JSQLParser 部分解析column以及condition

最新推荐文章于 2024-05-23 09:40:04 发布
置顶 最新推荐文章于 2024-05-23 09:40:04 发布
阅读量5.4k 收藏 6
点赞数 2
分类专栏: Java jsqlparser sql 文章标签: jsqlparser sql
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/liu22985342/article/details/82935980
版权
Java 同时被 3 个专栏收录
10 篇文章 0 订阅
订阅专栏
jsqlparser
1 篇文章 0 订阅
订阅专栏
sql
1 篇文章 0 订阅
订阅专栏

 1、把需要筛选的字段和条件分开,目前未支持case when以及自定义函数,实现如何下:

VerifySqlLegitimacyServiceImpl:

/**
 * File Name:VerifySqlLegitimacyServiceImpl.java
 * Date:2018年9月18日上午8:52:27
*/


import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import org.apache.commons.lang.StringUtils;
import org.springframework.stereotype.Service;


import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.Alias;
import net.sf.jsqlparser.expression.AllComparisonExpression;
import net.sf.jsqlparser.expression.AnalyticExpression;
import net.sf.jsqlparser.expression.AnyComparisonExpression;
import net.sf.jsqlparser.expression.BinaryExpression;
import net.sf.jsqlparser.expression.CaseExpression;
import net.sf.jsqlparser.expression.CastExpression;
import net.sf.jsqlparser.expression.DateTimeLiteralExpression;
import net.sf.jsqlparser.expression.DateValue;
import net.sf.jsqlparser.expression.DoubleValue;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.ExtractExpression;
import net.sf.jsqlparser.expression.Function;
import net.sf.jsqlparser.expression.HexValue;
import net.sf.jsqlparser.expression.IntervalExpression;
import net.sf.jsqlparser.expression.JdbcNamedParameter;
import net.sf.jsqlparser.expression.JdbcParameter;
import net.sf.jsqlparser.expression.JsonExpression;
import net.sf.jsqlparser.expression.KeepExpression;
import net.sf.jsqlparser.expression.LongValue;
import net.sf.jsqlparser.expression.MySQLGroupConcat;
import net.sf.jsqlparser.expression.NullValue;
import net.sf.jsqlparser.expression.NumericBind;
import net.sf.jsqlparser.expression.OracleHierarchicalExpression;
import net.sf.jsqlparser.expression.OracleHint;
import net.sf.jsqlparser.expression.Parenthesis;
import net.sf.jsqlparser.expression.RowConstructor;
import net.sf.jsqlparser.expression.SignedExpression;
import net.sf.jsqlparser.expression.StringValue;
import net.sf.jsqlparser.expression.TimeKeyExpression;
import net.sf.jsqlparser.expression.TimeValue;
import net.sf.jsqlparser.expression.TimestampValue;
import net.sf.jsqlparser.expression.WhenClause;
import net.sf.jsqlparser.expression.operators.arithmetic.Addition;
import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseAnd;
import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseOr;
import net.sf.jsqlparser.expression.operators.arithmetic.BitwiseXor;
import net.sf.jsqlparser.expression.operators.arithmetic.Concat;
import net.sf.jsqlparser.expression.operators.arithmetic.Division;
import net.sf.jsqlparser.expression.operators.arithmetic.Modulo;
import net.sf.jsqlparser.expression.operators.arithmetic.Multiplication;
import net.sf.jsqlparser.expression.operators.arithmetic.Subtraction;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
import net.sf.jsqlparser.expression.operators.relational.Between;
import net.sf.jsqlparser.expression.operators.relational.ComparisonOperator;
import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
import net.sf.jsqlparser.expression.operators.relational.ExistsExpression;
import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
import net.sf.jsqlparser.expression.operators.relational.GreaterThan;
import net.sf.jsqlparser.expression.operators.relational.GreaterThanEquals;
import net.sf.jsqlparser.expression.operators.relational.InExpression;
import net.sf.jsqlparser.expression.operators.relational.IsNullExpression;
import net.sf.jsqlparser.expression.operators.relational.ItemsList;
import net.sf.jsqlparser.expression.operators.relational.LikeExpression;
import net.sf.jsqlparser.expression.operators.relational.Matches;
import net.sf.jsqlparser.expression.operators.relational.MinorThan;
import net.sf.jsqlparser.expression.operators.relational.MinorThanEquals;
import net.sf.jsqlparser.expression.operators.relational.NotEqualsTo;
import net.sf.jsqlparser.expression.operators.relational.RegExpMatchOperator;
import net.sf.jsqlparser.expression.operators.relational.RegExpMySQLOperator;
import net.sf.jsqlparser.parser.CCJSqlParserManager;
import net.sf.jsqlparser.parser.ParseException;
import net.sf.jsqlparser.parser.Token;
import net.sf.jsqlparser.schema.Column;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.AllTableColumns;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import net.sf.jsqlparser.statement.select.SelectExpressionItem;
import net.sf.jsqlparser.statement.select.SelectItem;
import net.sf.jsqlparser.statement.select.SubSelect;

/**
 *  ClassName:VerifySqlLegitimacyServiceImpl <br/>
 * Function: 验证sql的合法性<br/>
 * Date: 2018年8月24日 下午2:47:18 <br/>
 * @version
 * @since JDK 1.8
 * @see
 */
@Service
@Slf4j
public class VerifySqlLegitimacyServiceImpl implements VerifySqlLegitimacyService
{
	private final static String sql_select = "SELECT ";
	private final static String sql_from = " FROM table";
	private final static String sql_from_where = sql_select + "*" + sql_from + " WHERE ";

	/***
	 * verifyField:(验证sql字段). <br/>
	 * 
	 * @author hewanwan
	 * @param sql
	 * @throws JSQLParserException
	 * @since JDK 1.8
	 */
	public ResultMap<ErrorMessage> verifyField(String sql)
	{

		CCJSqlParserManager parser = new CCJSqlParserManager();
		StringBuilder buffer = new StringBuilder();
		ResultMap<ErrorMessage> result = new ResultMap<>();
		ErrorMessage errorMessage = new ErrorMessage();
		sql = sql.trim();
		String parseSql = sql_select + sql.trim() + sql_from;
		try
		{
			Statement stmt = parser.parse(new StringReader(parseSql));
			if (stmt instanceof Select)
			{
				Select selectStatement = (Select) stmt;
				PlainSelect selectBody = (PlainSelect) selectStatement.getSelectBody();
				List<SelectItem> selectItemlist = selectBody.getSelectItems();
				SelectExpressionItem selectExpressionItem = null;
				Expression expression = null;
				AllTableColumns allTableColumns = null;
				Alias alias = null;
				SelectItem selectItem = null;
				if (selectItemlist != null)
				{
					for (int i = 0; i < selectItemlist.size(); i++)
					{
						selectItem = selectItemlist.get(i);
						if (selectItem instanceof SelectExpressionItem)
						{
							if(i!=0){
								buffer.append(", ");
							}
							selectItem = (SelectExpressionItem) selectItem;

							selectExpressionItem = (SelectExpressionItem) selectItemlist.get(i);
							buffer.append(selectExpressionItem.toString());
							alias = selectExpressionItem.getAlias();
							if (alias != null && !judgeAlias(alias, buffer, selectExpressionItem, result)) // 如果没有验证通过,则进行返回
							{
								result.getData().setOtherField(selectBody.toString().substring(sql_select.length(),
										selectBody.toString().lastIndexOf(sql_from)));
								return result;
							}
							expression = selectExpressionItem.getExpression();// 获取字段
							if (!judgEexpression(expression, buffer, selectExpressionItem, result, alias, true))
							{
								result.getData().setOtherField(selectBody.toString().substring(sql_select.length(),
										selectBody.toString().lastIndexOf(sql_from)));
								return result;
							}
						} else if (selectItem instanceof AllTableColumns)
						{
							selectItem = (AllTableColumns) selectItem;
							allTableColumns = (AllTableColumns) selectItemlist.get(i);
							buffer.append(allTableColumns.toString());
							result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
                            result.setMsg(ErrorCodes.ERROR_NAME_RULE.getDesc());
                            Integer startPosition = buffer.length() - allTableColumns.toString().length();
                            Integer endPosition = buffer.length();
                            errorMessage.setErrorMessage(startPosition, endPosition, allTableColumns.toString());
                            result.setData(errorMessage);
							result.getData().setOtherField(selectBody.toString().substring(sql_select.length(),
									selectBody.toString().lastIndexOf(sql_from)));
							return result;
						} else {
							if(i!=0){
								buffer.append(", ");
							}
							buffer.append(selectItem.toString());
						}
					}
				}
			}
		} catch (JSQLParserException e)
		{
			log.error("verifyField Exception", e);
			if (e.getCause() instanceof ParseException)
			{
				/*
				 * ParseException parseException = (ParseException)
				 * e.getCause(); String message = parseException.getMessage();
				 * String start = StringUtils.substringBetween(message,
				 * "column ", "."); Integer
				 * startPosition=Integer.parseInt(start); Integer
				 * endPosition=null; String wrongField=null; Integer from
				 * =sql.lastIndexOf("from"); String s=StringUtils.substring(sql,
				 * Integer.parseInt(start)-1, from); if(s.contains(",")) {
				 * String column=StringUtils.substringBefore(s, ",");
				 * if(column.contains("AS".toLowerCase())) {
				 * wrongField=StringUtils.substringBefore(column,
				 * "As".toLowerCase()).trim(); }else
				 * if(column.trim().contains(" ")){
				 * wrongField=StringUtils.substringBefore(column, " "); }else {
				 * wrongField=column.trim(); }
				 * endPosition=startPosition+wrongField.length()-1;
				 * errorMessage.setErrorMessage(startPosition, endPosition,
				 * wrongField,""); }else{ if(s.contains("AS".toLowerCase())) {
				 * wrongField=StringUtils.substringBefore(s,
				 * "As".toLowerCase()).trim(); }else {
				 * wrongField=StringUtils.substringBefore(s, " "); }
				 * endPosition=startPosition+wrongField.length()-1;
				 * errorMessage.setErrorMessage(startPosition, endPosition,
				 * wrongField,""); }
				 * result.setMsg(ErrorCodes.ERROR_NAME_RULE.getDesc());
				 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
				 * result.setData(errorMessage); return result;
				 */
				if (e.getCause() instanceof ParseException)
				{
					ParseException parseException = (ParseException) e.getCause();

				/*	String message = parseException.getMessage();

					String mes = StringUtils.substringBetween(message, "Encountered unexpected token: ", "at");
					String wrongField = StringUtils.substringBetween(mes, "\"", "\"");
					Integer end = Integer.valueOf(StringUtils.substringBetween(message, "column", ".").trim());
				*/	Token token = parseException.currentToken;
					
					errorMessage.setEndPosition(token.absoluteEnd- sql_select.length());
					errorMessage.setStartPosition(token.absoluteBegin- sql_select.length());
					errorMessage.setOtherField(sql);
					errorMessage.setWrongField(token.toString());
					result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
					result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
					result.setData(errorMessage);
				} else
				{
					result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
					result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
				}
			}
		} catch (Exception e)
		{
			log.error("verifyField Exception", e);
			result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
			result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
		}
		return result;
	}

	/***
	 * 当return false 返回错误信息 errorInfo:(这里用一句话描述这个方法的作用). <br/>
	 * TODO(这里描述这个方法适用条件 – 可选).<br/>
	 * TODO(这里描述这个方法的执行流程 – 可选).<br/>
	 *
	 * @author hewanwan
	 * @param a
	 * @param buffer
	 * @param result
	 * @return
	 * @since JDK 1.8
	 */
	public ResultMap<ErrorMessage> errorInfo(Object a, StringBuilder buffer, ResultMap<ErrorMessage> result)
	{
		ErrorMessage errorMessage = new ErrorMessage();
		result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
		result.setMsg(ErrorCodes.ERROR_NAME_RULE.getDesc());
		Integer startPosition = buffer.length() - a.toString().length();
		Integer endPosition = buffer.length();
		errorMessage.setErrorMessage(startPosition, endPosition, a.toString());
		result.setData(errorMessage);
		return result;
	}

	public boolean judgEexpression(Expression expression, StringBuilder buffer,
			SelectExpressionItem selectExpressionItem, ResultMap<ErrorMessage> result, Alias alias,
			boolean isValidateAlias)
	{
		/*
		 * Integer startPosition = null; Integer endPosition = null;
		 */
		String columnName = null;
		boolean flag = true;
		// ErrorMessage errorMessage = new ErrorMessage();
		if (expression instanceof NullValue || expression instanceof Function || expression instanceof SignedExpression
				|| expression instanceof JdbcParameter || expression instanceof JdbcNamedParameter
				|| expression instanceof HexValue || expression instanceof CaseExpression
				|| expression instanceof WhenClause || expression instanceof DateTimeLiteralExpression
				|| expression instanceof Concat || expression instanceof ExtractExpression
				|| expression instanceof IntervalExpression || expression instanceof RegExpMatchOperator
				|| expression instanceof NumericBind || expression instanceof KeepExpression)
		{
			result = errorInfo(selectExpressionItem, buffer, result);
			/*
			 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
			 * result.setMsg(ErrorCodes.FAILED.getDesc()); startPosition =
			 * buffer.length() - selectExpressionItem.toString().length();
			 * endPosition = buffer.length();
			 * errorMessage.setErrorMessage(startPosition, endPosition,
			 * selectExpressionItem.toString(),"");
			 * result.setData(errorMessage);
			 */
			return false;
		}

		if (expression instanceof DoubleValue || expression instanceof LongValue || expression instanceof DateValue
				|| expression instanceof TimeValue || expression instanceof TimestampValue
				|| expression instanceof StringValue)
		{
			if (isValidateAlias && alias == null)
			{
				result = errorInfo(selectExpressionItem, buffer, result);
				/*
				 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
				 * result.setMsg(ErrorCodes.FAILED.getDesc()); startPosition =
				 * buffer.length() - selectExpressionItem.toString().length();
				 * endPosition = buffer.length();
				 * errorMessage.setErrorMessage(startPosition, endPosition,
				 * selectExpressionItem.toString(),"");
				 * result.setData(errorMessage);
				 */
				return false;
			}
		} else if (expression instanceof Column)
		{
			Column column = (Column) expression;// 获取字段
			columnName = column.getFullyQualifiedName();
			// `aaaa`.`bbb.ccc`.`cvxcv`
			List<String> columnNamelist = getColumnNames(columnName);
			flag = isSpecialChar(columnNamelist);
			if (flag == false)
			{
				result = errorInfo(selectExpressionItem, buffer, result);
				/*
				 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
				 * result.setMsg(ErrorCodes.FAILED.getDesc()); startPosition =
				 * buffer.length() - selectExpressionItem.toString().length();
				 * endPosition = buffer.length();
				 * errorMessage.setErrorMessage(startPosition, endPosition,
				 * selectExpressionItem.toString(),"");
				 * result.setData(errorMessage);
				 */
				return false;
			}
		} else if (expression instanceof Parenthesis)
		{
			Parenthesis parenthesis = (Parenthesis) expression;
			if (parenthesis.isNot())
			{
				// TODO:需要修改
				result = errorInfo(selectExpressionItem, buffer, result);
				/*
				 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
				 * result.setMsg(ErrorCodes.FAILED.getDesc()); startPosition =
				 * buffer.length() - selectExpressionItem.toString().length();
				 * endPosition = buffer.length();
				 * errorMessage.setErrorMessage(startPosition, endPosition,
				 * selectExpressionItem.toString(),"");
				 * result.setData(errorMessage);
				 */
				return false;
			}
			if (!judgEexpression(parenthesis.getExpression(), buffer, selectExpressionItem, result, alias, false))
			{
				return false;
			}
		} else if (expression instanceof Addition || expression instanceof Division || expression instanceof

		Multiplication || expression instanceof Subtraction)
		{
			if (isValidateAlias && alias == null)
			{
				result = errorInfo(selectExpressionItem, buffer, result);
				return false;
			}
			BinaryExpression binaryExpression = (BinaryExpression) expression;
			if (!judgEexpression(binaryExpression.getLeftExpression(), buffer, selectExpressionItem, result,

					alias, false))
			{
				return false;
			}

			if (!judgEexpression(binaryExpression.getRightExpression(), buffer, selectExpressionItem, result,

					alias, false))
			{
				return false;
			}
		}
		return true;
	}

	/**
	 * judgeAlias: 判断别名. <br/>
	 * 
	 * @author liupingan
	 * @param alias
	 * @param buffer
	 * @param selectExpressionItem
	 * @param result
	 * @return
	 * @since JDK 1.8
	 */
	public boolean judgeAlias(Alias alias, StringBuilder buffer, SelectExpressionItem selectExpressionItem,
			ResultMap<ErrorMessage> result)
	{
		List<String> columnNamelist = getColumnNames(alias.getName());
		boolean flag = isSpecialChar(columnNamelist);
		if (flag == false)
		{
			result = errorInfo(selectExpressionItem, buffer, result);
			return false;
		}
		return true;
	}

	public static List<String> getColumnNames(String source)
	{
		if (source == null)
		{
			return null;
		}
		int start = source.indexOf("`");
		if (start == -1)
		{
			List<String> result = new ArrayList<>();
			Collections.addAll(result, source.split("\\."));
			return result;
		}
		List<String> result = new ArrayList<>();
		int end = -1;
		start = 0;
		int temp = 0;
		String tempString = null;
		for (int i = 0; i < source.split("`").length - 1; i++)
		{
			temp = source.indexOf("`", start);
			// 如果相等,并且为第一个

			if (i == 0 && start == temp)
			{
				end = source.indexOf("`", temp + 1);
				if (end == -1)
					break;
				tempString = source.substring(temp + 1, end);
				result.add(tempString);
				start = end + 2;
			} else if (i == 0 && start != temp)
			{
				end = source.indexOf("`", temp + 1);
				// tempString = source.substring(temp+1, end);
				Collections.addAll(result, source.substring(0, temp).split("\\."));

				if (end == -1)
					break;
				tempString = source.substring(temp + 1, end);
				result.add(tempString);
				start = end + 2;
			} else if (temp - 2 == end)
			{// 如果为连续的
				end = source.indexOf("`", temp + 1);
				if (end == -1)
					break;
				tempString = source.substring(temp + 1, end);
				result.add(tempString);
				start = end + 2;
			} else
			{
				Collections.addAll(result, source.substring(end + 2, temp).split("\\."));
				end = source.indexOf("`", temp + 1);
				if (end == -1)
					break;
				tempString = source.substring(temp + 1, end);
				result.add(tempString);
				start = end + 2;
			}
			i++;
		}
		if (end + 1 != source.length())
		{
			Collections.addAll(result, source.substring(end + 2).trim().split("\\."));
		}
		return result;
	}

	/** 验证where条件 */
	@Override
	public ResultMap<ErrorMessage> verifyCondition(String sql)
	{

		CCJSqlParserManager parser = new CCJSqlParserManager();
		Statement stmt = null;
		ResultMap<ErrorMessage> result = new ResultMap<>();
		ErrorMessage errorMessage = new ErrorMessage();
		sql = sql.trim();
		String parseSql = sql_from_where + sql;
		Expression expression = null;
		try
		{
			stmt = parser.parse(new StringReader( parseSql));
			if (stmt instanceof Select)
			{
				Select selectStatement = (Select) stmt;
				PlainSelect selectBody = (PlainSelect) selectStatement.getSelectBody();
				expression = selectBody.getWhere();
				StringBuilder buffer = new StringBuilder();
				if(!judgEexpression(expression, buffer, result)){
					result.getData().setOtherField(expression.toString());
				}
			}
		} catch (JSQLParserException e)
		{
			/*
			 * if (e.getCause() instanceof ParseException) { ParseException
			 * parseException = (ParseException) e.getCause(); String message =
			 * parseException.getMessage(); String start =
			 * StringUtils.substringBetween(message, "column ", "."); Integer
			 * startPosition=Integer.parseInt(start); Integer endPosition=null;
			 * String wrongField=null; Integer from =sql.lastIndexOf("from");
			 * String s=StringUtils.substring(sql, Integer.parseInt(start)-1,
			 * from); if(s.contains(",")) { String
			 * column=StringUtils.substringBefore(s, ",");
			 * if(column.contains("AS".toLowerCase())) {
			 * wrongField=StringUtils.substringBefore(column,
			 * "As".toLowerCase()).trim(); }else
			 * if(column.trim().contains(" ")){
			 * wrongField=StringUtils.substringBefore(column, " "); }else {
			 * wrongField=column.trim(); }
			 * endPosition=startPosition+wrongField.length()-1;
			 * errorMessage.setErrorMessage(startPosition, endPosition,
			 * wrongField,""); }else{ if(s.contains("AS".toLowerCase())) {
			 * wrongField=StringUtils.substringBefore(s,
			 * "As".toLowerCase()).trim(); }else {
			 * wrongField=StringUtils.substringBefore(s, " "); }
			 * endPosition=startPosition+wrongField.length()-1;
			 * errorMessage.setErrorMessage(startPosition, endPosition,
			 * wrongField,""); } result.setMsg(ErrorCodes.FAILED.getDesc());
			 * result.setCode(ErrorCodes.ERROR_NAME_RULE.getCode());
			 * result.setData(errorMessage); return result;
			 */
			log.error("verifyField Exception", e);
			if (e.getCause() instanceof ParseException)
			{
				ParseException parseException = (ParseException) e.getCause();

				/*String message = parseException.getMessage();

				String mes = StringUtils.substringBetween(message, "Encountered unexpected token: ", "at");
				String wrongField = StringUtils.substringBetween(mes, "\"", "\"");
				Integer end = Integer.valueOf(StringUtils.substringBetween(message, "column", ".").trim());*/
				Token token = parseException.currentToken;
				
				errorMessage.setEndPosition(token.absoluteEnd- sql_from_where.length());
				errorMessage.setStartPosition(token.absoluteBegin- sql_from_where.length());
			/*	errorMessage.setEndPosition(end - sql_from_where.length());
				errorMessage.setStartPosition(end + wrongField.length() - sql_from_where.length());*/
				errorMessage.setOtherField(sql.trim());
				errorMessage.setWrongField(token.toString());
				result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
				result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
				result.setData(errorMessage);
			} else
			{
				result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
				result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
			}
		} catch (Exception e)
		{
			log.error("verifyField Exception", e);
			result.setCode(ErrorCodes.ERROR_GRAMMAR_RULE.getCode());
			result.setMsg(ErrorCodes.ERROR_GRAMMAR_RULE.getDesc());
		}
		return result;
	}

	/**
	 * 
	 * judgEexpression:(条件语句判断). <br/>
	 * 
	 * @author liupingan
	 * @param expression
	 * @param buffer
	 * @param result
	 * @return
	 * @since JDK 1.8
	 */
	public boolean judgEexpression(Expression expression, StringBuilder buffer, ResultMap<ErrorMessage> result)
	{
		AndExpression andExpression = null;
		OrExpression orExpression = null;
		Modulo modulo = null;
		BinaryExpression binaryExpression = null;
		ComparisonOperator comparisonOperator = null;
		InExpression inExpression = null;
		Parenthesis parenthesis = null;

		ItemsList itemsList = null;

		Column column = null;
		String columnName = null;

		boolean flag = true;
		if (expression instanceof BitwiseAnd || expression instanceof BitwiseOr || expression instanceof BitwiseXor
				|| expression instanceof IsNullExpression || expression instanceof Between
				|| expression instanceof NullValue || expression instanceof Function
				|| expression instanceof SignedExpression || expression instanceof JdbcParameter
				|| expression instanceof JdbcNamedParameter || expression instanceof HexValue
				|| expression instanceof LikeExpression || expression instanceof CaseExpression
				|| expression instanceof WhenClause || expression instanceof ExistsExpression
				|| expression instanceof AllComparisonExpression || expression instanceof AnyComparisonExpression
				|| expression instanceof Concat || expression instanceof Matches
				|| expression instanceof AnalyticExpression || expression instanceof CastExpression
				|| expression instanceof ExtractExpression || expression instanceof IntervalExpression
				|| expression instanceof OracleHierarchicalExpression || expression instanceof RegExpMatchOperator
				|| expression instanceof JsonExpression || expression instanceof RegExpMySQLOperator
				|| expression instanceof NumericBind || expression instanceof KeepExpression
				|| expression instanceof MySQLGroupConcat || expression instanceof RowConstructor
				|| expression instanceof OracleHint || expression instanceof TimeKeyExpression
				|| expression instanceof DateTimeLiteralExpression)
		{
			buffer.append(expression);
			result = errorInfo(expression, buffer, result);
			return false;
		}
		if (expression instanceof AndExpression)
		{
			andExpression = (AndExpression) expression;
			if (andExpression.isNot())
			{
				return false;
			}
			if (!judgEexpression(andExpression.getLeftExpression(), buffer, result))
			{
				return false;
			}
			buffer.append(" and ");
			if (!judgEexpression(andExpression.getRightExpression(), buffer, result))
			{
				return false;
			}
		} else if (expression instanceof OrExpression)
		{
			orExpression = (OrExpression) expression;
			if (orExpression.isNot())
			{
				return false;
			}
			if (!judgEexpression(orExpression.getLeftExpression(), buffer, result))
			{
				return false;

			}
			buffer.append(" or ");
			if (!judgEexpression(orExpression.getRightExpression(), buffer, result))
			{
				return false;
			}
		} else if (expression instanceof Parenthesis)
		{
			parenthesis = (Parenthesis) expression;
			if (parenthesis.isNot())
			{
				buffer.append(expression.toString());
				result = errorInfo(expression, buffer, result);
				return false;
			}
			buffer.append("(");
			if (!judgEexpression(parenthesis.getExpression(), buffer, result))
			{
				buffer.append(")");
				return false;
			} else
			{
				buffer.append(")");
				return true;
			}
		} else if (expression instanceof Column)
		{
			column = (Column) expression;
			columnName = column.getFullyQualifiedName();
			buffer.append(columnName);
			List<String> namelist = VerifySqlLegitimacyServiceImpl.getColumnNames(columnName);
			flag = isSpecialChar(namelist);
			if (flag == false)
			{
				result = errorInfo(expression, buffer, result);
				return false;
			}
		} else if (expression instanceof Modulo)
		{
			// % 取模处理
			modulo = (Modulo) expression;
			if (modulo.isNot())
			{
				return false;
			}
			if (!judgEexpression(modulo.getLeftExpression(), buffer, result))
			{
				return false;
			}
			buffer.append(" % ");
			if (!judgEexpression(modulo.getRightExpression(), buffer, result))
			{
				return false;
			}
		} else if (expression instanceof EqualsTo || expression instanceof GreaterThan
				|| expression instanceof GreaterThanEquals || expression instanceof MinorThan
				|| expression instanceof MinorThanEquals || expression instanceof NotEqualsTo)
		{
			// > >= = < <= != <>处理
			comparisonOperator = (ComparisonOperator) expression;
			if (comparisonOperator.isNot())
			{
				return false;
			}
			if (!judgEexpression(comparisonOperator.getLeftExpression(), buffer, result))
			{
				return false;
			}
			buffer.append(" "+comparisonOperator.getStringExpression()+" ");
			if (!judgEexpression(comparisonOperator.getRightExpression(), buffer, result))
			{
				return false;
			}
		} else if (expression instanceof Addition || expression instanceof Division
				|| expression instanceof Multiplication || expression instanceof Subtraction)
		{
			// ( + - * / )加减乘除处理
			binaryExpression = (BinaryExpression) expression;
			if (binaryExpression.isNot())
			{
				return false;
			}
			if (!judgEexpression(binaryExpression.getLeftExpression(), buffer, result))
			{
				return false;
			}
			buffer.append(" "+binaryExpression.getStringExpression()+" ");
			if (!judgEexpression(binaryExpression.getRightExpression(), buffer, result))
			{
				return false;
			}
		} else if (expression instanceof InExpression)
		{
			// ( + - * / )加减乘除处理
			inExpression = (InExpression) expression;
			// itemsList = inExpression.getRightItemsList();
			ExpressionList expressionList = (ExpressionList) inExpression.getRightItemsList();
			if (inExpression.isNot())
			{
				buffer.append(expression.toString());
				result = errorInfo(expression, buffer, result);
				return false;
			} else if (inExpression.getLeftExpression() == null)
			{
				result = errorInfo(expression, buffer, result);
				return false;
			}
			if (!judgEexpression(inExpression.getLeftExpression(), buffer, result))
			{
				//buffer.append(expression.toString());
				result = errorInfo(expression, buffer, result);
				return false;
			}
			buffer.append(" IN (");
			if (expressionList == null)
			{
				result = errorInfo(expression, buffer, result);
				return false;
			}
			
			List<Expression> expressionslist = (List<Expression>) expressionList.getExpressions();
			for (int i = 0; i < expressionslist.size(); i++)
			{
				if( i !=0){
					buffer.append(", ");
				}
				if (!judgEexpression(expressionslist.get(i), buffer, result))
				{
					return false;
				}
			}
			buffer.append(")");
			if (itemsList instanceof SubSelect)
			{
				result = errorInfo(expression, buffer, result);
				return false;
			}
		} else if (expression instanceof DoubleValue || expression instanceof LongValue
				|| expression instanceof DateValue || expression instanceof TimeValue
				|| expression instanceof TimestampValue)
		{
			buffer.append(expression.toString());
			return true;
		} else if(expression instanceof StringValue){
			buffer.append("\'"+expression.toString()+"\'");
			return true;
		}
		return true;
	}

	/***
	 * 由数字、26个英文字母或者下划线或者.组成的字符串,不能以下划线和.为开头和结尾 不能出现两次下划线
	 * 
	 * @return true为包含,false为不包含
	 */
	public boolean isSpecialChar(String str)
	{
		String regEx = "^(?!_)(?!.*?_$)([a-zA-Z0-9.]|_(?!_))+$";
		boolean flag = str.matches(regEx);
		return flag;
	}

	public boolean isSpecialChar(List<String> strs)
	{
		boolean flag = true;
		for (String name : strs)
		{
			if (!isSpecialChar(name))
			{
				return false;
			}
		}
		return flag;
	}

	@Override
	public ResultMap<ErrorMessage> verifyField(InputMap<RuleCheckDto> bean)
	{
		ResultMap<ErrorMessage> result = new ResultMap<>();
		if (bean == null || bean.getConfig() == null || bean.getConfig().getUserId() == null
				|| StringUtils.isBlank(bean.getConfig().getUserId()) || bean.getData() == null
				|| bean.getData().getFields() == null || StringUtils.isBlank(bean.getData().getFields()))
		{
			result.setCode(ErrorCodes.FAILED.getCode());
			result.setMsg(ErrorCodes.FAILED.getDesc());
			return result;
		}
		return verifyField(bean.getData().getFields());
	}

	@Override
	public ResultMap<ErrorMessage> verifyCondition(InputMap<RuleCheckDto> bean)
	{

		ResultMap<ErrorMessage> result = new ResultMap<>();
		if (bean == null || bean.getConfig() == null || bean.getConfig().getUserId() == null
				|| StringUtils.isBlank(bean.getConfig().getUserId()) || bean.getData() == null
				|| bean.getData().getFields() == null || StringUtils.isBlank(bean.getData().getCondition()))
		{
			result.setCode(ErrorCodes.FAILED.getCode());
			result.setMsg(ErrorCodes.FAILED.getDesc());
			return result;
		}
		return verifyCondition(bean.getData().getCondition());
	}

	/**
	 * 
	 * TODO 如果字段存在,则需要判断,如果条件不存在,则为真
	 * @see com.foxconn.core.pro.server.rule.engine.front.service.VerifySqlLegitimacyService#verifySql(java.lang.String, java.lang.String)
	 */
	@Override
	public ResultMap<ErrorMessage> verifySql(String field, String condition)
	{
		ResultMap<ErrorMessage> result = new ResultMap<>();
		if (field == null || StringUtils.isBlank(field))
		{
			result.setCode(ErrorCodes.FAILED.getCode());
			result.setMsg(ErrorCodes.FAILED.getDesc());
			return result;
		}
		result = verifyField(field);
		if (result == null)
		{
			result = new ResultMap<>(ErrorCodes.FAILED);
		} else if (CommonConstant.SERVICE_SUCCESS.equals(result.getCode()))
		{
			if(condition == null || StringUtils.isBlank(condition)){
				return result;
			}
			result = verifyCondition(condition);
			if (result == null)
			{
				result = new ResultMap<>(ErrorCodes.FAILED);
			}
		}
		return result;
	}
}

 

俺爱吃萝卜
关注
  • 2
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
net.sf.jsqlparser.schema.Column.withColumnName(Ljava/lang/String;)Lnet/sf/jsqlparser/schema/Column
Jacky的专栏
10-07 1036
分页插件中排除jsqlparser
mybatis plus 拦截器和mybatis拦截器共存
weixin_43983286的博客
10-24 1135
Correct the classpath of your application so that it contains a single, compatible version of net.sf.jsqlparser.schema.Column
探索与掌控:MySQL SQL 解析SQL Parser
最新发布
gitblog_00089的博客
05-23 332
探索与掌控:MySQL SQL 解析SQL Parser 项目地址:https://gitcode.com/phpmyadmin/sql-parser 项目介绍 在数据库管理和应用开发中,正确解析和操作SQL语句至关重要。SQL Parser是一个专为MySQL方言设计的验证性SQL词法和语法解析库。它由phpMyAdmin团队创建,并广泛应用于实际项目中,提供了一套强大的工具来处理SQL查询...
Maven依赖冲突
qq_54522796的博客
01-30 1819
Maven依赖冲突解决——An attempt was made to call a method that does not exist
java截取sql列_java – JSqlParser – 从Column获取表名
weixin_42114046的博客
03-01 529
我刚刚开始探索JSqlparser.根据我的理解,我已经修改了TablesNamesFinder以提取列和表,并且它的工作正常但是一个非常小的问题.@Overridepublic void visit(Column col) {Column c = col;String cname = c.getFullyQualifiedName();Table t = c.getTable();System....
java.lang.NoSuchMethodError: net.sf.jsqlparser.schema.Column.(java/lang/String;)
J1213820030216的博客
06-19 1204
java.lang.NoSuchMethodError: net.sf.jsqlparser.schema.Column.(java/lang/String;)
JSqlParser开源SQL解析库jar
04-04
JSqlParser是一个用Java编写的开源SQL解析库,它可以解析SQL语句并生成抽象语法树(AST),也可以根据AST生成SQL语句。这意味着你可以利用它来分析、修改甚至生成SQL查询。 以下是一些JSqlParser的主要应用场景: ...
jsqlparser解析复杂sql
04-24
jsqlparser解析复杂sql 获取where条件字段 select字段 表名table 查询join 查询 group by 查询order by 子查询 判断是否为多级子查询
jsqlparser sql解析
04-07
jsqlparser sql解析
java的sql解析jsqlparser
07-14
在这个过程中,库会识别并分解SQL语句的各个组成部分,如SELECT、FROM、WHERE、JOIN等子句,以及它们之间的关系。通过遍历AST,开发者可以轻松地访问和操作SQL语句中的每一个细节。 例如,如果你有一个复杂的SQL...
jsqlparser sql解析
01-15
jsqlparser sql解析JSqlParser is a SQL statement parser. It translates SQLs in a traversable hierarchy of Java classes. JSqlParser is not limited to one database but provides support for a lot of ...
JSqlParser4.3版本无法解析mysql中JSON_OBJECT函数抛出ParseException异常
阿里渣渣java研发组-群主
03-31 3107
2022年3月31日,找了一下午的bug 记录一次bug 在mybatis-plus中使用拦截器时,一般都会使用到jsqlParser解析器,但是这个解析器还无法识别JSON_OBJECT函数中存在表字段问题,虽然4.3版本中已经增加了对JSON_OBJECT函数的关键词支持,并没有对JSON_OBJECT中使用表字段增加支持 ...
An attempt was made to call a method that does not exist. The attempt was made from the following
热门推荐
记录开发日常笔记
06-30 3万+
记一次Mybatis-plus依赖版本重复问题的解决方案
使用jsqlparser获取sql语句所有字段信息
司马班如
05-24 2845
在建表的时候,需要获取表名和字段,有两种方式,自己写正则表达式获取,或者调用现成的库,自己造轮子有点复杂,于是打算寻找有没有开源的库,找了很久后,终于找到了一个开源的jsqlparser,这个开源的库可以获取sql语句所有的信息,包括表名和字段,它的用法是Statement stmt = CCJSqlParserUtil.parse(sql),Statement是一个接口,它根据sql语句可以转化成不同的实现类,如下: 不同sql语句对应的操作类型都可以被格式化成对应的实现类,如果sql语句有误的时候,C
JSqlParse解析动态Sql
mhl8519的博客
08-04 1220
思路主要类似分布式日志一样,各服务请求透传一个唯一标识,比如请求路径,然后再通过拦截器获取具体执行的Sql语句,通过解析sql来获取表及字段,从而构建映射关系。刚开始用以为自己去遍历递归,后来查到神器JSqlParse,看到Visitor设计模式实现效果,感觉真心强。对于复杂的Sql处理,各种嵌套、函数、子查询,都可解析,只要自己去实现各个具体的方法。以下是仅是解析Sql简单的例子,有的地方还需要根据自己实际需求去调整,仅供参考。同理可实现Update、Insert、Delete等Sql解析
JSQLParser 解析 sql select 字段(含对别名的解析
新新许愿树
02-29 1万+
问大家一个问题:当拿到一个sql,想要获取其中的select字段,是否首先想到的是手写一个来获取查询字段,可是事实并没有想象的那么简单,设想 select 'a' from xx;select id as user_id from xx;select current_date gmt_create from xx;select case when .. from xx;select count(1...
java参数过滤sql_用jsqlparser过滤数据集,使用sql 查询的语法
weixin_27541383的博客
02-25 503
复制内容到剪贴板代码:public class WhereExpressionVisitor implements ExpressionVisitor, ParserConstants {private Object result;private RowMeta rowInfo;private Expression expression;private Object[] values;/*** C...
JSqlParser
OWMBL的博客
05-15 8396
1.定义:JSqlParser是一个SQL语句解析器。它将SQL转换为Java类的可遍历层次结构。2.工具地址:目前在github上开源。3.支持的数据库类型:支持Oracle,SqlServer,MySQL,PostgreSQL等常用数据库。但各种数据库系统的SQL语法都在动态变化,可以解析部分(不是全部)。Github 官网截图:4.支持的语法类型:目前,JSqlParser最新版本为4.6(2023-2-24),支持的语法已在官网上做了全部列举(部分截图展示:)
查询SQL解析成java对象工具
u011618288的博客
11-04 1065
场景 这个工具是将查询sql where条件,拆分成数组对象,具体效果如下 例如 select * from dual where id=1 and name between 2 and 4 or (value =3 and stash in('we')) 解析为: [ { "values":[ "1" ], "column":"id", "operator":"=" }, {
JSqlParser 解析过程
06-09
JSqlParser是一个用Java编写的SQL语句解析器,它可以将SQL语句解析为具有结构化信息的Java对象,方便后续的处理。 JSqlParser解析过程包括以下几个步骤: 1. 词法分析:将SQL语句分解为一个个的词法单元(Token),比如SELECT、FROM、WHERE等关键字、表名、列名、常量等。 2. 语法分析:将词法单元组合为一个语法树,根据SQL语句的语法规则建立语法树的节点和子节点。 3. 解析处理:对语法树进行遍历和解析,将语法树转化为具有结构化信息的Java对象,比如Select对象、From对象、Where对象等。 4. 输出SQL:将Java对象转化为SQL语句输出。 JSqlParser解析过程比较复杂,需要处理各种SQL语句的语法规则和语义,但是它可以帮助Java开发者更方便地处理SQL语句,提高开发效率。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值