ResultSetScannerInterceptor.java example

Explorer
NemoVelo-master
/*
 Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
 

  The MySQL Connector/J is licensed under the terms of the GPLv2
  <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most MySQL Connectors.
  There are special exceptions to the terms and conditions of the GPLv2 as it is applied to
  this software, see the FLOSS License Exception
  <http://www.mysql.com/about/legal/licensing/foss-exception.html>.

  This program is free software; you can redistribute it and/or modify it under the terms
  of the GNU General Public License as published by the Free Software Foundation; version 2
  of the License.

  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
  without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  See the GNU General Public License for more details.

  You should have received a copy of the GNU General Public License along with this
  program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth
  Floor, Boston, MA 02110-1301  USA
 
 */

package com.mysql.jdbc.interceptors;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.sql.SQLException;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import com.mysql.jdbc.Connection;
import com.mysql.jdbc.ResultSetInternalMethods;
import com.mysql.jdbc.Statement;
import com.mysql.jdbc.StatementInterceptor;

public class ResultSetScannerInterceptor implements StatementInterceptor {
	
	protected Pattern regexP;
	
	public void init(Connection conn, Properties props) throws SQLException {
		String regexFromUser = props.getProperty("resultSetScannerRegex");
		
		if (regexFromUser == null || regexFromUser.length() == 0) {
			throw new SQLException("resultSetScannerRegex must be configured, and must be > 0 characters");
		}
		
		try {
			this.regexP = Pattern.compile(regexFromUser);
		} catch (Throwable t) {
			SQLException sqlEx = new SQLException("Can't use configured regex due to underlying exception.");
			sqlEx.initCause(t);
			
			throw sqlEx;
		}
		
	}
	
	public ResultSetInternalMethods postProcess(String sql, Statement interceptedStatement,
			ResultSetInternalMethods originalResultSet, Connection connection)
			throws SQLException {
		
		// requirement of anonymous class
		final ResultSetInternalMethods finalResultSet = originalResultSet;
		
		return (ResultSetInternalMethods)Proxy.newProxyInstance(originalResultSet.getClass().getClassLoader(),
				new Class[] {ResultSetInternalMethods.class},
				new InvocationHandler() {

					public Object invoke(Object proxy, Method method,
							Object[] args) throws Throwable {
						
						Object invocationResult = method.invoke(finalResultSet, args);
						
						String methodName = method.getName();
						
						if (invocationResult != null && invocationResult instanceof String 
								|| "getString".equals(methodName) 
								|| "getObject".equals(methodName)
								|| "getObjectStoredProc".equals(methodName)) {
							Matcher matcher = regexP.matcher(invocationResult.toString());
							
							if (matcher.matches()) {
								throw new SQLException("value disallowed by filter");
							}
						}
						
						return invocationResult;
					}});
	
	}

	public ResultSetInternalMethods preProcess(String sql, Statement interceptedStatement,
			Connection connection) throws SQLException {
		// we don't care about this event
		
		return null;
	}

	// we don't issue queries, so it should be safe to intercept
	// at any point
	public boolean executeTopLevelOnly() {
		return false;
	}

	public void destroy() {

		
	}
}