Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add patterns functionality to whitelist #231

Merged
merged 19 commits into from
Aug 6, 2018
Merged

Add patterns functionality to whitelist #231

merged 19 commits into from
Aug 6, 2018

Conversation

storojs72
Copy link
Contributor

No description provided.

@storojs72 storojs72 changed the title Add patterns functionaly to whitelist Add patterns functionality to whitelist Aug 2, 2018
Lagovas
Lagovas requested changes Aug 2, 2018
View reviewed changes
acra-censor/handlers/whitelist_handler.go Outdated
if err != nil {
return false, ErrPatternSyntaxError
return false, ErrPatternCheckError
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we log the first error (err) before returning ErrPatternCheckError to know what actually happened?

acra-censor/handlers/handlers_util.go Outdated
return matchDetected
}

// handle SELECT * FROM table %%WHERE%% pattern
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better to format comment to godoc style // <methodName> some comment

acra-censor/acra-censor_test.go
t.Fatal(err)
}
acceptableQueries := []string{
"SELECT a, b, c FROM z WHERE a = 'someValue'",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we test here queries that we use for star pattern too (https://github.com/cossacklabs/acra/blob/acracensor/acra-censor/acra-censor_test.go#L545) ? to test different where clauses without star and columns

Lagovas
Lagovas reviewed Aug 6, 2018
View reviewed changes
acra-censor/handlers/handlers_util.go Outdated
@@ -151,6 +151,9 @@ func handleSelectWherePattern(queryNodes, patternNodes []sqlparser.SQLNode) bool
patternWhereDetected := false
queryWhereDetected := false
for index, patternNode := range patternNodes {
if index >= len(queryNodes) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe it makes sense to compare slice's lengths before loop?

if len(queryNodes) != len(patternNodes)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, actually we can perform this comparison before loop. But instead != it's better <, because length of query is allowed to be equal or greater than pattern. The intention here was to prevent case when pattern is greater than query, and index out of range when use queryNodes[index]

@vixentael
Copy link
Collaborator

i noticed in many places in code and logs we use parenTable, you mean parentTable?

@Lagovas
Copy link
Collaborator

Lagovas commented Aug 6, 2018

parenTable -> https://github.com/xwb1989/sqlparser/blob/master/ast.go#L1748

@vixentael
Copy link
Collaborator

ahh, parenthesized.. ok, got it

Lagovas
Lagovas reviewed Aug 6, 2018
View reviewed changes
acra-censor/handlers/handlers_util.go Outdated
if patternSelectExpr, ok := patternNodes[index+patternNodeOffset].(sqlparser.SelectExprs); ok && starFound(patternSelectExpr) {
if _, ok := queryNodes[index+queryNodeOffset].(sqlparser.SelectExprs); ok {
i := index
for i < len(queryNodes) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for ;i<len(queryNodes); i++

Copy link
Contributor Author

@storojs72 storojs72 Aug 6, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

acra-censor/handlers/handlers_util.go
continue
}
if patternSelectExpr, ok := patternNodes[index+patternNodeOffset].(sqlparser.SelectExprs); ok && starFound(patternSelectExpr) {
if _, ok := queryNodes[index+queryNodeOffset].(sqlparser.SelectExprs); ok {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if not ok?

vixentael
vixentael approved these changes Aug 6, 2018
View reviewed changes
Copy link
Collaborator

@vixentael vixentael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you, @storojs72

this is huge feature!

@storojs72 storojs72 merged commit 00a1983 into cossacklabs:acracensor Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vixentael vixentael vixentael approved these changes

@Lagovas Lagovas Lagovas approved these changes

@shadinua shadinua Awaiting requested review from shadinua

Assignees
No one assigned
Labels
acra-censor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@storojs72 @vixentael @Lagovas