Oracle加绕功能可以将PL/SQL代码实现部分隐藏,如存储过程、函数、包体等均可使用加绕功能,下面以一个存储过程实现部分加绕来展示Oracle加绕功能的使用。
加绕方法一:
1、编写如下存储过程后,保存为C:\wraptest.sql文件
CREATE PROCEDURE wraptest IS
TYPE emp_tab IS TABLE OF OPER_OPERATOR%ROWTYPE INDEX BY PLS_INTEGER; all_emps emp_tab; BEGIN
SELECT * BULK COLLECT INTO all_emps FROM OPER_OPERATOR; FOR i IN 1..10 LOOP
DBMS_OUTPUT.PUT_LINE('Emp Id: ' || all_emps(i).OPERNM); END LOOP; END; /
2、在window系统命令行输入如下命令 C:\>wrap iname=C:\wraptest.sql,命令执行后,出现如下提示信息:
PL/SQL Wrapper: Release 10.2.0.1.0- Production on 星期四 6月 18 21:58:45 2009 Copyright (c) 1993, 2004, Oracle. All rights reserved. Processing c:\ wraptest.sql to wraptest.plb
C:\>wrap iname=/mydir/myfile.sql oname=/mydir/myfile.plb
3、打开PL/SQL Developer工具命令窗口,输入如下命令: SQL> @c:\ wraptest.plb
执行后可能出现如下错误信息:
Warning: Procedure created with compilation errors 这个没有关系,在左侧Procedure中找到存储过程wraptest重新编译一下。
4、完成以上3步,就可以正常执行存储过程了
SQL> exec wraptest();
加绕方法二:
BEGIN
SYS.DBMS_DDL.CREATE_WRAPPED('
CREATE OR REPLACE FUNCTION SHOW_INFO1(P_STR IN VARCHAR2) RETURN VARCHAR2 AS
STR VARCHAR2(100) :=''这是Oracle加扰测试''; BEGIN
STR := STR||P_STR;
RETURN STR; END;'); END;
通过“SYS.DBMS_DDL.CREATE_WRAPPED(‘textarea’);”实现加扰。
DECLARE
TEMP VARCHAR2(100); BEGIN
TEMP := SHOW_INFO1('HELLO'); DBMS_OUTPUT.put_line(TEMP); END;
调用加扰方式创建的函数
DECLARE
-- the package_text variable contains the text to create the package spec and body
package_text VARCHAR2(32767);
FUNCTION generate_spec (pkgname VARCHAR2) RETURN VARCHAR2 AS BEGIN
RETURN 'CREATE PACKAGE ' || pkgname || ' AS
PROCEDURE raise_salary (emp_id NUMBER, amount NUMBER); PROCEDURE fire_employee (emp_id NUMBER); END ' || pkgname || ';'; END generate_spec;
FUNCTION generate_body (pkgname VARCHAR2) RETURN VARCHAR2 AS BEGIN
RETURN 'CREATE PACKAGE BODY ' || pkgname || ' AS
PROCEDURE raise_salary (emp_id NUMBER, amount NUMBER) IS BEGIN
UPDATE employees SET salary = salary + amount WHERE employee_id = emp_id;
END raise_salary;
PROCEDURE fire_employee (emp_id NUMBER) IS BEGIN
DELETE FROM employees WHERE employee_id = emp_id; END fire_employee; END ' || pkgname || ';'; END generate_body; BEGIN
package_text := generate_spec('emp_actions'); -- generate package spec SYS.DBMS_DDL.CREATE_WRAPPED(package_text); -- create and wrap the package spec
package_text := generate_body('emp_actions'); -- generate package body
SYS.DBMS_DDL.CREATE_WRAPPED(package_text); -- create and wrap the package body END; /
-- call a procedure from the wrapped package CALL emp_actions.raise_salary(120, 100);
When you check the *_SOURCE views, the source is wrapped, or hidden, so that others cannot view the code details. For example:
SELECT text FROM USER_SOURCE WHERE name = 'EMP_ACTIONS';
通过如上SQL可以看到,新建的包、包体为加扰后的代码,无法看到具体实现。