def query_tree(self, sql_content, instance_name, db_name):
try:
inception_engine = InceptionEngine()
instance = Instance.objects.get(instance_name=instance_name)
print_info = inception_engine.query_print(instance=instance, db_name=db_name, sql=sql_content).rows
except Exception as e:
raise Exception('通过inception获取语法树异常,请检查inception配置,确保inception可以访问实例:' + str(e))
else:
if print_info:
id = print_info[0][0]
statement = print_info[0][1]
# 返回值为非0的情况下,说明是有错的,1表示警告,不影响执行,2表示严重错误,必须修改
errlevel = print_info[0][2]
query_tree = print_info[0][3]
errmsg = print_info[0][4]
# 提交给inception语法错误的情况
if errmsg == 'Global environment':
errlevel = 2
errmsg = 'Global environment: ' + query_tree
if errlevel == 0:
pass
# print(json.dumps(json.loads(query_tree), indent=4, sort_keys=False, ensure_ascii=False))
return {'id': id, 'statement': statement, 'errlevel': errlevel, 'query_tree': query_tree,
'errmsg': errmsg}
else:
return None
def data_masking(instance, db_name, sql, sql_result):
"""脱敏数据"""
try:
if SysConfig().get('query_check'):
# 解析查询语句,禁用部分Inception无法解析关键词
p = sqlparse.parse(sql)[0]
for token in p.tokens:
if token.ttype is Keyword and token.value.upper() in [
'UNION', 'UNION ALL'
]:
logger.warning(f'数据脱敏异常,错误信息:不支持该查询语句脱敏!请联系管理员')
sql_result.error = '不支持该查询语句脱敏!请联系管理员'
sql_result.status = 1
return sql_result
# 通过inception获取语法树,并进行解析
inception_engine = InceptionEngine()
query_tree = inception_engine.query_print(instance=instance,
db_name=db_name,
sql=sql)
# 分析语法树获取命中脱敏规则的列数据
table_hit_columns, hit_columns = analyze_query_tree(
query_tree, instance)
sql_result.mask_rule_hit = True if table_hit_columns or hit_columns else False
except Exception as msg:
logger.warning(f'数据脱敏异常,错误信息:{traceback.format_exc()}')
sql_result.error = str(msg)
sql_result.status = 1
else:
# 存在select * 的查询,遍历column_list,获取命中列的index,添加到hit_columns
if table_hit_columns and sql_result.rows:
column_list = sql_result.column_list
table_hit_column = dict()
for column_info in table_hit_columns:
table_hit_column[
column_info['column_name']] = column_info['rule_type']
for index, item in enumerate(column_list):
if item in table_hit_column.keys():
hit_columns.append({
"column_name": item,
"index": index,
"rule_type": table_hit_column.get(item)
})
# 对命中规则列hit_columns的数据进行脱敏
# 获取全部脱敏规则信息,减少循环查询,提升效率
masking_rules = DataMaskingRules.objects.all()
if hit_columns and sql_result.rows:
rows = list(sql_result.rows)
for column in hit_columns:
index = column['index']
for idx, item in enumerate(rows):
rows[idx] = list(item)
rows[idx][index] = regex(masking_rules,
column['rule_type'],
rows[idx][index])
sql_result.rows = rows
# 脱敏结果
sql_result.is_masked = True
return sql_result
def test_query_print(self, _query):
sql = 'update user set id=100'
row = [1,
'select * from sql_instance limit 100',
0,
'{"command":"select","select_list":[{"type":"FIELD_ITEM","field":"*"}],"table_ref":[{"db":"archery","table":"sql_instance"}],"limit":{"limit":[{"type":"INT_ITEM","value":"100"}]}}',
'None']
column_list = ['ID', 'statement', 'errlevel', 'query_tree', 'errmsg']
_query.return_value = ResultSet(full_sql=sql, rows=[row], column_list=column_list)
new_engine = InceptionEngine()
print_result = new_engine.query_print(self.ins, db_name=None, sql=sql)
self.assertDictEqual(print_result, json.loads(_repair_json_str(row[3])))
def data_masking(instance, db_name, sql, sql_result):
try:
# 通过inception获取语法树,并进行解析
inception_engine = InceptionEngine()
query_tree = inception_engine.query_print(instance=instance,
db_name=db_name,
sql=sql)
# 分析语法树获取命中脱敏规则的列数据
table_hit_columns, hit_columns = analyze_query_tree(
query_tree, instance)
sql_result.mask_rule_hit = 1 if table_hit_columns or hit_columns else 2
except Exception as msg:
sql_result.error = str(msg)
sql_result.status = 1
else:
# 存在select * 的查询,遍历column_list,获取命中列的index,添加到hit_columns
if table_hit_columns and sql_result.rows:
column_list = sql_result.column_list
table_hit_column = dict()
for column_info in table_hit_columns:
table_hit_column_info = {}
rule_type = column_info['rule_type']
table_hit_column_info[column_info['column_name']] = rule_type
table_hit_column.update(table_hit_column_info)
for index, item in enumerate(column_list):
if item in table_hit_column.keys():
column = dict()
column['column_name'] = item
column['index'] = index
column['rule_type'] = table_hit_column.get(item)
hit_columns.append(column)
# 对命中规则列hit_columns的数据进行脱敏
# 获取全部脱敏规则信息,减少循环查询,提升效率
masking_rules = DataMaskingRules.objects.all()
if hit_columns and sql_result.rows:
rows = list(sql_result.rows)
for column in hit_columns:
index = column['index']
for idx, item in enumerate(rows):
rows[idx] = list(item)
rows[idx][index] = regex(masking_rules,
column['rule_type'],
rows[idx][index])
sql_result.rows = rows
# 脱敏结果
sql_result.is_masked = 1
return sql_result
def data_masking(instance, db_name, sql, sql_result):
"""脱敏数据"""
try:
# 通过inception获取语法树,并进行解析
inception_engine = InceptionEngine()
query_tree = inception_engine.query_print(instance=instance,
db_name=db_name,
sql=sql)
# 分析语法树获取命中脱敏规则的列数据
table_hit_columns, hit_columns = analyze_query_tree(
query_tree, instance)
sql_result.mask_rule_hit = True if table_hit_columns or hit_columns else False
except Exception as msg:
logger.error(f'数据脱敏异常,错误信息:{traceback.format_exc()}')
sql_result.error = str(msg)
sql_result.status = 1
else:
# 存在select * 的查询,遍历column_list,获取命中列的index,添加到hit_columns
if table_hit_columns and sql_result.rows:
column_list = sql_result.column_list
table_hit_column = dict()
for column_info in table_hit_columns:
table_hit_column[
column_info['column_name']] = column_info['rule_type']
for index, item in enumerate(column_list):
if item in table_hit_column.keys():
hit_columns.append({
"column_name": item,
"index": index,
"rule_type": table_hit_column.get(item)
})
# 对命中规则列hit_columns的数据进行脱敏
# 获取全部脱敏规则信息,减少循环查询,提升效率
masking_rules = DataMaskingRules.objects.all()
if hit_columns and sql_result.rows:
rows = list(sql_result.rows)
for column in hit_columns:
index = column['index']
for idx, item in enumerate(rows):
rows[idx] = list(item)
rows[idx][index] = regex(masking_rules,
column['rule_type'],
rows[idx][index])
sql_result.rows = rows
# 脱敏结果
sql_result.is_masked = True
return sql_result
def _table_ref(sql_content, instance, db_name):
"""
解析语法树,获取语句涉及的表,用于查询权限限制
:param sql_content:
:param instance:
:param db_name:
:return:
"""
inception_engine = InceptionEngine()
query_tree = inception_engine.query_print(instance=instance,
db_name=db_name,
sql=sql_content)
table_ref = query_tree.get('table_ref', [])
db_list = [table_info['db'] for table_info in table_ref]
table_list = [table_info['table'] for table_info in table_ref]
# 异常解析的情形
if '' in db_list or '*' in table_list:
raise RuntimeError('Inception Error: 存在空数据库表信息')
if not (db_list or table_list):
raise RuntimeError('Inception Error: 未解析到任何库表信息')
return table_ref
