openharmony/distributeddatamgr_relational_store
1
0
Fork 0
mirror of https://gitee.com/openharmony/distributeddatamgr_relational_store synced 2024-11-23 07:00:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SQL语句匿名化

Browse Source 
Signed-off-by: bjd <baijidong@huawei.com>
This commit is contained in:
bjd 2024-11-18 18:37:13 +08:00
parent 81f12b8b8d
commit c2ee07e884
2 changed files with 53 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
frameworks/native/rdb/src/sqlite_utils.cpp
View File

@ -31,6 +31,8 @@
#include "logger.h"
#include "rdb_errno.h"
#include "rdb_store_config.h"
#include "sqlite_utils.h"
#include "string_utils.h"
namespace OHOS {
namespace NativeRdb {
using namespace OHOS::Rdb;
@ -42,8 +44,8 @@ constexpr int32_t FILE_PATH_MINI_SIZE = 6;
constexpr int32_t AREA_MINI_SIZE = 4;
constexpr int32_t AREA_OFFSET_SIZE = 5;
constexpr int32_t PRE_OFFSET_SIZE = 1;
constexpr int32_t SELECT_SIZE = 6;
constexpr int32_t INSERT_INTO_SIZE = 11;
constexpr int32_t INSERT_INTO_VALUES_SIZE = 20;
constexpr int32_t INSERT_INTO_SIZE = 12;
constexpr int32_t UPDATE_SIZE = 6;
constexpr int32_t DELETE_FROM_SIZE = 11;
constexpr int32_t CREATE_DATABASE_SIZE = 15;
@ -255,24 +257,10 @@ bool IsSpecialChar(char c)
{
return (c == ' ' || c == '.' || c == ',' || c == '!' || c == '?' || c == ':' || c == '(' || c == ')' || c == ';');
}
std::string replaceMultipleSpaces(const std::string &str)
std::string ReplaceMultipleSpaces(const std::string &str)
{
std::string result;
bool isSpace = false;
for (char c : str) {
if (std::isspace(c)) {
if (!isSpace) {
result += ' ';
}
isSpace = true;
} else {
result += c;
isSpace = false;
}
}
return result;
std::string result = StringUtils::Trim(str);
return std::regex_replace(result, std::regex(" +"), " ");
}
std::vector<std::string> SplitString(const std::string &input)
@ -296,7 +284,7 @@ std::vector<std::string> SplitString(const std::string &input)
return result;
}
std::string ProcessString(const std::string &input)
std::string ProcessSensitiveString(const std::string &input)
{
std::vector<std::string> words = SplitString(input);
std::string result;
@ -338,8 +326,8 @@ std::string ProcessString(const std::string &input)
std::string SqliteUtils::AnonySql(const std::string &sql)
{
std::regex SELECT_REGEX("SELECT\\s+(.)\\s+FROM\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex INSERT_REGEX("INSERT\\s+INTO\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex SELECT_REGEX("SELECT\\s+(.*)\\s+FROM\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex INSERT_REGEX("INSERT\\s+INTO\\s+(.*)\\s+VALUES\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex UPDATE_REGEX("UPDATE\\s+([^\\s]+)", std::regex_constants::icase);
std::regex DELETE_REGEX("DELETE\\s+FROM\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex CREATE_DATABASE_REGEX("CREATE\\s+DATABASE\\s+([^\\s;]+)", std::regex_constants::icase);
@ -352,58 +340,68 @@ std::string SqliteUtils::AnonySql(const std::string &sql)
"DROP\\s+DATABASE\\s+IF\\s+EXISTS\\s+([^\\s;]+)", std::regex_constants::icase);
std::regex ALTER_TABLE_REGEX("ALTER\\s+TABLE\\s+([^\\s;]+)", std::regex_constants::icase);
std::string replaceSql = replaceMultipleSpaces(sql);
std::string replaceSql = ReplaceMultipleSpaces(sql);
std::smatch match;
if (std::regex_search(replaceSql, match, SELECT_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, SELECT_SIZE) + ProcessString(replaceSql.substr(SELECT_SIZE));
std::string columns = match[1].str();
std::string table = match[2].str();
std::string MaskedSql = std::regex_replace(
replaceSql, SELECT_REGEX, "SELECT " + ProcessSensitiveString(columns) + " FROM " + ProcessSensitiveString(table));
std::regex WHERE_REGEX("WHERE\\s+(.*)", std::regex_constants::icase);
std::smatch WHERE_MATCH;
if (std::regex_search(MaskedSql, WHERE_MATCH, WHERE_REGEX)) {
std::string whereClause = WHERE_MATCH[1].str();
MaskedSql = std::regex_replace(MaskedSql, WHERE_REGEX, "WHERE " + ProcessSensitiveString(whereClause));
}
return MaskedSql;
} else if (std::regex_search(replaceSql, match, INSERT_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, INSERT_INTO_SIZE) + ProcessString(replaceSql.substr(INSERT_INTO_SIZE));
std::string columns = match[1].str();
std::string MaskedSql = "INSERT INTO " + ProcessSensitiveString(replaceSql.substr(INSERT_INTO_SIZE, columns.length())) +
" VALUES " +
ProcessSensitiveString(replaceSql.substr(INSERT_INTO_VALUES_SIZE + columns.length()));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, UPDATE_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, UPDATE_SIZE) + ProcessString(replaceSql.substr(UPDATE_SIZE));
replaceSql.substr(START_SIZE, UPDATE_SIZE) + ProcessSensitiveString(replaceSql.substr(UPDATE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, DELETE_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, DELETE_FROM_SIZE) + ProcessString(replaceSql.substr(DELETE_FROM_SIZE));
replaceSql.substr(START_SIZE, DELETE_FROM_SIZE) + ProcessSensitiveString(replaceSql.substr(DELETE_FROM_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, CREATE_DATABASE_REGEX)) {
std::string MaskedSql = replaceSql.substr(START_SIZE, CREATE_DATABASE_SIZE) +
ProcessString(replaceSql.substr(CREATE_DATABASE_SIZE));
ProcessSensitiveString(replaceSql.substr(CREATE_DATABASE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, CREATE_TABLE_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, CREATE_TABLE_SIZE) + ProcessString(replaceSql.substr(CREATE_TABLE_SIZE));
replaceSql.substr(START_SIZE, CREATE_TABLE_SIZE) + ProcessSensitiveString(replaceSql.substr(CREATE_TABLE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, DROP_TABLE_IF_EXITS_REGEX)) {
std::string MaskedSql = replaceSql.substr(START_SIZE, DROP_TABLE_IFEXITS_SIZE) +
ProcessString(replaceSql.substr(DROP_TABLE_IFEXITS_SIZE));
ProcessSensitiveString(replaceSql.substr(DROP_TABLE_IFEXITS_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, DROP_DATABASE_IF_EXITS_REGEX)) {
std::string MaskedSql = replaceSql.substr(START_SIZE, DROP_DATABASE_IFEXITS_SIZE) +
ProcessString(replaceSql.substr(DROP_DATABASE_IFEXITS_SIZE));
ProcessSensitiveString(replaceSql.substr(DROP_DATABASE_IFEXITS_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, DROP_TABLE_REGAX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, DROP_TABLE_SIZE) + ProcessString(replaceSql.substr(DROP_TABLE_SIZE));
replaceSql.substr(START_SIZE, DROP_TABLE_SIZE) + ProcessSensitiveString(replaceSql.substr(DROP_TABLE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, DROP_DATABASE_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, DROP_DATABASE_SIZE) + ProcessString(replaceSql.substr(DROP_DATABASE_SIZE));
replaceSql.substr(START_SIZE, DROP_DATABASE_SIZE) + ProcessSensitiveString(replaceSql.substr(DROP_DATABASE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, ALTER_TABLE_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, ALTER_TABLE_SIZE) + ProcessString(replaceSql.substr(ALTER_TABLE_SIZE));
replaceSql.substr(START_SIZE, ALTER_TABLE_SIZE) + ProcessSensitiveString(replaceSql.substr(ALTER_TABLE_SIZE));
return MaskedSql;
} else if (std::regex_search(replaceSql, match, PRAGMA_REGEX)) {
std::string MaskedSql =
replaceSql.substr(START_SIZE, PRAGMA_SIZE) + ProcessString(replaceSql.substr(PRAGMA_SIZE));
replaceSql.substr(START_SIZE, PRAGMA_SIZE) + ProcessSensitiveString(replaceSql.substr(PRAGMA_SIZE));
return MaskedSql;
}
std::string MaskedSql = replaceSql.substr(START_SIZE, OTHER_SIZE) + ProcessString(replaceSql.substr(OTHER_SIZE));
std::string MaskedSql = replaceSql.substr(START_SIZE, OTHER_SIZE) + ProcessSensitiveString(replaceSql.substr(OTHER_SIZE));
return MaskedSql;
}

40
test/native/rdb/unittest/sqlite_utils_test.cpp
View File

@ -165,54 +165,48 @@ HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0023, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0024, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("select value1, value2 from bigint_table WHERE case = 1."),
"select v***e*, v***e* f*** big*******le W***E c*** = *.");
"SELECT v***e*, v***e* FROM big*******le WHERE c*** = *.");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0025, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql("select value1, value2 from bigint_table."), "select v***e*, v***e* f*** big*******le.");
SqliteUtils::AnonySql("select value1, value2 from bigint_table."), "SELECT v***e*, v***e* FROM big*******le.");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0026, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("SELECT * FROM test."), "SELECT * F*** t***.");
EXPECT_EQ(SqliteUtils::AnonySql("SELECT * FROM test."), "SELECT * FROM t***.");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0027, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("INSERT INTO test VALUES(1, '[1.2, 0.3, 3.2, 1.6, 2.5, 3.1, 0.8, 0.4]');"),
"INSERT INTO t*** V***ES(*, *[*.*, *.*, *.*, *.*, *.*, *.*, *.*, *.*]');");
EXPECT_EQ(SqliteUtils::AnonySql("INSERT INTO test (data1, data2, data3, data4) VALUES (?, ?, ?, ?);"),
"INSERT INTO t*** (d****, d****, d****, d****) VALUES (?, ?, ?, ?);");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0028, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("INSERT INTO test (data1, data2, data3, data4) VALUES (?, ?, ?, ?);"),
"INSERT INTO t*** (d****, d****, d****, d****) V***ES (?, ?, ?, ?);");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0029, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql("UPDATE test SET age = 18 WHERE id = 1."), "UPDATE t*** *ET *ge = ** W***E *d = *.");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0030, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0029, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("DELETE FROM test;"), "DELETE FROM t***;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0031, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0030, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("DELETE FROM test WHERE time = 30;"), "DELETE FROM t*** W***E t*** = **;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0032, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0031, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("CREATE DATABASE DBtest.db;"), "CREATE DATABASE D***st.*b;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0033, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0032, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql(
@ -220,7 +214,7 @@ HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0033, TestSize.Level1)
"CREATE TABLE *F *OT E***TS T*** (*d *NT P***ARY *EY, n*** T***, e***nd B***, c*** R***, y***s UN*****ED *NT, at*****ent A***T, at*****ents A***TS).");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0034, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0033, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql(
@ -228,39 +222,39 @@ HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0034, TestSize.Level1)
"CREATE TABLE T*** (*d *NT P***ARY *EY, n*** T***, e***nd B***, c*** R***, y***s UN*****ED *NT, at*****ent A***T, at*****ents A***TS).");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0035, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0034, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("DROP TABLE IF EXISTS bigint_table;"), "DROP TABLE IF EXISTS big*******le;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0036, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0035, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("DROP TABLE bigint_table;"), "DROP TABLE big*******le;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0037, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0036, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql("DROP DATABASE IF EXISTS database_name;"), "DROP DATABASE IF EXISTS dat*******ame;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0038, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0037, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("DROP DATABASE database_name;"), "DROP DATABASE dat*******ame;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0039, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0038, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("PRAGMA user_version = 3"), "PRAGMA use*******on = *");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0040, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0039, TestSize.Level1)
{
EXPECT_EQ(SqliteUtils::AnonySql("ALTER TABLE test ADD COLUMN address TEXT;"),
"ALTER TABLE t*** *DD C***MN a***ess T***;");
}
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0041, TestSize.Level1)
HWTEST_F(SqliteUtilsTest, SqliteUtils_Test_0040, TestSize.Level1)
{
EXPECT_EQ(
SqliteUtils::AnonySql(