Java 使用自定义API并对其进行攻击
我使用java来构建一个项目,我是java初学者,所以我遇到了一个问题 我正在使用gsql解析器的JavaAPI来解析数据库查询,有一点我一直坚持 有两个类TSelectSqlStatement和TCreateTableSqlStatement都继承TCustomSqlStatement类,我必须在SelectSql的Createtable中使用一个方法,并且当我执行此类型转换时不允许使用 有没有办法解决这个问题 api参考的链接是 这是DBSystem.javaJava 使用自定义API并对其进行攻击,java,api,Java,Api,我使用java来构建一个项目,我是java初学者,所以我遇到了一个问题 我正在使用gsql解析器的JavaAPI来解析数据库查询,有一点我一直坚持 有两个类TSelectSqlStatement和TCreateTableSqlStatement都继承TCustomSqlStatement类,我必须在SelectSql的Createtable中使用一个方法,并且当我执行此类型转换时不允许使用 有没有办法解决这个问题 api参考的链接是 这是DBSystem.java package db
package dbs;
import gudusoft.gsqlparser.EDbVendor;
import gudusoft.gsqlparser.TCustomSqlStatement;
import gudusoft.gsqlparser.TGSqlParser;
import gudusoft.gsqlparser.nodes.TColumnDefinition;
import gudusoft.gsqlparser.nodes.TConstraint;
import gudusoft.gsqlparser.nodes.TResultColumn;
import gudusoft.gsqlparser.stmt.TCreateTableSqlStatement;
import gudusoft.gsqlparser.stmt.TSelectSqlStatement;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Scanner;
import java.util.Set;
import java.util.TreeMap;
public class DBSystem extends printSelect
{
static String tName=null;
static String s=null;
static boolean a=true;
static String config_path="tmp\\config.txt";
public static void main(String args[]) throws IOException
{
TGSqlParser sqlparser = new TGSqlParser(EDbVendor.dbvoracle);
try
{
BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
s = bufferRead.readLine();
}
catch(IOException e)
{
e.printStackTrace();
}
sqlparser.sqltext=s.toString();
int ret = sqlparser.parse();
if (ret == 0)
{
for(int i=0;i<sqlparser.sqlstatements.size();i++)
{
analyzeStmt(sqlparser.sqlstatements.get(i));
System.out.println("");
}
}
else
{
System.out.println("Query Invalid: \n Reason: \n");
System.out.println(sqlparser.getErrormessage());
}
}
protected static void analyzeStmt(TCustomSqlStatement stmt) throws IOException
{
switch(stmt.sqlstatementtype)
{
case sstselect:
analyzeSelectStmt((TSelectSqlStatement)stmt);
break;
case sstcreatetable:
analyzeCreateStmt((TCreateTableSqlStatement)stmt);
break;
default:
System.out.println(stmt.sqlstatementtype.toString());
}
}
private static void printSelectStmt(TCustomSqlStatement stmt) throws IOException
{
String p=stmt.getTargetTable().toString();
System.out.println(p);
BufferedReader in=new BufferedReader(new FileReader(p+".csv"));
String line;
while((line = in.readLine()) != null)
{
System.out.println(line);
}
in.close();
}
private static void analyzeCreateStmt(TCreateTableSqlStatement pStmt)
{
System.out.println("\nQuery Type: Create ");
tName=pStmt.getTargetTable().toString();
System.out.println("\nTable Name: \t"+pStmt.getTargetTable().toString());
System.out.println("\nColumns: \n");
TColumnDefinition column;
for(int i=0;i<pStmt.getColumnList().size();i++)
{
column = pStmt.getColumnList().getColumn(i);
System.out.println("\tname:"+column.getColumnName().toString());
System.out.println("\tdatetype:"+column.getDatatype().toString());
if (column.getDefaultExpression() != null)
{
System.out.println("\tdefault:"+column.getDefaultExpression().toString());
}
if (column.isNull())
{
System.out.println("\tnull: yes");
}
if (column.getConstraints() != null)
{
System.out.println("\tinline constraints:");
for(int j=0;j<column.getConstraints().size();j++)
{
printConstraint(column.getConstraints().getConstraint(j),false);
}
}
System.out.println("");
}
if(pStmt.getTableConstraints().size() > 0)
{
System.out.println("\toutline constraints:");
for(int i=0;i<pStmt.getTableConstraints().size();i++)
{
printConstraint(pStmt.getTableConstraints().getConstraint(i), true);
System.out.println("");
}
}
try {
checkTable();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private static void checkTable() throws FileNotFoundException, IOException
{
FileInputStream fstream1 = new FileInputStream(config_path);
DataInputStream in1 = new DataInputStream(fstream1);
BufferedReader br1 = new BufferedReader(new InputStreamReader(in1));
while (br1.readLine() != null)
{
//create table test(tid int,tname string);
do
{
if(tName.equalsIgnoreCase(br1.readLine()))
{
a=false;
//System.out.println("tName == br1.readLine()");
System.out.println("Query Invalid: \n \t Table already exists");
break;
}
}while(br1.readLine() != null);
if(a==true)
{
createTableHeader1();
break;
}
}
br1.close();
}
private static void createTableHeader1() throws FileNotFoundException, IOException
{
String p=s;
int strt_index=p.indexOf("(");
int end_index =p.indexOf(")");
String x=p.substring(strt_index+1, end_index);
//System.out.println(x);
int count=1;
for(int i=0;i<x.length();i++)
{
if(x.charAt(i)==',')
{
count++;
}
}
String[] parts=x.split(",");
/*PrintWriter writer = new PrintWriter(tName +".data", "UTF-8");
PrintWriter writer1 =new PrintWriter(tName +".csv", "UTF-8");
writer.close();
writer1.close();*/
try {
File file = new File(tName+".data");
File file1 = new File(tName+".csv");
if (file.createNewFile())
{
System.out.println(tName+".data is created");
}
else
{
System.out.println("File already exists.");
}
if (file1.createNewFile())
{
System.out.println(tName+".csv is created");
}
else
{
System.out.println("File already exists.");
}
} catch (IOException e) {
e.printStackTrace();
}
FileWriter write= new FileWriter(config_path,true);
BufferedWriter bufferedWriter =new BufferedWriter(write);
bufferedWriter.newLine();
bufferedWriter.write("BEGIN");
bufferedWriter.newLine();
bufferedWriter.write(tName);
bufferedWriter.newLine();
//attribute list , Data type
for(int j=0;j<count;j++)
{
//System.out.println(j);
bufferedWriter.write(parts[j]);
//System.out.println(parts[0]);
//System.out.println(parts[1]);
bufferedWriter.newLine();
}
bufferedWriter.write("END");
bufferedWriter.close();
}
protected static void printConstraint(TConstraint constraint, Boolean outline)
{
if (constraint.getConstraintName() != null)
{
System.out.println("\t\tconstraint name:"+constraint.getConstraintName().toString());
}
switch(constraint.getConstraint_type())
{
case notnull:
System.out.println("\t\tnot null");
break;
case primary_key:
System.out.println("\t\tprimary key");
if (outline)
{
String lcstr = "";
if (constraint.getColumnList() != null)
{
for(int k=0;k<constraint.getColumnList().size();k++)
{
if (k !=0 )
{
lcstr = lcstr+",";
}
lcstr = lcstr+constraint.getColumnList().getObjectName(k).toString();
}
System.out.println("\t\tprimary key columns:"+lcstr);
}
}
break;
case unique:
System.out.println("\t\tunique key");
if(outline)
{
String lcstr="";
if (constraint.getColumnList() != null)
{
for(int k=0;k<constraint.getColumnList().size();k++)
{
if (k !=0 )
{
lcstr = lcstr+",";
}
lcstr = lcstr+constraint.getColumnList().getObjectName(k).toString();
}
}
System.out.println("\t\tcolumns:"+lcstr);
}
break;
case check:
System.out.println("\t\tcheck:"+constraint.getCheckCondition().toString());
break;
case foreign_key:
//case reference:
System.out.println("\t\tforeign key");
if(outline)
{
String lcstr="";
if (constraint.getColumnList() != null)
{
for(int k=0;k<constraint.getColumnList().size();k++)
{
if (k !=0 )
{
lcstr = lcstr+",";
}
lcstr = lcstr+constraint.getColumnList().getObjectName(k).toString();
}
}
System.out.println("\t\tcolumns:"+lcstr);
}
System.out.println("\t\treferenced table:"+constraint.getReferencedObject().toString());
if (constraint.getReferencedColumnList() != null)
{
String lcstr="";
for(int k=0;k<constraint.getReferencedColumnList().size();k++)
{
if (k !=0 )
{
lcstr = lcstr+",";
}
lcstr = lcstr+constraint.getReferencedColumnList().getObjectName(k).toString();
}
System.out.println("\t\treferenced columns:"+lcstr);
}
break;
default:
break;
}
}
protected static void analyzeSelectStmt(TSelectSqlStatement pStmt) throws IOException
{
System.out.println("\nQuery Type: Select ");
if (pStmt.isCombinedQuery())
{
String setstr="";
switch (pStmt.getSetOperator())
{
case 1: setstr = "union";
break;
case 2: setstr = "union all";
break;
case 3: setstr = "intersect";
break;
case 4: setstr = "intersect all";
break;
case 5: setstr = "minus";
break;
case 6: setstr = "minus all";
break;
case 7: setstr = "except";
break;
case 8: setstr = "except all";
break;
}
System.out.printf("set type: %s\n",setstr);
System.out.println("left select:");
analyzeSelectStmt(pStmt.getLeftStmt());
System.out.println("right select:");
analyzeSelectStmt(pStmt.getRightStmt());
/*if (pStmt.getOrderbyClause() != null)
{
System.out.printf("order by clause %s\n",pStmt.getOrderbyClause().toString());
}*/
}
else
{
//select list
for(int i=0; i < pStmt.getResultColumnList().size();i++)
{
TResultColumn resultColumn = pStmt.getResultColumnList().getResultColumn(i);
System.out.printf("\tColumn: %s\n",resultColumn.getExpr().toString());
}
//where clause
if (pStmt.getWhereClause() != null)
{
System.out.printf("\nwhere clause: \n\t%s\n", pStmt.getWhereClause().getCondition().toString());
}
// group by
if (pStmt.getGroupByClause() != null)
{
//System.out.printf("\ngroup by: \n\t%s\n",pStmt.getGroupByClause().toString());
System.out.printf("\nGroup by:");
for(int i=0;i<pStmt.getGroupByClause().getItems().size();i++)
{
System.out.printf("\n\t%s",pStmt.getGroupByClause().getItems().getGroupByItem(i).toString());
}
}
// order by
if (pStmt.getOrderbyClause() != null)
{
System.out.printf("\norder by:");
for(int i=0;i<pStmt.getOrderbyClause().getItems().size();i++)
{
System.out.printf("\n\t%s",pStmt.getOrderbyClause().getItems().getOrderByItem(i).toString());
}
}
// for update
if (pStmt.getForUpdateClause() != null)
{
System.out.printf("for update: \n%s\n",pStmt.getForUpdateClause().toString());
}
// top clause
if (pStmt.getTopClause() != null)
{
System.out.printf("top clause: \n%s\n",pStmt.getTopClause().toString());
}
}
//check if table is present or not. if present open tablename.csv and tablename.data
printSelect.main(null);
}
}
packagedbs;
导入gudusoft.gsqlparser.edbvendo;
导入gudusoft.gsqlparser.TCustomSqlStatement;
导入gudusoft.gsqlparser.TGSqlParser;
导入gudusoft.gsqlparser.nodes.TColumnDefinition;
导入gudusoft.gsqlparser.nodes.TConstraint;
导入gudusoft.gsqlparser.nodes.TResultColumn;
导入gudusoft.gsqlparser.stmt.TCreateTableSqlStatement;
导入gudusoft.gsqlparser.stmt.TSelectSqlStatement;
导入java.io.BufferedReader;
导入java.io.BufferedWriter;
导入java.io.DataInputStream;
导入java.io.File;
导入java.io.FileInputStream;
导入java.io.FileNotFoundException;
导入java.io.FileReader;
导入java.io.FileWriter;
导入java.io.IOException;
导入java.io.InputStreamReader;
导入java.io.PrintWriter;
导入java.io.RandomAccessFile;
导入java.io.UnsupportedEncodingException;
导入java.util.ArrayList;
导入java.util.array;
导入java.util.HashMap;
导入java.util.Iterator;
导入java.util.LinkedList;
导入java.util.List;
导入java.util.Scanner;
导入java.util.Set;
导入java.util.TreeMap;
公共类DBSystem扩展了printSelect
{
静态字符串tName=null;
静态字符串s=null;
静态布尔值a=true;
静态字符串config_path=“tmp\\config.txt”;
公共静态void main(字符串args[])引发IOException
{
TGSqlParser sqlparser=新的TGSqlParser(edbvendo.dbvoracle);
尝试
{
BufferedReader bufferRead=新的BufferedReader(新的InputStreamReader(System.in));
s=bufferRead.readLine();
}
捕获(IOE异常)
{
e、 printStackTrace();
}
sqlparser.sqltext=s.toString();
int-ret=sqlparser.parse();
如果(ret==0)
{
对于(int i=0;iNo)这是不可能的。共享一个共同的祖先是不够的。TSelectSqlStatement不是TCreateTableSqlStatement,因此TCreateTableSqlStatement引入的任何成员函数都不能在TSelectSqlStatement类型的对象上调用。如果您可以强制编译器这样做,它很可能会崩溃,因为函数不知道如何做正确的事情
如果您需要解决方法,请在问题中指定您需要的特定函数。这可能是通过另一种方式实现的。我应该使用getTargetTable方法,当它返回时,我会将其转换为字符串。该函数在基类TcustomSql语句中声明,因此您调用它时不会遇到任何问题。请编辑包含您尝试的代码和从编译器中得到的错误是您的问题。我已编辑代码以包含代码和错误
package dbs;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import gudusoft.gsqlparser.EDbVendor;
import gudusoft.gsqlparser.TCustomSqlStatement;
import gudusoft.gsqlparser.TGSqlParser;
import gudusoft.gsqlparser.stmt.TCreateTableSqlStatement;
public class printSelect
{
static String p=null,tName;
static int x=0,y=0;
static boolean s=false;
public static void main(String args[]) throws IOException
{
TGSqlParser sqlparser = new TGSqlParser(EDbVendor.dbvoracle);
p=DBSystem.s;
System.out.println(p);
sqlparser.sqltext=p.toString();
int ret = sqlparser.parse();
if (ret == 0)
{
for(int i=0;i<sqlparser.sqlstatements.size();i++)
{
//analyze(sqlparser.sqlstatements.get(i));
System.out.println("");
}
}
}
public static void analyze(TCustomSqlStatement stmnt) throws IOException
{
x=checkPresent((TCreateTableSqlStatement)stmnt);
if(x==1)
{
printSelect((TCreateTableSqlStatement)stmnt);
}
else
{
System.out.println("Table Doesnt exist");
}
}
private static int checkPresent(TCreateTableSqlStatement stmnt) throws IOException
{
tName=stmnt.getTargetTable().toString();
FileInputStream fstream1 = new FileInputStream(DBSystem.config_path);
DataInputStream in1 = new DataInputStream(fstream1);
BufferedReader br1 = new BufferedReader(new InputStreamReader(in1));
while (br1.readLine() != null)
{
do
{
if(!(tName.equalsIgnoreCase(br1.readLine())))
{
s=true;
y=0;
}
}while(br1.readLine() != null);
if(s==false)
{
y=1;
}
}
br1.close();
return y;
}
private static void printSelect(TCreateTableSqlStatement stmnt) throws IOException
{
tName=stmnt.getTargetTable().toString();
System.out.println(tName);
BufferedReader in=new BufferedReader(new FileReader(tName+".csv"));
String line;
while((line = in.readLine()) != null)
{
System.out.println(line);
}
in.close();
}
}