ResultSetScannerInterceptor.java example

Explorer
Bescrewed-master
- .settings
  - mysql-connector-java-5.1.12
    - src
- src
  - bw1.java
  - screwcore
  - splash
    - Splash.java
/*
 Copyright  2007 MySQL AB, 2008 Sun Microsystems
 All rights reserved. Use is subject to license terms.

  The MySQL Connector/J is licensed under the terms of the GPL,
  like most MySQL Connectors. There are special exceptions to the
  terms and conditions of the GPL as it is applied to this software,
  see the FLOSS License Exception available on mysql.com.

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License as
  published by the Free Software Foundation; version 2 of the
  License.

  This program is distributed in the hope that it will be useful,  
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  02110-1301 USA
 
 */

package com.mysql.jdbc.interceptors;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.sql.SQLException;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import com.mysql.jdbc.Connection;
import com.mysql.jdbc.ResultSetInternalMethods;
import com.mysql.jdbc.Statement;
import com.mysql.jdbc.StatementInterceptor;

public class ResultSetScannerInterceptor implements StatementInterceptor {
	
	private Pattern regexP;
	
	public void init(Connection conn, Properties props) throws SQLException {
		String regexFromUser = props.getProperty("resultSetScannerRegex");
		
		if (regexFromUser == null || regexFromUser.length() == 0) {
			throw new SQLException("resultSetScannerRegex must be configured, and must be > 0 characters");
		}
		
		try {
			this.regexP = Pattern.compile(regexFromUser);
		} catch (Throwable t) {
			SQLException sqlEx = new SQLException("Can't use configured regex due to underlying exception.");
			sqlEx.initCause(t);
			
			throw sqlEx;
		}
		
	}
	
	public ResultSetInternalMethods postProcess(String sql, Statement interceptedStatement,
			ResultSetInternalMethods originalResultSet, Connection connection)
			throws SQLException {
		
		// requirement of anonymous class
		final ResultSetInternalMethods finalResultSet = originalResultSet;
		
		return (ResultSetInternalMethods)Proxy.newProxyInstance(originalResultSet.getClass().getClassLoader(),
				new Class[] {ResultSetInternalMethods.class},
				new InvocationHandler() {

					public Object invoke(Object proxy, Method method,
							Object[] args) throws Throwable {
						
						Object invocationResult = method.invoke(finalResultSet, args);
						
						String methodName = method.getName();
						
						if (invocationResult != null && invocationResult instanceof String 
								|| "getString".equals(methodName) 
								|| "getObject".equals(methodName)
								|| "getObjectStoredProc".equals(methodName)) {
							Matcher matcher = regexP.matcher(invocationResult.toString());
							
							if (matcher.matches()) {
								throw new SQLException("value disallowed by filter");
							}
						}
						
						return invocationResult;
					}});
	
	}

	public ResultSetInternalMethods preProcess(String sql, Statement interceptedStatement,
			Connection connection) throws SQLException {
		// we don't care about this event
		
		return null;
	}

	// we don't issue queries, so it should be safe to intercept
	// at any point
	public boolean executeTopLevelOnly() {
		return false;
	}

	public void destroy() {

		
	}
}