Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue2049 6 #2096

Merged
merged 6 commits into from
Nov 30, 2023
Merged

Fix issue2049 6 #2096

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2be5222
avoid event
hasa1K Nov 29, 2023
133efba
change message
hasa1K Nov 29, 2023
0689914
Merge branch 'release-2.9999.x' of github.com:actiontech/sqle into fi…
hasa1K Nov 29, 2023
85b4c62
remove space && blank line from sql
hasa1K Nov 29, 2023
9b11f61
remove unreasonable notice
hasa1K Nov 30, 2023
1830db8
fix misspell
hasa1K Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions sqle/driver/mysql/audit_offline_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3712,3 +3712,78 @@ func TestDMLAvoidWhereEqualNull(t *testing.T) {
newTestResult())
})
}

func TestDDLAvoidEvent(t *testing.T) {
rule := rulepkg.RuleHandlerMap[rulepkg.DDLAvoidEvent].Rule
t.Run(`create event`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
`create event my_event on schedule every 10 second do update schema.table set mycol = mycol + 1;`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
t.Run(`create event with DEFINER`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
`create DEFINER=user event my_event on schedule every 10 second do update schema.table set mycol = mycol + 1;`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
t.Run(`alter event`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
`ALTER EVENT your_event_name
ON SCHEDULE
EVERY 1 DAY
STARTS '2023-01-01 00:00:00'
DO
-- 修改事件的具体操作
UPDATE your_table SET your_column = your_value WHERE your_condition;
`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
t.Run(`alter event with DEFINER`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
`ALTER DEFINER = user EVENT your_event_name
ON SCHEDULE
EVERY 1 DAY
STARTS '2023-01-01 00:00:00'
DO
-- 修改事件的具体操作
UPDATE your_table SET your_column = your_value WHERE your_condition;
`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
t.Run(`create event with blank line`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
`


create event my_event on schedule every 10 second do update schema.table set mycol = mycol + 1;`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
t.Run(`create event with space`, func(t *testing.T) {
runSingleRuleInspectCase(
rule,
t,
``,
DefaultMysqlInspectOffline(),
` create event my_event on schedule every 10 second do update schema.table set mycol = mycol + 1;`,
newTestResult().add(driverV2.RuleLevelWarn, "", "语法错误或者解析器不支持,请人工确认SQL正确性").addResult(rulepkg.DDLAvoidEvent))
})
}
20 changes: 20 additions & 0 deletions sqle/driver/mysql/rule/rule.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ const (
DDLAvoidText = "ddl_avoid_text"
DDLAvoidFullText = "ddl_avoid_full_text"
DDLAvoidGeometry = "ddl_avoid_geometry"
DDLAvoidEvent = "ddl_avoid_event"
)

// inspector DML rules
Expand Down Expand Up @@ -2389,6 +2390,18 @@ var RuleHandlers = []RuleHandler{
Message: "WHERE子句中禁止将NULL值与其他字段或值进行比较运算",
Func: avoidWhereEqualNull,
},
{
Rule: driverV2.Rule{
Name: DDLAvoidEvent,
Desc: "禁止使用event",
Annotation: "使用event会增加数据库的维护难度和依赖性,并且也会造成安全问题。",
Level: driverV2.RuleLevelError,
Category: RuleTypeUsageSuggestion,
},
AllowOffline: true,
Message: "禁止使用event",
Func: avoidEvent,
},
}

func checkMathComputationOrFuncOnIndex(input *RuleHandlerInput) error {
Expand Down Expand Up @@ -7759,3 +7772,10 @@ func avoidWhereEqualNull(input *RuleHandlerInput) error {
}
return nil
}

func avoidEvent(input *RuleHandlerInput) error {
if util.IsEventSQL(input.Node.Text()) {
addResult(input.Res, input.Rule, input.Rule.Name)
}
return nil
}
16 changes: 16 additions & 0 deletions sqle/driver/mysql/util/util.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"regexp"
"strconv"
"strings"

Expand Down Expand Up @@ -249,3 +250,18 @@ func IsGeometryColumn(col *ast.ColumnDef) bool {
}
return false
}

// TODO: 暂时使用正则表达式匹配event,后续会修改语法树进行匹配event
func IsEventSQL(sql string) bool {
createPattern := `^CREATE\s+(DEFINER\s?=.+?)?EVENT`
createRe := regexp.MustCompile(createPattern)
alterPattern := `^ALTER\s+(DEFINER\s?=.+?)?EVENT`
alterRe := regexp.MustCompile(alterPattern)

sql = strings.ToUpper(strings.TrimSpace(sql))
if createRe.MatchString(sql) {
return true
} else {
return alterRe.MatchString(sql)
}
}
Loading