Examples of WallConfig

Examples of com.alibaba.druid.wall.WallConfig

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
    }

    public static void checkDelete(WallVisitor visitor, SQLDeleteStatement x) {
        checkReadOnly(visitor, x.getTableSource());

        WallConfig config = visitor.getConfig();
        if (!config.isDeleteAllow()) {
            addViolation(visitor, ErrorCode.INSERT_NOT_ALLOW, "delete not allow", x);
            return;
        }

        boolean hasUsing = false;

        if (x instanceof MySqlDeleteStatement) {
            hasUsing = ((MySqlDeleteStatement) x).getUsing() != null;
        }

        boolean isJoinTableSource = x.getTableSource() instanceof SQLJoinTableSource;
        if (x.getWhere() == null && (!hasUsing) && !isJoinTableSource) {
            WallContext context = WallContext.current();
            if (context != null) {
                context.incrementDeleteNoneConditionWarnnings();
            }

            if (config.isDeleteWhereNoneCheck()) {
                addViolation(visitor, ErrorCode.NONE_CONDITION, "delete none condition not allow", x);
                return;
            }
        }

        if (Boolean.TRUE == getConditionValue(visitor, x.getWhere(), config.isDeleteWhereAlwayTrueCheck())) {
            addViolation(visitor, ErrorCode.ALWAY_TRUE, "delete alway true condition not allow", x);
            return;
        }

        checkCondition(visitor, x.getWhere());
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
    }

    public static void checkUpdate(WallVisitor visitor, SQLUpdateStatement x) {
        checkReadOnly(visitor, x.getTableSource());

        WallConfig config = visitor.getConfig();
        if (!config.isUpdateAllow()) {
            addViolation(visitor, ErrorCode.UPDATE_NOT_ALLOW, "update not allow", x);
            return;
        }

        if (x.getWhere() == null) {
            WallContext context = WallContext.current();
            if (context != null) {
                context.incrementUpdateNoneConditionWarnnings();
            }

            if (config.isUpdateWhereNoneCheck()) {
                if (x instanceof MySqlUpdateStatement) {
                    MySqlUpdateStatement mysqlUpdate = (MySqlUpdateStatement) x;
                    if (mysqlUpdate.getLimit() == null) {
                        addViolation(visitor, ErrorCode.NONE_CONDITION, "update none condition not allow", x);
                        return;
                    }
                } else {
                    addViolation(visitor, ErrorCode.NONE_CONDITION, "update none condition not allow", x);
                    return;
                }
            }
        }

        if (config.isUpdateWhereAlayTrueCheck()) {
            if (Boolean.TRUE == getConditionValue(visitor, x.getWhere(), true)) {
                addViolation(visitor, ErrorCode.ALWAY_TRUE, "update alway true condition not allow", x);
                return;
            }
        }
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
            JdbcUtils.close(reader);
        }
    }

    public static void preVisitCheck(WallVisitor visitor, SQLObject x) {
        WallConfig config = visitor.getProvider().getConfig();

        if (!(x instanceof SQLStatement)) {
            return;
        }

        boolean allow = false;
        int errorCode;
        String denyMessage;
        if (x instanceof SQLInsertStatement) {
            allow = config.isInsertAllow();
            denyMessage = "insert not allow";
            errorCode = ErrorCode.INSERT_NOT_ALLOW;
        } else if (x instanceof SQLSelectStatement) {
            allow = true;
            denyMessage = "select not allow";
            errorCode = ErrorCode.SELECT_NOT_ALLOW;
        } else if (x instanceof SQLDeleteStatement) {
            allow = config.isDeleteAllow();
            denyMessage = "delete not allow";
            errorCode = ErrorCode.DELETE_NOT_ALLOW;
        } else if (x instanceof SQLUpdateStatement) {
            allow = config.isUpdateAllow();
            denyMessage = "update not allow";
            errorCode = ErrorCode.UPDATE_NOT_ALLOW;
        } else if (x instanceof OracleMultiInsertStatement) {
            allow = true;
            denyMessage = "multi-insert not allow";
            errorCode = ErrorCode.INSERT_NOT_ALLOW;
        } else if (x instanceof OracleMergeStatement) {
            allow = config.isMergeAllow();
            denyMessage = "merge not allow";
            errorCode = ErrorCode.MERGE_NOT_ALLOW;
        } else if (x instanceof SQLCallStatement) {
            allow = config.isCallAllow();
            denyMessage = "call not allow";
            errorCode = ErrorCode.CALL_NOT_ALLOW;
        } else if (x instanceof SQLTruncateStatement) {
            allow = config.isTruncateAllow();
            denyMessage = "truncate not allow";
            errorCode = ErrorCode.TRUNCATE_NOT_ALLOW;
        } else if (x instanceof SQLCreateTableStatement //
                   || x instanceof SQLCreateIndexStatement //
                   || x instanceof SQLCreateViewStatement) {
            allow = config.isCreateTableAllow();
            denyMessage = "create table not allow";
            errorCode = ErrorCode.CREATE_TABLE_NOT_ALLOW;
        } else if (x instanceof SQLAlterTableStatement) {
            allow = config.isAlterTableAllow();
            denyMessage = "alter table not allow";
            errorCode = ErrorCode.ALTER_TABLE_NOT_ALLOW;
        } else if (x instanceof SQLDropTableStatement //
                   || x instanceof SQLDropIndexStatement //
                   || x instanceof SQLDropViewStatement) {
            allow = config.isDropTableAllow();
            denyMessage = "drop table not allow";
            errorCode = ErrorCode.DROP_TABLE_NOT_ALLOW;
        } else if (x instanceof MySqlSetCharSetStatement //
                   || x instanceof MySqlSetNamesStatement //
                   || x instanceof SQLSetStatement) {
            allow = config.isSetAllow();
            denyMessage = "set not allow";
            errorCode = ErrorCode.SET_NOT_ALLOW;
        } else if (x instanceof MySqlReplaceStatement) {
            allow = config.isReplaceAllow();
            denyMessage = "replace not allow";
            errorCode = ErrorCode.REPLACE_NOT_ALLOW;
        } else if (x instanceof MySqlDescribeStatement) {
            allow = config.isDescribeAllow();
            denyMessage = "describe not allow";
            errorCode = ErrorCode.DESC_NOT_ALLOW;
        } else if (x instanceof MySqlShowStatement) {
            allow = config.isShowAllow();
            denyMessage = "show not allow";
            errorCode = ErrorCode.SHOW_NOT_ALLOW;
        } else if (x instanceof MySqlCommitStatement) {
            allow = config.isCommitAllow();
            denyMessage = "show not allow";
            errorCode = ErrorCode.COMMIT_NOT_ALLOW;
        } else if (x instanceof SQLRollbackStatement) {
            allow = config.isRollbackAllow();
            denyMessage = "show not allow";
            errorCode = ErrorCode.ROLLBACK_NOT_ALLOW;
        } else if (x instanceof SQLUseStatement) {
            allow = config.isUseAllow();
            denyMessage = "show not allow";
            errorCode = ErrorCode.USE_NOT_ALLOW;
        } else {
            allow = config.isNoneBaseStatementAllow();
            errorCode = ErrorCode.NONE_BASE_STATEMENT_NOT_ALLOW;
            denyMessage = x.getClass() + " not allow";
        }

        if (!allow) {
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

27
28
29
30
31
32
33
34
35
36
37
38
        dataSource.setUrl("jdbc:h2:mem:wall_test;");
        // dataSource.setFilters("wall");
        dataSource.setDbType(JdbcConstants.MARIADB);

        WallConfig config = new WallConfig();
        config.setTenantCallBack(new TenantTestCallBack());

        wallFilter = new WallFilter();
        wallFilter.setConfig(config);
        wallFilter.setDbType(JdbcConstants.MARIADB);
        List<Filter> filters = new LinkedList<Filter>();
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

23
24
25
26
27
28
29
30
31
32
33
34
import com.alibaba.druid.wall.WallUtils;

public class OracleWallTest extends TestCase {

    public void testWall() throws Exception {
        WallConfig config = new WallConfig();
        config.setSelectUnionCheck(true);
        Assert.assertTrue(WallUtils.isValidateOracle("select f1, f2 from t where c=1 union select 1, 2",config));
        Assert.assertFalse(WallUtils.isValidateOracle("select f1, f2 from t where c=1 union select 1, 2 --",config));
       
        Assert.assertFalse(WallUtils.isValidateOracle("SELECT * FROM T UNION select * from TAB"));
        Assert.assertFalse(WallUtils.isValidateOracle("SELECT * FROM T UNION select * from ALL_TABLES where (1=1 or (1+1)=2) and (4=8 or 1=1)"));
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

32
33
34
35
36
37
38
39
40
41
        Assert.assertFalse(WallUtils.isValidateMySql("select * from t where fid = 1 union select benchmark( 500000, sha1( 'test' ) ) FROM X"));
    }
   
   
    public void test_allow() throws Exception {
        WallConfig config = new WallConfig();
        config.setTableCheck(false);
       
        Assert.assertTrue(WallUtils.isValidateMySql("select benchmark( 500000, sha1( 'test' ) ) FROM X", config));
    }
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

13
14
15
16
17
18
19
20
21
22
        Assert.assertFalse(WallUtils.isValidateMySql(//
        "SELECT * from t where id = 1 XOR id = 2")); //
    }

    public void test_true() throws Exception {
        WallConfig config = new WallConfig();
        config.setConditionOpXorAllow(true);
        Assert.assertTrue(WallUtils.isValidateMySql(//
        "SELECT * from t where id = 1 XOR id = 2", config)); //
    }
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
    protected void setUp() throws Exception {

    }

    public void testMySql() throws Exception {
        WallConfig config = new WallConfig();
        WallConfig config_callback = new WallConfig();
        config.setTenantTablePattern("*");
        config.setTenantColumn("tenant");

        config_callback.setTenantCallBack(new TenantTestCallBack());
       
        WallProvider.setTenantValue(123);
        MySqlWallProvider provider = new MySqlWallProvider(config);
        WallCheckResult checkResult = provider.check(sql);
        Assert.assertEquals(0, checkResult.getViolations().size());
View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
        String resultSql = SQLUtils.toSQLString(checkResult.getStatementList(), JdbcConstants.MYSQL);
        Assert.assertEquals(expect_sql, resultSql);
    }

    public void testMySql2() throws Exception {
        WallConfig config = new WallConfig();
        WallConfig config_callback = new WallConfig();
        config.setTenantTablePattern("*");
        config.setTenantColumn("tenant");

        config_callback.setTenantCallBack(new TenantTestCallBack());

        MySqlWallProvider provider = new MySqlWallProvider(config_callback);
        WallCheckResult checkResult = provider.check(sql);
        Assert.assertEquals(0, checkResult.getViolations().size());

View Full Code Here

Examples of com.alibaba.druid.wall.WallConfig

8
9
10
11
12
13
14
15
16
17
import com.alibaba.druid.wall.WallUtils;

public class MinusTest extends TestCase {

    public void test_false() throws Exception {
        WallConfig config = new WallConfig();
        config.setIntersectAllow(false);
        Assert.assertFalse(WallUtils.isValidateOracle(//
        "SELECT * FROM A Intersect SELECT * FROM B", config)); //
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.