Inicio Explorar Axuda
Iniciar sesión
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 627b8c45d2
Ramas Etiquetas
emqx4.3
/
apps
/
emqx_utils
/
src
/
emqx_utils_sql.erl

emqx_utils_sql.erl 6.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172 
  1. %%--------------------------------------------------------------------
    2. 

  2. %% Copyright (c) 2022-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
    3. 

  3. %%
    4. 

  4. %% Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. %% you may not use this file except in compliance with the License.
    6. 

  6. %% You may obtain a copy of the License at
    7. 

  7. %%
    8. 

  8. %%     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. %%
    10. 

  10. %% Unless required by applicable law or agreed to in writing, software
    11. 

  11. %% distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. %% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. %% See the License for the specific language governing permissions and
    14. 

  14. %% limitations under the License.
    15. 

  15. %%--------------------------------------------------------------------
    16. 

  16. 

  17. -module(emqx_utils_sql).
    18. 

  18. 

  19. -export([get_statement_type/1]).
    20. 

  20. -export([parse_insert/1]).
    21. 

  21. 

  22. -export([to_sql_value/1]).
    23. 

  23. -export([to_sql_string/2]).
    24. 

  24. 

  25. -export([escape_sql/1]).
    26. 

  26. -export([escape_cql/1]).
    27. 

  27. -export([escape_mysql/1]).
    28. 

  28. 

  29. -export_type([value/0]).
    30. 

  30. 

  31. -type statement_type() :: select | insert | delete | update.
    32. 

  32. -type value() :: null | binary() | number() | boolean() | [value()].
    33. 

  33. 

  34. -dialyzer({no_improper_lists, [escape_mysql/4, escape_prepend/4]}).
    35. 

  35. 

  36. -spec get_statement_type(iodata()) -> statement_type() | {error, unknown}.
    37. 

  37. get_statement_type(Query) ->
    38. 

  38.     KnownTypes = #{
    39. 

  39.         <<"select">> => select,
    40. 

  40.         <<"insert">> => insert,
    41. 

  41.         <<"update">> => update,
    42. 

  42.         <<"delete">> => delete
    43. 

  43.     },
    44. 

  44.     case re:run(Query, <<"^\\s*([a-zA-Z]+)">>, [{capture, all_but_first, binary}]) of
    45. 

  45.         {match, [Token]} ->
    46. 

  46.             maps:get(string:lowercase(Token), KnownTypes, {error, unknown});
    47. 

  47.         _ ->
    48. 

  48.             {error, unknown}
    49. 

  49.     end.
    50. 

  50. 

  51. %% @doc Parse an INSERT SQL statement into its INSERT part and the VALUES part.
    52. 

  52. %% SQL = <<"INSERT INTO \"abc\" (c1, c2, c3) VALUES (${a}, ${b}, ${c.prop})">>
    53. 

  53. %% {ok, {<<"INSERT INTO \"abc\" (c1, c2, c3)">>, <<"(${a}, ${b}, ${c.prop})">>}}
    54. 

  54. -spec parse_insert(iodata()) ->
    55. 

  55.     {ok, {_Statement :: binary(), _Rows :: binary()}} | {error, not_insert_sql}.
    56. 

  56. parse_insert(SQL) ->
    57. 

  57.     Pattern = <<
    58. 

  58.         %% case-insensitive
    59. 

  59.         "(?i)^\\s*",
    60. 

  60.         %% Group-1: insert into, table name and columns (when existed).
    61. 

  61.         %% All space characters suffixed to <TABLE_NAME> will be kept
    62. 

  62.         %% `INSERT INTO <TABLE_NAME> [(<COLUMN>, ..)]`
    63. 

  63.         "(insert\\s+into\\s+[^\\s\\(\\)]+\\s*(?:\\([^\\)]*\\))?)",
    64. 

  64.         %% Keyword: `VALUES`
    65. 

  65.         "\\s*values\\s*",
    66. 

  66.         %% Group-2: literals value(s) or placeholder(s) with round brackets.
    67. 

  67.         %% And the sub-pattern in brackets does not do any capturing
    68. 

  68.         %% `([<VALUE> | <PLACEHOLDER>], ..])`
    69. 

  69.         "(\\((?:[^()]++|(?2))*\\))",
    70. 

  70.         "\\s*$"
    71. 

  71.     >>,
    72. 

  72. 

  73.     case re:run(SQL, Pattern, [{capture, all_but_first, binary}]) of
    74. 

  74.         {match, [InsertInto, ValuesTemplate]} ->
    75. 

  75.             {ok, {InsertInto, ValuesTemplate}};
    76. 

  76.         nomatch ->
    77. 

  77.             {error, not_insert_sql}
    78. 

  78.     end.
    79. 

  79. 

  80. %% @doc Convert an Erlang term to a value that can be used primarily in
    81. 

  81. %% prepared SQL statements.
    82. 

  82. -spec to_sql_value(term()) -> value().
    83. 

  83. to_sql_value(undefined) -> null;
    84. 

  84. to_sql_value(List) when is_list(List) -> List;
    85. 

  85. to_sql_value(Bin) when is_binary(Bin) -> Bin;
    86. 

  86. to_sql_value(Num) when is_number(Num) -> Num;
    87. 

  87. to_sql_value(Bool) when is_boolean(Bool) -> Bool;
    88. 

  88. to_sql_value(Atom) when is_atom(Atom) -> atom_to_binary(Atom, utf8);
    89. 

  89. to_sql_value(Map) when is_map(Map) -> emqx_utils_json:encode(Map).
    90. 

  90. 

  91. %% @doc Convert an Erlang term to a string that can be interpolated in literal
    92. 

  92. %% SQL statements. The value is escaped if necessary.
    93. 

  93. -spec to_sql_string(term(), Options) -> unicode:chardata() when
    94. 

  94.     Options :: #{
    95. 

  95.         escaping => mysql | sql | cql,
    96. 

  96.         undefined => null | unicode:chardata()
    97. 

  97.     }.
    98. 

  98. to_sql_string(undefined, #{undefined := Str} = Opts) when Str =/= null ->
    99. 

  99.     to_sql_string(Str, Opts);
    100. 

  100. to_sql_string(undefined, #{}) ->
    101. 

  101.     <<"NULL">>;
    102. 

  102. to_sql_string(String, #{escaping := mysql}) when is_binary(String) ->
    103. 

  103.     try
    104. 

  104.         escape_mysql(String)
    105. 

  105.     catch
    106. 

  106.         throw:invalid_utf8 ->
    107. 

  107.             [<<"0x">>, binary:encode_hex(String)]
    108. 

  108.     end;
    109. 

  109. to_sql_string(Term, #{escaping := mysql}) ->
    110. 

  110.     maybe_escape(Term, fun escape_mysql/1);
    111. 

  111. to_sql_string(Term, #{escaping := cql}) ->
    112. 

  112.     maybe_escape(Term, fun escape_cql/1);
    113. 

  113. to_sql_string(Term, #{}) ->
    114. 

  114.     maybe_escape(Term, fun escape_sql/1).
    115. 

  115. 

  116. -spec maybe_escape(_Value, fun((binary()) -> iodata())) -> unicode:chardata().
    117. 

  117. maybe_escape(Str, EscapeFun) when is_binary(Str) ->
    118. 

  118.     EscapeFun(Str);
    119. 

  119. maybe_escape(Str, EscapeFun) when is_list(Str) ->
    120. 

  120.     case unicode:characters_to_binary(Str) of
    121. 

  121.         Bin when is_binary(Bin) ->
    122. 

  122.             EscapeFun(Bin);
    123. 

  123.         Otherwise ->
    124. 

  124.             error(Otherwise)
    125. 

  125.     end;
    126. 

  126. maybe_escape(Val, EscapeFun) when is_atom(Val) orelse is_map(Val) ->
    127. 

  127.     EscapeFun(emqx_template:to_string(Val));
    128. 

  128. maybe_escape(Val, _EscapeFun) ->
    129. 

  129.     emqx_template:to_string(Val).
    130. 

  130. 

  131. -spec escape_sql(binary()) -> iodata().
    132. 

  132. escape_sql(S) ->
    133. 

  133.     % NOTE
    134. 

  134.     % This is a bit misleading: currently, escaping logic in `escape_sql/1` likely
    135. 

  135.     % won't work with pgsql since it does not support C-style escapes by default.
    136. 

  136.     % https://www.postgresql.org/docs/14/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
    137. 

  137.     ES = binary:replace(S, [<<"\\">>, <<"'">>], <<"\\">>, [global, {insert_replaced, 1}]),
    138. 

  138.     [$', ES, $'].
    139. 

  139. 

  140. -spec escape_cql(binary()) -> iodata().
    141. 

  141. escape_cql(S) ->
    142. 

  142.     ES = binary:replace(S, <<"'">>, <<"'">>, [global, {insert_replaced, 1}]),
    143. 

  143.     [$', ES, $'].
    144. 

  144. 

  145. -spec escape_mysql(binary()) -> iodata().
    146. 

  146. escape_mysql(S0) ->
    147. 

  147.     % https://dev.mysql.com/doc/refman/8.0/en/string-literals.html
    148. 

  148.     [$', escape_mysql(S0, 0, 0, S0), $'].
    149. 

  149. 

  150. %% NOTE
    151. 

  151. %% This thing looks more complicated than needed because it's optimized for as few
    152. 

  152. %% intermediate memory (re)allocations as possible.
    153. 

  153. escape_mysql(<<$', Rest/binary>>, I, Run, Src) ->
    154. 

  154.     escape_prepend(I, Run, Src, [<<"\\'">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    155. 

  155. escape_mysql(<<$\\, Rest/binary>>, I, Run, Src) ->
    156. 

  156.     escape_prepend(I, Run, Src, [<<"\\\\">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    157. 

  157. escape_mysql(<<0, Rest/binary>>, I, Run, Src) ->
    158. 

  158.     escape_prepend(I, Run, Src, [<<"\\0">> | escape_mysql(Rest, I + Run + 1, 0, Src)]);
    159. 

  159. escape_mysql(<<_/utf8, Rest/binary>> = S, I, Run, Src) ->
    160. 

  160.     CWidth = byte_size(S) - byte_size(Rest),
    161. 

  161.     escape_mysql(Rest, I, Run + CWidth, Src);
    162. 

  162. escape_mysql(<<>>, 0, _, Src) ->
    163. 

  163.     Src;
    164. 

  164. escape_mysql(<<>>, I, Run, Src) ->
    165. 

  165.     binary:part(Src, I, Run);
    166. 

  166. escape_mysql(_, _I, _Run, _Src) ->
    167. 

  167.     throw(invalid_utf8).
    168. 

  168. 

  169. escape_prepend(_RunI, 0, _Src, Tail) ->
    170. 

  170.     Tail;
    171. 

  171. escape_prepend(I, Run, Src, Tail) ->
    172. 

  172.     [binary:part(Src, I, Run) | Tail].
    173.