Skip to content

Commit f2e89f7

Browse files
taozhi8833998taozhi8833998
authored
Merge pull request #2568 from taozhi8833998/feat-show-white-list-check
feat: add show stmt whitelist check in mysql
2 parents 61a8a36 + a69050b commit f2e89f7

3 files changed

Lines changed: 10 additions & 4 deletions

File tree

pegjs/mariadb.pegjs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1589,6 +1589,7 @@ show_stmt
15891589
}
15901590
}
15911591
/ KW_SHOW __ KW_TABLES {
1592+
tableList.add(`show::null::null`)
15921593
return {
15931594
tableList: Array.from(tableList),
15941595
columnList: columnListTableAlias(columnList),

pegjs/mysql.pegjs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1871,6 +1871,7 @@ show_stmt
18711871
}
18721872
}
18731873
/ KW_SHOW __ KW_TABLES {
1874+
tableList.add(`show::null::null`)
18741875
return {
18751876
tableList: Array.from(tableList),
18761877
columnList: columnListTableAlias(columnList),

test/select.spec.js

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,7 @@ describe('select', () => {
234234
type: 'binary_expr',
235235
operator: '&&',
236236
left: {
237-
collate: null,
237+
collate: null,
238238
type: 'column_ref',
239239
table: 't',
240240
column: 'cd'
@@ -1184,10 +1184,14 @@ describe('select', () => {
11841184
expect(result).to.be.eql(undefined)
11851185
})
11861186
it('should fail for simple check', () => {
1187-
const sql = 'SELECT * FROM b'
1188-
const whiteList = ['select::(.*)::a']
1189-
const fun = parser.whiteListCheck.bind(parser, sql, whiteList)
1187+
let sql = 'SELECT * FROM b'
1188+
let whiteList = ['select::(.*)::a']
1189+
let fun = parser.whiteListCheck.bind(parser, sql, whiteList)
11901190
expect(fun).to.throw(`authority = 'select::null::b' is required in table whiteList to execute SQL = '${sql}'`)
1191+
sql = 'SHOW TABLES'
1192+
whiteList = ['(select)::(.*)::(.*)']
1193+
fun = parser.whiteListCheck.bind(parser, sql, whiteList)
1194+
expect(fun).to.throw(`authority = 'show::null::null' is required in table whiteList to execute SQL = '${sql}'`)
11911195
})
11921196
it('should fail for as column reserved word check', () => {
11931197
const sql = 'SELECT id as delete FROM b'

0 commit comments

Comments
 (0)