增加禁用和高危语句检测

hhyo · May 22, 2019 · 203de9d · 203de9d
1 parent 46cb013
commit 203de9d
Showing 1 changed file with 39 additions and 1 deletion.
diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py
@@ -5,6 +5,7 @@
 import re
 import sqlparse
 
+from common.config import SysConfig
 from common.utils.timer import FuncTimer
 from . import EngineBase
 import cx_Oracle
@@ -202,8 +203,45 @@ def query_masking(self, schema_name=None, sql='', resultset=None):
 
     def execute_check(self, db_name=None, sql=''):
         """上线单执行前的检查, 返回Review set"""
+        config = SysConfig()
         check_result = ReviewSet(full_sql=sql)
-        # 切分语句，追加到检测结果中，默认全部检测通过
+        # 禁用语句检查
+        line = 1
+        for statement in sqlparse.split(sql):
+            statement = sqlparse.format(statement, strip_comments=True)
+            if re.match(r"^select", statement.lower()):
+                check_result.is_critical = True
+                result = ReviewResult(id=line, errlevel=2,
+                                      stagestatus='驳回不支持语句',
+                                      errormessage='仅支持DML和DDL语句，查询语句请使用SQL查询功能！',
+                                      sql=statement)
+                check_result.rows += [result]
+                check_result.error_count += 1
+        # 高危SQL检查
+        if not check_result.is_critical and config.get('critical_ddl_regex'):
+            # 如果启用critical_ddl 的检查
+            critical_ddl_regex = config.get('critical_ddl_regex')
+            p = re.compile(critical_ddl_regex)
+            # 逐行匹配正则
+            line = 1
+            for statement in sqlparse.split(sql):
+                # 删除注释语句
+                statement = sqlparse.format(statement, strip_comments=True)
+                if p.match(statement.strip().lower()):
+                    result = ReviewResult(id=line, errlevel=2,
+                                          stagestatus='驳回高危SQL',
+                                          errormessage='禁止提交匹配' + critical_ddl_regex + '条件的语句！',
+                                          sql=statement)
+                    check_result.is_critical = True
+                    check_result.error_count += 1
+                else:
+                    result = ReviewResult(id=line, errlevel=0, sql=statement)
+                check_result.rows += [result]
+                line += 1
+        # 高危/禁用语句直接返回
+        if check_result.is_critical:
+            return check_result
+        # 非高危/禁用语句，追加到检测结果中
         line = 1
         for statement in sqlparse.split(sql):
             check_result.rows.append(ReviewResult(