提交 07870487 编写于 作者: martianzhang's avatar martianzhang

LIT.001 rule ignore PRIVLEGE statement

上级 f12c263c
...@@ -915,6 +915,15 @@ func (q *Query4Audit) RuleColCommentCheck() Rule { ...@@ -915,6 +915,15 @@ func (q *Query4Audit) RuleColCommentCheck() Rule {
// RuleIPString LIT.001 // RuleIPString LIT.001
func (q *Query4Audit) RuleIPString() Rule { func (q *Query4Audit) RuleIPString() Rule {
var rule = q.RuleOK() var rule = q.RuleOK()
for _, stmt := range q.TiStmt {
switch stmt.(type) {
case *tidb.AlterUserStmt, *tidb.CreateUserStmt, *tidb.GrantStmt, *tidb.GrantRoleStmt,
*tidb.RevokeRoleStmt, *tidb.RevokeStmt, *tidb.DropUserStmt:
return rule
}
}
re := regexp.MustCompile(`['"]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`) re := regexp.MustCompile(`['"]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`)
if re.FindString(q.Query) != "" { if re.FindString(q.Query) != "" {
rule = HeuristicRules["LIT.001"] rule = HeuristicRules["LIT.001"]
......
...@@ -562,10 +562,18 @@ func TestRuleColCommentCheck(t *testing.T) { ...@@ -562,10 +562,18 @@ func TestRuleColCommentCheck(t *testing.T) {
// LIT.001 // LIT.001
func TestRuleIPString(t *testing.T) { func TestRuleIPString(t *testing.T) {
common.Log.Debug("Entering function: %s", common.GetFunctionName()) common.Log.Debug("Entering function: %s", common.GetFunctionName())
sqls := []string{ sqls := [][]string{
"insert into tbl (IP,name) values('10.20.306.122','test')", {
"insert into tbl (IP,name) values('10.20.306.122','test')",
},
{
`CREATE USER IF NOT EXISTS 'test'@'1.1.1.1';`,
"ALTER USER 'test'@'1.1.1.1' IDENTIFIED WITH 'mysql_native_password' AS '*xxxxx' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;",
"GRANT SELECT ON `test`.* TO 'test'@'1.1.1.1';",
`GRANT USAGE ON *.* TO 'test'@'1.1.1.1';`,
},
} }
for _, sql := range sqls { for _, sql := range sqls[0] {
q, err := NewQuery4Audit(sql) q, err := NewQuery4Audit(sql)
if err == nil { if err == nil {
rule := q.RuleIPString() rule := q.RuleIPString()
...@@ -576,6 +584,18 @@ func TestRuleIPString(t *testing.T) { ...@@ -576,6 +584,18 @@ func TestRuleIPString(t *testing.T) {
t.Error("sqlparser.Parse Error:", err) t.Error("sqlparser.Parse Error:", err)
} }
} }
for _, sql := range sqls[1] {
q, err := NewQuery4Audit(sql)
if err == nil {
rule := q.RuleIPString()
if rule.Item != "OK" {
t.Error("Rule not match:", rule.Item, "Expect : OK")
}
} else {
t.Error("sqlparser.Parse Error:", err)
}
}
common.Log.Debug("Exiting function: %s", common.GetFunctionName()) common.Log.Debug("Exiting function: %s", common.GetFunctionName())
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册