feat(mysql): 添加ddl_dml不能同时提交的逻辑 (#2060)

* feat(mysql): 添加ddl_dml不能同时提交的逻辑 Signed-off-by: summing.yu <[email protected]> * format: black format Signed-off-by: summingyu <[email protected]> --------- Signed-off-by: summing.yu <[email protected]> Signed-off-by: summingyu <[email protected]> Co-authored-by: summing.yu <[email protected]>
hhyo · Feb 25, 2023 · 0b0167f · 0b0167f
1 parent 0eee241
commit 0b0167f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/common/templates/config.html b/common/templates/config.html
@@ -264,6 +264,21 @@ <h5 style="color: darkgrey"><b>SQL上线</b></h5>
                                     </div>
                                 </div>
                             </div>
+                            <div class="form-group">
+                                <label for="ddl_dml_separation"
+                                       class="col-sm-4 control-label">DDL_DML_SEPARATION</label>
+                                <div class="col-sm-8">
+                                    <div class="switch switch-small">
+                                        <label>
+                                            <input id="ddl_dml_separation"
+                                                   key="ddl_dml_separation"
+                                                   value="{{ config.ddl_dml_separation }}"
+                                                   type="checkbox">
+                                            是否禁止DDL和DML在SQL上线同时提交(MySQL)
+                                        </label>
+                                    </div>
+                                </div>
+                            </div>
                             <div class="form-group">
                                 <label for="ban_self_audit"
                                        class="col-sm-4 control-label">BAN_SELF_AUDIT</label>

diff --git a/sql/engines/mysql.py b/sql/engines/mysql.py
@@ -461,11 +461,16 @@ def execute_check(self, db_name=None, sql=""):
 
         # 禁用/高危语句检查
         critical_ddl_regex = self.config.get("critical_ddl_regex", "")
+        ddl_dml_separation = self.config.get("ddl_dml_separation", False)
         p = re.compile(critical_ddl_regex)
+        # 获取语句类型：DDL或者DML
+        ddl_dml_flag = ""
         for row in check_result.rows:
             statement = row.sql
             # 去除注释
             statement = remove_comments(statement, db_type="mysql")
+            # 获取提交类型
+            syntax_type = get_syntax_type(statement, parser=False, db_type="mysql")
             # 禁用语句
             if re.match(r"^select", statement.lower()):
                 check_result.error_count += 1
@@ -478,6 +483,14 @@ def execute_check(self, db_name=None, sql=""):
                 row.stagestatus = "驳回高危SQL"
                 row.errlevel = 2
                 row.errormessage = "禁止提交匹配" + critical_ddl_regex + "条件的语句！"
+            elif ddl_dml_separation and syntax_type in ("DDL", "DML"):
+                if ddl_dml_flag == "":
+                    ddl_dml_flag = syntax_type
+                elif ddl_dml_flag != syntax_type:
+                    check_result.error_count += 1
+                    row.stagestatus = "驳回不支持语句"
+                    row.errlevel = 2
+                    row.errormessage = "DDL语句和DML语句不能同时执行！"
         return check_result
 
     def execute_workflow(self, workflow):