Package com.alibaba.druid.wall.spi

Examples of com.alibaba.druid.wall.spi.MySqlWallProvider

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
    protected void tearDown() throws Exception {
        WallContext.clearContext();
    }

    public void testMySql() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "select xx * x *";
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(0, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(1, provider.getCheckCount());
            Assert.assertEquals(1, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
       
        Assert.assertFalse(provider.checkValid(sql));
        {
            WallTableStat tableStat = provider.getTableStat("t");
            Assert.assertEquals(0, tableStat.getSelectCount());
            Assert.assertEquals(1, provider.getBlackListHitCount());
            Assert.assertEquals(0, provider.getWhiteListHitCount());
            Assert.assertEquals(0, provider.getWhiteList().size());
            Assert.assertEquals(1, provider.getBlackList().size());
            Assert.assertEquals(2, provider.getCheckCount());
            Assert.assertEquals(2, provider.getSyntaxErrorCount());
            Assert.assertEquals(1, provider.getHardCheckCount());
        }
    }
View Full Code Here
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
        is.close();
        items = text.split("\\|\\n\\|");
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
       
        provider.getConfig().setConditionDoubleConstAllow(true);
       
        provider.getConfig().setUseAllow(true);
        provider.getConfig().setStrictSyntaxCheck(false);
        provider.getConfig().setMultiStatementAllow(true);
        provider.getConfig().setConditionAndAlwayTrueAllow(true);
        provider.getConfig().setNoneBaseStatementAllow(true);
        provider.getConfig().setSelectUnionCheck(false);
        provider.getConfig().setSchemaCheck(true);
        provider.getConfig().setLimitZeroAllow(true);
        provider.getConfig().setCommentAllow(true);

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
            if (sql.indexOf("''=''") != -1) {
                continue;
            }
//            if (i <= 121) {
//                continue;
//            }
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.out.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                break;
            }
        }
        System.out.println(provider.getViolationCount());
//        String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND (CASE WHEN (7885=7885) THEN 1 ELSE 0 END)";

//        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
        items = all.split("\\|\\r\\n\\|");
    }

    public void test_xx() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        for (int i = 0; i < items.length; ++i) {
            String sql = items[i];
           
            WallCheckResult result = provider.check(sql);
            if (result.getViolations().size() > 0) {
                Violation violation = result.getViolations().get(0);
                System.err.println("error (" + i + ") : " + violation.getMessage());
                System.out.println(sql);
                System.out.println();
//                break;
            }
        }

        System.out.println("violaionCount : " + provider.getViolationCount());
    }
View Full Code Here
23
24
25
26
27
28
29
30
31
32
import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest141 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        String sql = "SELECT name, '******' password, createTime from user where length(name) = 999999.9 or ascii(substring((database()),1,1))=127";
        Assert.assertFalse(provider.checkValid(sql));
    }
View Full Code Here
23
24
25
26
27
28
29
30
31
32
import com.alibaba.druid.wall.spi.MySqlWallProvider;

public class MySqlWallTest134 extends TestCase {

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setSelectUnionCheck(true);
        Assert.assertTrue(provider.checkValid("SELECT 1 FROM dual WHERE 1 = '1'''''''''''''UNION SELECT '2';"));
        Assert.assertFalse(provider.checkValid("SELECT 1 FROM t WHERE 1 = '1'''''''''''''UNION SELECT '2' --;")); //end of comment --> false
    }
View Full Code Here
30
31
32
33
34
35
36
37
38
39
40
41
* @see
*/
public class MySqlWallTest57 extends TestCase {

    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version"));

        Assert.assertEquals(0, provider.getTableStats().size());
    }
View Full Code Here
39
40
41
42
43
44
45
46
47
48
49
50
        Assert.assertEquals(0, provider.getTableStats().size());
    }

    public void test_true_1() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM DUAL"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here
48
49
50
51
52
53
54
55
56
57
58
59
        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_true_2() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT @@version FROM X"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here
57
58
59
60
61
62
63
64
65
66
67
68
        Assert.assertEquals(1, provider.getTableStats().size());
    }

    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertFalse(provider.checkValid(//
        "SELECT * FROM X where id=1 and 1!=1 union select @@version"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here
30
31
32
33
34
35
36
37
38
39
40
41
* @see
*/
public class MySqlWallTest80 extends TestCase {

    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();

        Assert.assertTrue(provider.checkValid(//
        "SELECT * FROM T WHERE FID = ? OR FID LIKE 1"));

        Assert.assertEquals(1, provider.getTableStats().size());
    }
View Full Code Here
TOP

Related Classes of com.alibaba.druid.wall.spi.MySqlWallProvider

  • com.alibaba.druid.bvt.filter.wall.MySqlWallPermitVariantTest
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest100
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest104
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest108
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest109
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest110
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest112
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest113
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest115
  • com.alibaba.druid.bvt.filter.wall.MySqlWallTest117
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.