1 /*
2  * Copyright (c) 2021-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SQL_ANALYZER_H
17 #define SQL_ANALYZER_H
18 
19 #include <string>
20 
21 #include "values_bucket.h"
22 
23 #include "common.h"
24 
25 namespace OHOS {
26 namespace Contacts {
27 class SqlAnalyzer {
28 public:
29     SqlAnalyzer();
30     ~SqlAnalyzer();
31 
32     bool CheckValuesBucket(const OHOS::NativeRdb::ValuesBucket &value);
33     bool FindIllegalWords(std::string sql);
34     bool StrCheck(char &ch, std::size_t strlen, std::string sql, std::size_t &pos);
35     bool CharCheck(char &ch, std::string sql, std::size_t &pos);
36 
37 private:
IsNumber(char ch)38     inline bool IsNumber(char ch)
39     {
40         return (ch >= '0' && ch <= '9');
41     }
IsLetter(char ch)42     inline bool IsLetter(char ch)
43     {
44         return (ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch == '_');
45     }
IsLetterNumber(char ch)46     inline bool IsLetterNumber(char ch)
47     {
48         return IsNumber(ch) || IsLetter(ch);
49     }
PickChar(std::string str, std::size_t index)50     inline char PickChar(std::string str, std::size_t index)
51     {
52         if (index < str.length()) {
53             return str.at(index);
54         }
55         return '\0';
56     }
IsInStr(char ch, std::string str)57     inline int IsInStr(char ch, std::string str)
58     {
59         std::size_t pos = str.find(ch);
60         if (pos == std::string::npos) {
61             return OPERATION_ERROR;
62         }
63         return 0;
64     }
ParseSpecial(std::string originString)65     std::string ParseSpecial(std::string originString)
66     {
67         std::vector<char> needsTransform = {'\'', '\"', ';', '_', '-', '\\', '%', '[', ']', '/', '*', '`'};
68         std::string parsedString;
69         for (unsigned int i = 0; i < originString.size(); i++) {
70             char curChar = originString.at(i);
71             if (std::find(needsTransform.begin(), needsTransform.end(), curChar) != needsTransform.end()) {
72                 parsedString += '\\' + curChar;
73             } else {
74                 parsedString += curChar;
75             }
76         }
77         return parsedString;
78     }
79 };
80 } // namespace Contacts
81 } // namespace OHOS
82 #endif // SQL_ANALYZER_H
83