LIT.002 by pass insert values contain date time

6ae5c3f5 · martianzhang · d096d6f5 · 6ae5c3f5 · 6ae5c3f5
隐藏空白更改
内联并排

Showing with 41 addition and 6 deletion

advisor/heuristic.go advisor/heuristic.go +14 -0

advisor/heuristic_test.go advisor/heuristic_test.go +27 -6

未找到文件。
--- a/advisor/heuristic.go
+++ b/advisor/heuristic.go
@@ -962,6 +962,20 @@ func (q *Query4Audit) RuleIPString() Rule {
 // RuleDataNotQuote LIT.002
 func (q *Query4Audit) RuleDataNotQuote() Rule {
 	var rule = q.RuleOK()
+
+	// by pass insert except, insert select
+	switch n := q.Stmt.(type) {
+	case *sqlparser.Insert:
+		var insertSelect bool
+		switch n.Rows.(type) {
+		case *sqlparser.Select:
+			insertSelect = true
+		}
+		if !insertSelect {
+			return rule
+		}
+	}
+
 	// 2010-01-01
 	re := regexp.MustCompile(`.\d{4}\s*-\s*\d{1,2}\s*-\s*\d{1,2}\b`)
 	sqls := re.FindAllString(q.Query, -1)

--- a/advisor/heuristic_test.go
+++ b/advisor/heuristic_test.go
@@ -484,11 +484,16 @@ func TestRuleSelectStar(t *testing.T) {
 // COL.002
 func TestRuleInsertColDef(t *testing.T) {
 	common.Log.Debug("Entering function: %s", common.GetFunctionName())
-	sqls := []string{
-		"insert into tbl values(1,'name')",
-		"replace into tbl values(1,'name')",
+	sqls := [][]string{
+		{
+			"insert into tbl values(1,'name')",
+			"replace into tbl values(1,'name')",
+		},
+		{
+			"insert into tb (col) values ('hello world')",
+		},
 	}
-	for _, sql := range sqls {
+	for _, sql := range sqls[0] {
 		q, err := NewQuery4Audit(sql)
 		if err == nil {
 			rule := q.RuleInsertColDef()
@@ -499,6 +504,18 @@ func TestRuleInsertColDef(t *testing.T) {
 			t.Error("sqlparser.Parse Error:", err)
 		}
 	}
+
+	for _, sql := range sqls[1] {
+		q, err := NewQuery4Audit(sql)
+		if err == nil {
+			rule := q.RuleInsertColDef()
+			if rule.Item != "OK" {
+				t.Error("Rule not match:", rule.Item, "Expect : OK")
+			}
+		} else {
+			t.Error("sqlparser.Parse Error:", err)
+		}
+	}
 	common.Log.Debug("Exiting function: %s", common.GetFunctionName())
 }

@@ -634,10 +651,14 @@ func TestRuleDataNotQuote(t *testing.T) {
 		{
 			"select col1,col2 from tbl where time < 2018-01-10",
 			"select col1,col2 from tbl where time < 18-01-10",
+			"INSERT INTO tb1 SELECT * FROM tb2 WHERE time < 2020-01-10",
 		},
 		{
-			// TODO:
-			// "INSERT INTO `pay_order` (`app_pay_obj`) VALUES('timestamp=2019-12-16');",
+			"select col1,col2 from tbl where time < '2018-01-10'",
+			"INSERT INTO `tb` (`col`) VALUES ('timestamp=2019-12-16')",
+			"insert into tb (col) values (' 2020-09-15 ')",
+			"replace into tb (col) values (' 2020-09-15 ')",
+			"INSERT INTO tb1 SELECT * FROM tb2 WHERE time < '2020-01-10'",
 		},
 	}
 	for _, sql := range sqls[0] {