LIT.001 rule ignore PRIVLEGE statement

advisor/heuristic.go

@@ -915,6 +915,15 @@ func (q *Query4Audit) RuleColCommentCheck() Rule {
 // RuleIPString LIT.001
 func (q *Query4Audit) RuleIPString() Rule {
 	var rule = q.RuleOK()
+
+	for _, stmt := range q.TiStmt {
+		switch stmt.(type) {
+		case *tidb.AlterUserStmt, *tidb.CreateUserStmt, *tidb.GrantStmt, *tidb.GrantRoleStmt,
+			*tidb.RevokeRoleStmt, *tidb.RevokeStmt, *tidb.DropUserStmt:
+			return rule
+		}
+	}
+
 	re := regexp.MustCompile(`['"]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`)
 	if re.FindString(q.Query) != "" {
 		rule = HeuristicRules["LIT.001"]

advisor/heuristic_test.go

@@ -562,10 +562,18 @@ func TestRuleColCommentCheck(t *testing.T) {
 // LIT.001
 func TestRuleIPString(t *testing.T) {
 	common.Log.Debug("Entering function: %s", common.GetFunctionName())
-	sqls := []string{
-		"insert into tbl (IP,name) values('10.20.306.122','test')",
+	sqls := [][]string{
+		{
+			"insert into tbl (IP,name) values('10.20.306.122','test')",
+		},
+		{
+			`CREATE USER IF NOT EXISTS 'test'@'1.1.1.1';`,
+			"ALTER USER 'test'@'1.1.1.1' IDENTIFIED WITH 'mysql_native_password' AS '*xxxxx' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;",
+			"GRANT SELECT ON `test`.* TO 'test'@'1.1.1.1';",
+			`GRANT USAGE ON *.* TO 'test'@'1.1.1.1';`,
+		},
 	}
-	for _, sql := range sqls {
+	for _, sql := range sqls[0] {
 		q, err := NewQuery4Audit(sql)
 		if err == nil {
 			rule := q.RuleIPString()
@@ -576,6 +584,18 @@ func TestRuleIPString(t *testing.T) {
 			t.Error("sqlparser.Parse Error:", err)
 		}
 	}
+
+	for _, sql := range sqls[1] {
+		q, err := NewQuery4Audit(sql)
+		if err == nil {
+			rule := q.RuleIPString()
+			if rule.Item != "OK" {
+				t.Error("Rule not match:", rule.Item, "Expect : OK")
+			}
+		} else {
+			t.Error("sqlparser.Parse Error:", err)
+		}
+	}
 	common.Log.Debug("Exiting function: %s", common.GetFunctionName())
 }