Skip to content
This repository has been archived by the owner on May 25, 2022. It is now read-only.

Commit

Permalink
feat(database): add handle for raw string in sql
Browse files Browse the repository at this point in the history
  • Loading branch information
@phodal
phodal committed Mar 31, 2022
1 parent 1c77596 commit dbbb57e
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 8 deletions.
3 changes: 3 additions & 0 deletions scan_mysql/build.gradle.kts
View file
Expand Up @@ -15,6 +15,9 @@ dependencies {
implementation("org.jetbrains.kotlin:kotlin-reflect:1.6.10")

implementation("org.slf4j:slf4j-jdk14:1.7.36")
implementation("org.slf4j:slf4j-api:1.7.20")
implementation("io.netty:netty-all:4.1.42.Final")


testImplementation("org.junit.jupiter:junit-jupiter:5.8.2")
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
Expand Down
6 changes: 5 additions & 1 deletion scan_mysql/src/main/kotlin/org/archguard/ident/mysql/MysqlIdentApp.kt
View file
Expand Up @@ -5,8 +5,11 @@ import net.sf.jsqlparser.statement.Statement
import net.sf.jsqlparser.statement.select.Select
import net.sf.jsqlparser.util.TablesNamesFinder
import org.archguard.ident.mysql.model.SimpleRelation
import org.slf4j.LoggerFactory

object MysqlIdentApp {
private val logger = LoggerFactory.getLogger(javaClass)

fun analysis(sql: String): SimpleRelation? {
val table = SimpleRelation()

Expand All @@ -17,7 +20,8 @@ object MysqlIdentApp {

table.tableNames = tablesNamesFinder.getTableList(selectStatement)
} catch (e: Exception) {
println(e)
logger.warn(e.toString())
logger.info(sql)
return null
}

Expand Down
16 changes: 10 additions & 6 deletions scan_sourcecode/src/main/kotlin/org/archguard/scanner/sourcecode/database/MysqlAnalyser.kt
View file
Expand Up @@ -17,9 +17,9 @@ class MysqlAnalyser {
fun analysisByNode(node: CodeDataStruct, workspace: String): MutableList<SqlRecord> {
val logs: MutableList<SqlRecord> = mutableListOf()
// by annotation: identify
val sqls: MutableList<String> = mutableListOf()
node.Functions.forEach { function ->
val tables: MutableList<String> = mutableListOf()
val sqls: MutableList<String> = mutableListOf()
val tables: MutableSet<String> = mutableSetOf()

function.Annotations.forEach {
if (it.Name == "SqlQuery") {
Expand All @@ -36,7 +36,9 @@ class MysqlAnalyser {
if (callMethodName == "createQuery") {
val pureValue = sqlify(it.Parameters[0].TypeValue)
if (MysqlIdentApp.analysis(pureValue) != null) {
tables += MysqlIdentApp.analysis(pureValue)!!.tableNames
println(it.FunctionName)
val tableNames = MysqlIdentApp.analysis(pureValue)!!.tableNames
tables += tableNames
}
sqls += pureValue
}
Expand All @@ -47,7 +49,7 @@ class MysqlAnalyser {
Package = node.Package,
ClassName = node.NodeName,
FunctionName = function.Name,
Tables = tables,
Tables = tables.toList(),
Sql = sqls
)
}
Expand All @@ -61,6 +63,7 @@ class MysqlAnalyser {
fun sqlify(value: String): String {
var text = handleRawString(value)
text = removeBeginEndQuotes(text)
text = removeNextLine(text)
text = removePlus(text)
text = processIn(text)
return text
Expand All @@ -71,8 +74,7 @@ class MysqlAnalyser {
private fun handleRawString(text: String): String {
val rawString = RAW_STRING_REGEX.find(text)
if(rawString != null) {
val replace = rawString.groups[1]!!.value
return replace
return rawString.groups[1]!!.value
}

return text
Expand All @@ -85,9 +87,11 @@ class MysqlAnalyser {
if (find != null) {
return text.replace(IN_REGEX, "in (:${find.groups[2]!!.value})")
}

return text
}

private fun removeNextLine(text: String) = text.replace("\n", "")
private fun removePlus(text: String) = text.replace("\"+\"", "")
private fun removeBeginEndQuotes(value: String) = value.removeSuffix("\"").removePrefix("\"")
}
21 changes: 20 additions & 1 deletion ...sourcecode/src/test/kotlin/org/archguard/scanner/sourcecode/database/MysqlAnalyserTest.kt
View file
@@ -1,6 +1,7 @@
package org.archguard.scanner.sourcecode.database

import chapi.app.analyser.KotlinAnalyserApp
import org.junit.jupiter.api.Disabled
import org.junit.jupiter.api.Test
import java.nio.file.Paths
import kotlin.test.assertEquals
Expand All @@ -14,6 +15,19 @@ internal class MysqlAnalyserTest {
assertEquals("select id, system_name as systemName, language from system_info where id in (:ids)", sqlify)
}

@Test
fun should_wrapper_raw_string_in_values() {
val sqlify =
MysqlAnalyser().sqlify("\"\"\"\n" +
" select count(m.id) from method_access m inner join code_method c where m.method_id = c.id \n" +
" and m.system_id = :systemId and m.is_static=1 and m.is_private=0 \n" +
" and c.name not in ('<clinit>', 'main') and c.name not like '%\$%'\n" +
" \"\"\".trimIndent()")

assertEquals(false, sqlify.contains("trimIndent"))
assertEquals(false, sqlify.contains("\"\"\""))
}

@Test
fun should_ident_jdbi_create_query_annotation() {
val resource = this.javaClass.classLoader.getResource("jdbi/ContainerServiceDao.kt")!!
Expand Down Expand Up @@ -48,6 +62,7 @@ internal class MysqlAnalyserTest {
}

@Test
@Disabled
fun should_ident_in_variable() {
val resource = this.javaClass.classLoader.getResource("jdbi/TestBadSmellRepositoryImpl.kt")!!
val path = Paths.get(resource.toURI()).toFile().absolutePath
Expand All @@ -59,6 +74,10 @@ internal class MysqlAnalyserTest {
mysqlAnalyser.analysisByNode(it, "")
}

assertEquals(14, sqlRecord.size)
assertEquals(13, sqlRecord.size)
assertEquals("method_access,code_method", sqlRecord[0].Tables.joinToString(","))
assertEquals("method_access,code_method", sqlRecord[1].Tables.joinToString(","))
assertEquals("code_method,code_ref_method_callees", sqlRecord[2].Tables.joinToString(","))
assertEquals("code_method,code_ref_method_callees", sqlRecord[3].Tables.joinToString(","))
}
}

0 comments on commit dbbb57e

Please sign in to comment.