Skip to content

Commit

Permalink
Merge pull request alibaba#753 from yakolee/master
Browse files Browse the repository at this point in the history 
bugfix for alibaba#728
  • Loading branch information
@yakolee
yakolee committed Dec 21, 2014
2 parents 83d7b71 + d6ab72b commit 6c02ffe
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 8 deletions.
19 changes: 11 additions & 8 deletions src/main/java/com/alibaba/druid/wall/spi/WallVisitorUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1028,6 +1028,10 @@ public static Object getValue(WallVisitor visitor, SQLBinaryOpExpr x) {
}
return null;
}

boolean checkCondition = visitor != null
&& (!visitor.getConfig().isConstArithmeticAllow()
|| !visitor.getConfig().isConditionOpBitwseAllow() || !visitor.getConfig().isConditionOpXorAllow());

if (x.getLeft() instanceof SQLName) {
if (x.getRight() instanceof SQLName) {
Expand All @@ -1048,7 +1052,7 @@ public static Object getValue(WallVisitor visitor, SQLBinaryOpExpr x) {
break;
}
}
} else {
} else if (!checkCondition) {
switch (x.getOperator()) {
case Equality:
case NotEqual:
Expand Down Expand Up @@ -1078,15 +1082,14 @@ public static Object getValue(WallVisitor visitor, SQLBinaryOpExpr x) {
}
}

if (x.getOperator() == SQLBinaryOperator.Like || x.getOperator() == SQLBinaryOperator.NotLike) {
Object leftResult = getValue(visitor, x.getLeft());
Object rightResult = getValue(visitor, x.getRight());
Object leftResult = getValue(visitor, x.getLeft());
Object rightResult = getValue(visitor, x.getRight());

if (x.getOperator() == SQLBinaryOperator.Like && leftResult instanceof String
&& leftResult.equals(rightResult)) {
addViolation(visitor, ErrorCode.SAME_CONST_LIKE, "same const like", x);
}
if (x.getOperator() == SQLBinaryOperator.Like && leftResult instanceof String && leftResult.equals(rightResult)) {
addViolation(visitor, ErrorCode.SAME_CONST_LIKE, "same const like", x);
}

if (x.getOperator() == SQLBinaryOperator.Like || x.getOperator() == SQLBinaryOperator.NotLike) {
WallContext context = WallContext.current();
if (context != null) {
if (rightResult instanceof Number || leftResult instanceof Number) {
Expand Down
53 changes: 53 additions & 0 deletions src/test/java/com/alibaba/druid/bvt/bug/Issue_728.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*
* Copyright 1999-2011 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.druid.bvt.bug;

import junit.framework.TestCase;

import org.junit.Assert;

import com.alibaba.druid.wall.WallConfig;
import com.alibaba.druid.wall.WallUtils;

public class Issue_728 extends TestCase {

public void test1() throws Exception {
String sql = "select * from city_list where city_id = 3-1";

WallConfig config = new WallConfig();
config.setConstArithmeticAllow(false);

Assert.assertFalse(WallUtils.isValidateMySql(sql, config));
}

public void test2() throws Exception {
String sql = "SELECT * from city_list where 2 = case when 2=1 then 1 else 2 END";

WallConfig config = new WallConfig();
config.setCaseConditionConstAllow(false);

Assert.assertFalse(WallUtils.isValidateMySql(sql, config));
}

public void test3() throws Exception {
String sql = "SELECT * from city_list where city_id = 1 & 2";

WallConfig config = new WallConfig();
config.setConditionOpBitwseAllow(false);

Assert.assertFalse(WallUtils.isValidateMySql(sql, config));
}
}

0 comments on commit 6c02ffe

Please sign in to comment.