Examples of com.alibaba.druid.wall.spi.MySqlWallProvider.checkValid()

Class com.alibaba.druid.wall.spi.MySqlWallProvider

Examples of com.alibaba.druid.wall.spi.MySqlWallProvider.checkValid()

com.alibaba.druid.wall.spi.MySqlWallProvider.checkValid()

        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setCommentAllow(false);


        String sql = "SELECT name, '******' password, createTime from user where name like 'admin' AND 5859=5666 AND 'Cuqo' LIKE 'Cuqo'";


        Assert.assertFalse(provider.checkValid(sql));
    }


}

View Full Code Here


    public void test_true() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setSchemaCheck(false);


        Assert.assertTrue(provider.checkValid(//
        "SELECT COUNT(*) FROM information_schema.processlist " + //
                "WHERE user <> 'replication' AND id <> CONNECTION_ID() " + //
                "AND time > 60 AND command <> 'Sleep'"));


        Assert.assertEquals(1, provider.getTableStats().size());

View Full Code Here

public class MySqlWallTest77 extends TestCase {


    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        
        Assert.assertFalse(provider.checkValid(//
        "SELECT * FROM T WHERE FID = ? OR LEAST(2,0) = 0"));


        Assert.assertEquals(1, provider.getTableStats().size());
    }

View Full Code Here

    
    public void testmysql() throws Exception {
        String sql = "SELECT F1, F2 FROM ABC --test";


        MySqlWallProvider provider = new MySqlWallProvider();
        Assert.assertFalse(provider.checkValid(sql));


        Assert.assertEquals(1, provider.getCommentDenyStat().getDenyCount());
    }
    
    public void testsqlserver() throws Exception {

View Full Code Here


    public void test_allow() throws Exception {
        MySqlWallProvider provider = new MySqlWallProvider();
        provider.getConfig().setVariantCheck(false);


        Assert.assertTrue(provider.checkValid(sql));
    }


    public void test_not_allow() throws Exception {
        MySqlWallProvider provider = new MySqlWallProvider();
        provider.getConfig().setVariantCheck(true);

View Full Code Here


    public void test_not_allow() throws Exception {
        MySqlWallProvider provider = new MySqlWallProvider();
        provider.getConfig().setVariantCheck(true);


        Assert.assertFalse(provider.checkValid(sql));
    }
}

View Full Code Here


    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setStrictSyntaxCheck(false);
        
        Assert.assertFalse(provider.checkValid(//
        "SELECT * FROM T WHERE FID = '\0a' OR LEAST(2,1,9,8) = 1"));


        Assert.assertEquals(1, provider.getTableStats().size());
    }

View Full Code Here

        WallContext.clearContext();
    }


    public void testMySql() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        Assert.assertTrue(provider.checkValid(sql));
        WallTableStat tableStat = provider.getTableStat("t");
        Assert.assertEquals(1, tableStat.getSelectCount());
    }


    public void testOracle() throws Exception {

View Full Code Here


    public void test_false() throws Exception {
        WallProvider provider = new MySqlWallProvider();
        provider.getConfig().setCommentAllow(false);
        
        Assert.assertTrue(provider.checkValid("select * from t where id = 1"));


        String sql = "select * from t where id = ";
        sql += URLDecoder.decode("999999.9%0A%2F*!30000union%0Aall%0Aselect%0A0x31303235343830303536%2Cconcat%280x7e%2C0x27%2C%28Select%0A%40%40version%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536*%2F");


        System.out.println(sql);

View Full Code Here


        String sql = "select * from t where id = ";
        sql += URLDecoder.decode("999999.9%0A%2F*!30000union%0Aall%0Aselect%0A0x31303235343830303536%2Cconcat%280x7e%2C0x27%2C%28Select%0A%40%40version%29%2C0x27%2C0x7e%29%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536*%2F");


        System.out.println(sql);
        Assert.assertFalse(provider.checkValid(sql));


    }


}

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.