From df217cd4a6353b6affca75da06716777ece008e1 Mon Sep 17 00:00:00 2001 From: Lee Date: Thu, 4 Nov 2021 09:40:38 +0800 Subject: [PATCH 1/7] update sql/engines/oracle.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 规避oracle使用双引号引入的对象名大小写敏感问题 --- sql/engines/oracle.py | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index 5749fc93d4..5d4082e704 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -144,7 +144,9 @@ def describe_table(self, db_name, tb_name, **kwargs): nullable, data_default FROM all_tab_cols - WHERE table_name = '{tb_name}' and owner = '{db_name}' order by column_id + WHERE upper(table_name) = upper('{tb_name}') and upper(owner) = upper('{db_name}') order by column_id + -- 规避双引号引入的大小写敏感名称 add by peng19832 20211103 + -- WHERE table_name = '{tb_name}' and owner = '{db_name}' order by column_id """ result = self.query(db_name=db_name, sql=sql) return result @@ -154,9 +156,16 @@ def object_name_check(self, db_name=None, object_name=''): if '.' in object_name: schema_name = object_name.split('.')[0] object_name = object_name.split('.')[1] - sql = f"""SELECT object_name FROM all_objects WHERE OWNER = upper('{schema_name}') and OBJECT_NAME = upper('{object_name}')""" + # 去除双引号 -- add by peng19832 20211103 + if ( '"' in schema_name ) or ( '"' in object_name ): + schema_name = schema_name.replace( '"', '' ) + object_name = object_name.replace( '"', '' ) + # 规避双引号引入的大小写敏感名称 add by peng19832 20211103 + # sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{schema_name}' and OBJECT_NAME = '{object_name}'""" + sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{schema_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" else: - sql = f"""SELECT object_name FROM all_objects WHERE OWNER = upper('{db_name}') and OBJECT_NAME = upper('{object_name}')""" + # sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{db_name}' and OBJECT_NAME = '{object_name}'""" + sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{db_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" result = self.query(db_name=db_name, sql=sql, close_conn=False) if result.affected_rows > 0: return True @@ -522,6 +531,8 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 其它无法用explain判断的语句 else: + # 规避双引号引入的名称大小写敏感问题 -- add by peng19832 20211103 + sql_lower = sqlitem.statement.rstrip(';') # 对alter table做对象存在性检查 if re.match(r"^alter\s+table\s", sql_lower): object_name = self.get_sql_first_object_name(sql=sql_lower) @@ -529,6 +540,9 @@ def execute_check(self, db_name=None, sql='', close_conn=True): object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 -- add by peng19832 20211103 + if ( '"' in object_name ): + object_name = object_name.replace( '"', '' ) if not self.object_name_check(db_name=db_name, object_name=object_name) and object_name not in object_name_list: check_result.is_critical = True @@ -537,9 +551,12 @@ def execute_check(self, db_name=None, sql='', close_conn=True): errormessage=f"""{object_name}对象不存在!""", sql=sqlitem.statement) else: + # result = ReviewResult(id=line, errlevel=1, + # stagestatus='当前平台,此语法不支持审核!', + # errormessage='当前平台,此语法不支持审核!', result = ReviewResult(id=line, errlevel=1, - stagestatus='当前平台,此语法不支持审核!', - errormessage='当前平台,此语法不支持审核!', + stagestatus='Audit completed', + errormessage='None', sql=sqlitem.statement, stmt_type=sqlitem.stmt_type, object_owner=sqlitem.object_owner, @@ -549,11 +566,16 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 对create做对象存在性检查 elif re.match(r"^create", sql_lower): + # 规避双引号引入的名称大小写敏感问题 -- add by peng19832 20211103 + sql_lower = sqlitem.statement.rstrip(';') object_name = self.get_sql_first_object_name(sql=sql_lower) if '.' in object_name: object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 -- add by peng19832 20211103 + if ( '"' in object_name ): + object_name = object_name.replace( '"', '' ) if self.object_name_check(db_name=db_name, object_name=object_name) or object_name in object_name_list: check_result.is_critical = True @@ -563,9 +585,12 @@ def execute_check(self, db_name=None, sql='', close_conn=True): sql=sqlitem.statement) else: object_name_list.add(object_name) - result = ReviewResult(id=line, errlevel=1, - stagestatus='当前平台,此语法不支持审核!', - errormessage='当前平台,此语法不支持审核!', + # result = ReviewResult(id=line, errlevel=1, + # stagestatus='当前平台,此语法不支持审核!', + # errormessage='当前平台,此语法不支持审核!', + result = ReviewResult(id=line, errlevel=0, + stagestatus='Audit completed', + errormessage='None', sql=sqlitem.statement, stmt_type=sqlitem.stmt_type, object_owner=sqlitem.object_owner, From fed6532b4e0ceeea1ae16aafcc8c127198bf2417 Mon Sep 17 00:00:00 2001 From: Lee Date: Thu, 4 Nov 2021 11:33:10 +0800 Subject: [PATCH 2/7] update sql/engines/oracle.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 去除不需要的注释行 --- sql/engines/oracle.py | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index 5d4082e704..fd52211ef6 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -145,8 +145,6 @@ def describe_table(self, db_name, tb_name, **kwargs): data_default FROM all_tab_cols WHERE upper(table_name) = upper('{tb_name}') and upper(owner) = upper('{db_name}') order by column_id - -- 规避双引号引入的大小写敏感名称 add by peng19832 20211103 - -- WHERE table_name = '{tb_name}' and owner = '{db_name}' order by column_id """ result = self.query(db_name=db_name, sql=sql) return result @@ -156,15 +154,11 @@ def object_name_check(self, db_name=None, object_name=''): if '.' in object_name: schema_name = object_name.split('.')[0] object_name = object_name.split('.')[1] - # 去除双引号 -- add by peng19832 20211103 if ( '"' in schema_name ) or ( '"' in object_name ): schema_name = schema_name.replace( '"', '' ) object_name = object_name.replace( '"', '' ) - # 规避双引号引入的大小写敏感名称 add by peng19832 20211103 - # sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{schema_name}' and OBJECT_NAME = '{object_name}'""" sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{schema_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" else: - # sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{db_name}' and OBJECT_NAME = '{object_name}'""" sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{db_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" result = self.query(db_name=db_name, sql=sql, close_conn=False) if result.affected_rows > 0: @@ -531,7 +525,6 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 其它无法用explain判断的语句 else: - # 规避双引号引入的名称大小写敏感问题 -- add by peng19832 20211103 sql_lower = sqlitem.statement.rstrip(';') # 对alter table做对象存在性检查 if re.match(r"^alter\s+table\s", sql_lower): @@ -540,7 +533,6 @@ def execute_check(self, db_name=None, sql='', close_conn=True): object_name = object_name else: object_name = f"""{db_name}.{object_name}""" - # 去除双引号干扰 -- add by peng19832 20211103 if ( '"' in object_name ): object_name = object_name.replace( '"', '' ) if not self.object_name_check(db_name=db_name, @@ -551,9 +543,6 @@ def execute_check(self, db_name=None, sql='', close_conn=True): errormessage=f"""{object_name}对象不存在!""", sql=sqlitem.statement) else: - # result = ReviewResult(id=line, errlevel=1, - # stagestatus='当前平台,此语法不支持审核!', - # errormessage='当前平台,此语法不支持审核!', result = ReviewResult(id=line, errlevel=1, stagestatus='Audit completed', errormessage='None', @@ -566,14 +555,12 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 对create做对象存在性检查 elif re.match(r"^create", sql_lower): - # 规避双引号引入的名称大小写敏感问题 -- add by peng19832 20211103 sql_lower = sqlitem.statement.rstrip(';') object_name = self.get_sql_first_object_name(sql=sql_lower) if '.' in object_name: object_name = object_name else: object_name = f"""{db_name}.{object_name}""" - # 去除双引号干扰 -- add by peng19832 20211103 if ( '"' in object_name ): object_name = object_name.replace( '"', '' ) if self.object_name_check(db_name=db_name, @@ -585,9 +572,6 @@ def execute_check(self, db_name=None, sql='', close_conn=True): sql=sqlitem.statement) else: object_name_list.add(object_name) - # result = ReviewResult(id=line, errlevel=1, - # stagestatus='当前平台,此语法不支持审核!', - # errormessage='当前平台,此语法不支持审核!', result = ReviewResult(id=line, errlevel=0, stagestatus='Audit completed', errormessage='None', From 59f3b0e70719202ec029ab103e42fd4d8dcd2987 Mon Sep 17 00:00:00 2001 From: Lee Date: Wed, 10 Nov 2021 15:52:16 +0800 Subject: [PATCH 3/7] Update oracle.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 优化对象名使用双引号,导致的对象检查不存在问题 --- sql/engines/oracle.py | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index fd52211ef6..cfa357758c 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -112,8 +112,7 @@ def _get_all_schemas(self): def get_all_tables(self, db_name, **kwargs): """获取table 列表, 返回一个ResultSet""" - sql = f"""SELECT table_name FROM all_tables WHERE nvl(tablespace_name, 'no tablespace') NOT IN ('SYSTEM', 'SYSAUX') AND OWNER = '{db_name}' AND IOT_NAME IS NULL AND DURATION IS NULL order by table_name - """ + sql = f"""SELECT table_name FROM all_tables WHERE nvl(tablespace_name, 'no tablespace') NOT IN ('SYSTEM', 'SYSAUX') AND OWNER = '{db_name}' AND IOT_NAME IS NULL AND DURATION IS NULL order by table_name""" result = self.query(db_name=db_name, sql=sql) tb_list = [row[0] for row in result.rows if row[0] not in ['test']] result.rows = tb_list @@ -135,6 +134,9 @@ def get_all_columns_by_tb(self, db_name, tb_name, **kwargs): return result def describe_table(self, db_name, tb_name, **kwargs): + # 规避双引号问题 + if ( '"' in tb_name ): + tb_name = tb_name.replace( '"', '' ) """return ResultSet""" # https://www.thepolyglotdeveloper.com/2015/01/find-tables-oracle-database-column-name/ sql = f"""SELECT @@ -144,7 +146,7 @@ def describe_table(self, db_name, tb_name, **kwargs): nullable, data_default FROM all_tab_cols - WHERE upper(table_name) = upper('{tb_name}') and upper(owner) = upper('{db_name}') order by column_id + WHERE table_name = '{tb_name}' and owner = '{db_name}' order by column_id """ result = self.query(db_name=db_name, sql=sql) return result @@ -154,12 +156,15 @@ def object_name_check(self, db_name=None, object_name=''): if '.' in object_name: schema_name = object_name.split('.')[0] object_name = object_name.split('.')[1] + # 规避双引号问题 if ( '"' in schema_name ) or ( '"' in object_name ): schema_name = schema_name.replace( '"', '' ) object_name = object_name.replace( '"', '' ) - sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{schema_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" + sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{schema_name}' and OBJECT_NAME = '{object_name}' """ else: - sql = f"""SELECT object_name FROM all_objects WHERE upper(OWNER) = upper('{db_name}') and upper(OBJECT_NAME) = upper('{object_name}')""" + if ( '"' in object_name ): + object_name = object_name.replace( '"', '' ) + sql = f"""SELECT object_name FROM all_objects WHERE OWNER = '{db_name}' and OBJECT_NAME = '{object_name}' """ result = self.query(db_name=db_name, sql=sql, close_conn=False) if result.affected_rows > 0: return True @@ -268,7 +273,7 @@ def explain_check(self, db_name=None, sql='', close_conn=False): conn = self.get_connection() cursor = conn.cursor() if db_name: - cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = {db_name}") + cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = \"{db_name}\" ") if re.match(r"^explain", sql, re.I): sql = sql else: @@ -335,7 +340,7 @@ def query(self, db_name=None, sql='', limit_num=0, close_conn=True, **kwargs): conn = self.get_connection() cursor = conn.cursor() if db_name: - cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = {db_name}") + cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = \"{db_name}\" ") sql = sql.rstrip(';') # 支持oralce查询SQL执行计划语句 if re.match(r"^explain", sql, re.I): @@ -433,6 +438,9 @@ def execute_check(self, db_name=None, sql='', close_conn=True): object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 + if ( '"' in object_name ): + object_name = object_name.replace( '"', '' ) object_name_list.add(object_name) result = ReviewResult(id=line, errlevel=1, stagestatus='WARNING:新建表的新建索引语句暂无法检测!', @@ -469,6 +477,9 @@ def execute_check(self, db_name=None, sql='', close_conn=True): object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 + if ( '"' in object_name ): + object_name = object_name.replace( '"', '' ) if self.object_name_check(db_name=db_name, object_name=object_name) or object_name in object_name_list: check_result.is_critical = True @@ -533,6 +544,7 @@ def execute_check(self, db_name=None, sql='', close_conn=True): object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 if ( '"' in object_name ): object_name = object_name.replace( '"', '' ) if not self.object_name_check(db_name=db_name, @@ -543,7 +555,7 @@ def execute_check(self, db_name=None, sql='', close_conn=True): errormessage=f"""{object_name}对象不存在!""", sql=sqlitem.statement) else: - result = ReviewResult(id=line, errlevel=1, + result = ReviewResult(id=line, errlevel=0, stagestatus='Audit completed', errormessage='None', sql=sqlitem.statement, @@ -555,12 +567,12 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 对create做对象存在性检查 elif re.match(r"^create", sql_lower): - sql_lower = sqlitem.statement.rstrip(';') object_name = self.get_sql_first_object_name(sql=sql_lower) if '.' in object_name: object_name = object_name else: object_name = f"""{db_name}.{object_name}""" + # 去除双引号干扰 if ( '"' in object_name ): object_name = object_name.replace( '"', '' ) if self.object_name_check(db_name=db_name, @@ -572,9 +584,9 @@ def execute_check(self, db_name=None, sql='', close_conn=True): sql=sqlitem.statement) else: object_name_list.add(object_name) - result = ReviewResult(id=line, errlevel=0, - stagestatus='Audit completed', - errormessage='None', + result = ReviewResult(id=line, errlevel=1, + stagestatus='当前平台,此语法不支持审核!', + errormessage='当前平台,此语法不支持审核!', sql=sqlitem.statement, stmt_type=sqlitem.stmt_type, object_owner=sqlitem.object_owner, From a8182b1e9436ccf1d8b42353c980188896c61005 Mon Sep 17 00:00:00 2001 From: Lee Date: Tue, 30 Nov 2021 11:31:50 +0800 Subject: [PATCH 4/7] Update sql_review.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 放开允许自动审核oracle的dml --- sql/utils/sql_review.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/utils/sql_review.py b/sql/utils/sql_review.py index b813ae7253..f57d4a9996 100644 --- a/sql/utils/sql_review.py +++ b/sql/utils/sql_review.py @@ -20,7 +20,7 @@ def is_auto_review(workflow_id): workflow = SqlWorkflow.objects.get(id=workflow_id) auto_review_tags = SysConfig().get('auto_review_tag', '').split(',') # TODO 这里也可以放到engine中实现,但是配置项可能会相对复杂 - if workflow.instance.db_type == 'mysql' and workflow.instance.instance_tag.filter( + if ( workflow.instance.db_type == 'mysql' or workflow.instance.db_type == 'oracle' ) and workflow.instance.instance_tag.filter( tag_code__in=auto_review_tags).exists(): # 获取正则表达式 auto_review_regex = SysConfig().get( From 6e22ad1f0e7193dfcc96a3f0562423cb4c74e4fa Mon Sep 17 00:00:00 2001 From: Lee Date: Thu, 31 Mar 2022 15:05:37 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E8=A7=84=E9=81=BF=E5=8F=8C=E5=BC=95?= =?UTF-8?q?=E5=8F=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 规避双引号引起的对象名大小写,触发的对象检测问题 --- sql/engines/oracle.py | 82 +++++++++++++++++++++++++++++++++++------- sql/utils/sql_utils.py | 2 +- 2 files changed, 70 insertions(+), 14 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index 0e5b6ff04c..f29b62ff45 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -340,9 +340,25 @@ def object_name_check(self, db_name=None, object_name=''): if '.' in object_name: schema_name = object_name.split('.')[0] object_name = object_name.split('.')[1] - sql = f"""SELECT object_name FROM all_objects WHERE OWNER = upper('{schema_name}') and OBJECT_NAME = upper('{object_name}')""" + if '"' in schema_name: + schema_name = schema_name.replace( '"','' ) + if '"' in object_name: + object_name = object_name.replace( '"','' ) + else: + object_name = object_name.upper() + else: + schema_name = schema_name.upper() + if '"' in object_name: + object_name = object_name.replace( '"','' ) + else: + object_name = object_name.upper() else: - sql = f"""SELECT object_name FROM all_objects WHERE OWNER = upper('{db_name}') and OBJECT_NAME = upper('{object_name}')""" + schema_name = db_name + if '"' in object_name: + object_name = object_name.replace( '"','' ) + else: + object_name = object_name.upper() + sql = f""" SELECT object_name FROM all_objects WHERE OWNER = '{schema_name}' and OBJECT_NAME = '{object_name}' """ result = self.query(db_name=db_name, sql=sql, close_conn=False) if result.affected_rows > 0: return True @@ -451,7 +467,7 @@ def explain_check(self, db_name=None, sql='', close_conn=False): conn = self.get_connection() cursor = conn.cursor() if db_name: - cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = {db_name}") + cursor.execute(f" ALTER SESSION SET CURRENT_SCHEMA = \"{db_name}\" ") if re.match(r"^explain", sql, re.I): sql = sql else: @@ -515,7 +531,7 @@ def query(self, db_name=None, sql='', limit_num=0, close_conn=True, **kwargs): conn = self.get_connection() cursor = conn.cursor() if db_name: - cursor.execute(f"ALTER SESSION SET CURRENT_SCHEMA = {db_name}") + cursor.execute(f" ALTER SESSION SET CURRENT_SCHEMA = \"{db_name}\" ") sql = sql.rstrip(';') # 支持oralce查询SQL执行计划语句 if re.match(r"^explain", sql, re.I): @@ -575,6 +591,7 @@ def execute_check(self, db_name=None, sql='', close_conn=True): sqlitemList = get_full_sqlitem_list(sql, db_name) for sqlitem in sqlitemList: sql_lower = sqlitem.statement.lower().rstrip(';') + sql_nolower = sqlitem.statement.rstrip(';') # 禁用语句 if re.match(r"^select|^with|^explain", sql_lower): check_result.is_critical = True @@ -642,12 +659,25 @@ def execute_check(self, db_name=None, sql='', close_conn=True): else: # 对create table\create index\create unique index语法做对象存在性检测 if re.match(r"^create\s+table|^create\s+index|^create\s+unique\s+index", sql_lower): - object_name = self.get_sql_first_object_name(sql=sql_lower) + object_name = self.get_sql_first_object_name(sql=sql_nolower) # 保存create对象对后续SQL做存在性判断 if '.' in object_name: - object_name = object_name + schema_name = object_name.split('.')[0] + object_name = object_name.split('.')[1] + if '"' in schema_name: + schema_name = schema_name + if '"' not in object_name: + object_name = object_name.upper() + else: + schema_name = schema_name.upper() + if '"' not in object_name: + object_name = object_name.upper() else: - object_name = f"""{db_name}.{object_name}""" + schema_name = ( '"' + db_name + '"' ) + if '"' not in object_name: + object_name = object_name.upper() + + object_name = f"""{schema_name}.{object_name}""" if self.object_name_check(db_name=db_name, object_name=object_name) or object_name in object_name_list: check_result.is_critical = True @@ -706,11 +736,24 @@ def execute_check(self, db_name=None, sql='', close_conn=True): else: # 对alter table做对象存在性检查 if re.match(r"^alter\s+table\s", sql_lower): - object_name = self.get_sql_first_object_name(sql=sql_lower) + object_name = self.get_sql_first_object_name(sql=sql_nolower) if '.' in object_name: - object_name = object_name + schema_name = object_name.split('.')[0] + object_name = object_name.split('.')[1] + if '"' in schema_name: + schema_name = schema_name + if '"' not in object_name: + object_name = object_name.upper() + else: + schema_name = schema_name.upper() + if '"' not in object_name: + object_name = object_name.upper() else: - object_name = f"""{db_name}.{object_name}""" + schema_name = ( '"' + db_name + '"' ) + if '"' not in object_name: + object_name = object_name.upper() + + object_name = f"""{schema_name}.{object_name}""" if not self.object_name_check(db_name=db_name, object_name=object_name) and object_name not in object_name_list: check_result.is_critical = True @@ -731,11 +774,24 @@ def execute_check(self, db_name=None, sql='', close_conn=True): execute_time=0, ) # 对create做对象存在性检查 elif re.match(r"^create", sql_lower): - object_name = self.get_sql_first_object_name(sql=sql_lower) + object_name = self.get_sql_first_object_name(sql=sql_nolower) if '.' in object_name: - object_name = object_name + schema_name = object_name.split('.')[0] + object_name = object_name.split('.')[1] + if '"' in schema_name: + schema_name = schema_name + if '"' not in object_name: + object_name = object_name.upper() + else: + schema_name = schema_name.upper() + if '"' not in object_name: + object_name = object_name.upper() else: - object_name = f"""{db_name}.{object_name}""" + schema_name = ( '"' + db_name + '"' ) + if '"' not in object_name: + object_name = object_name.upper() + + object_name = f"""{schema_name}.{object_name}""" if self.object_name_check(db_name=db_name, object_name=object_name) or object_name in object_name_list: check_result.is_critical = True diff --git a/sql/utils/sql_utils.py b/sql/utils/sql_utils.py index 2b80a068f0..55e32cea3b 100644 --- a/sql/utils/sql_utils.py +++ b/sql/utils/sql_utils.py @@ -293,7 +293,7 @@ def get_exec_sqlitem_list(reviewResult, db_name): :return: """ list = [] - list.append(SqlItem(statement=f"ALTER SESSION SET CURRENT_SCHEMA = {db_name}")) + list.append(SqlItem(statement=f" ALTER SESSION SET CURRENT_SCHEMA = \"{db_name}\" ")) for item in reviewResult: list.append(SqlItem(statement=item['sql'], From 671aaa0e4cb228812184377bd829588f14fc2d04 Mon Sep 17 00:00:00 2001 From: Lee Date: Tue, 19 Apr 2022 15:35:22 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E8=A7=84=E9=81=BFsql=E4=B8=AD=E5=AF=B9?= =?UTF-8?q?=E8=B1=A1=E5=90=8D=E4=BD=BF=E7=94=A8=E5=8F=8C=E5=BC=95=E5=8F=B7?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/engines/oracle.py | 20 ++++++++++---------- sql/utils/sql_review.py | 3 ++- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index f29b62ff45..27b1912ff4 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -369,25 +369,25 @@ def object_name_check(self, db_name=None, object_name=''): def get_sql_first_object_name(sql=''): """获取sql文本中的object_name""" object_name = '' - if re.match(r"^create\s+table\s", sql): + if re.match(r"^create\s+table\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+table\s(.+?)(\s|\()", sql, re.M).group(1) - elif re.match(r"^create\s+index\s", sql): + elif re.match(r"^create\s+index\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+index\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+unique\s+index\s", sql): + elif re.match(r"^create\s+unique\s+index\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+unique\s+index\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+sequence\s", sql): + elif re.match(r"^create\s+sequence\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+sequence\s(.+?)(\s|$)", sql, re.M).group(1) - elif re.match(r"^alter\s+table\s", sql): + elif re.match(r"^alter\s+table\s", sql, re.IGNORECASE): object_name = re.match(r"^alter\s+table\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+function\s", sql): + elif re.match(r"^create\s+function\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+function\s(.+?)(\s|\()", sql, re.M).group(1) - elif re.match(r"^create\s+view\s", sql): + elif re.match(r"^create\s+view\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+view\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+procedure\s", sql): + elif re.match(r"^create\s+procedure\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+procedure\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+package\s+body", sql): + elif re.match(r"^create\s+package\s+body", sql, re.IGNORECASE): object_name = re.match(r"^create\s+package\s+body\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+package\s", sql): + elif re.match(r"^create\s+package\s", sql, re.IGNORECASE): object_name = re.match(r"^create\s+package\s(.+?)\s", sql, re.M).group(1) else: return object_name.strip() diff --git a/sql/utils/sql_review.py b/sql/utils/sql_review.py index f57d4a9996..6aea3775fe 100644 --- a/sql/utils/sql_review.py +++ b/sql/utils/sql_review.py @@ -19,8 +19,9 @@ def is_auto_review(workflow_id): workflow = SqlWorkflow.objects.get(id=workflow_id) auto_review_tags = SysConfig().get('auto_review_tag', '').split(',') + auto_review_db_type = SysConfig().get('auto_review_db_type', '').split(',') # TODO 这里也可以放到engine中实现,但是配置项可能会相对复杂 - if ( workflow.instance.db_type == 'mysql' or workflow.instance.db_type == 'oracle' ) and workflow.instance.instance_tag.filter( + if workflow.instance.db_type in auto_review_db_type and workflow.instance.instance_tag.filter( tag_code__in=auto_review_tags).exists(): # 获取正则表达式 auto_review_regex = SysConfig().get( From 4bf674d25f766e84ddf6cfea54d5275e063f93db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=82=89=E4=B8=9D=E8=92=9C=E8=96=B9?= Date: Tue, 19 Apr 2022 16:58:02 +0800 Subject: [PATCH 7/7] =?UTF-8?q?get=5Fsql=5Ffirst=5Fobject=5Fname=E6=96=B9?= =?UTF-8?q?=E6=B3=95=E5=BF=BD=E7=95=A5=E5=AF=B9=E8=B1=A1=E5=90=8D=E5=A4=A7?= =?UTF-8?q?=E5=B0=8F=E5=86=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sql/engines/oracle.py | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/sql/engines/oracle.py b/sql/engines/oracle.py index 27b1912ff4..aab93ea52c 100644 --- a/sql/engines/oracle.py +++ b/sql/engines/oracle.py @@ -369,26 +369,26 @@ def object_name_check(self, db_name=None, object_name=''): def get_sql_first_object_name(sql=''): """获取sql文本中的object_name""" object_name = '' - if re.match(r"^create\s+table\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+table\s(.+?)(\s|\()", sql, re.M).group(1) - elif re.match(r"^create\s+index\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+index\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+unique\s+index\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+unique\s+index\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+sequence\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+sequence\s(.+?)(\s|$)", sql, re.M).group(1) - elif re.match(r"^alter\s+table\s", sql, re.IGNORECASE): - object_name = re.match(r"^alter\s+table\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+function\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+function\s(.+?)(\s|\()", sql, re.M).group(1) - elif re.match(r"^create\s+view\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+view\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+procedure\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+procedure\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+package\s+body", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+package\s+body\s(.+?)\s", sql, re.M).group(1) - elif re.match(r"^create\s+package\s", sql, re.IGNORECASE): - object_name = re.match(r"^create\s+package\s(.+?)\s", sql, re.M).group(1) + if re.match(r"^create\s+table\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+table\s(.+?)(\s|\()", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+index\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+index\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+unique\s+index\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+unique\s+index\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+sequence\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+sequence\s(.+?)(\s|$)", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^alter\s+table\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^alter\s+table\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+function\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+function\s(.+?)(\s|\()", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+view\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+view\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+procedure\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+procedure\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+package\s+body", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+package\s+body\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) + elif re.match(r"^create\s+package\s", sql, re.M|re.IGNORECASE): + object_name = re.match(r"^create\s+package\s(.+?)\s", sql, re.M|re.IGNORECASE).group(1) else: return object_name.strip() return object_name.strip()