Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Doc] Update SQL Blacklist #48996

Merged
merged 2 commits into from
Jul 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions docs/en/administration/management/resource_management/Blacklist.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ admin set frontend config ("enable_sql_blacklist" = "true")
The admin user who has ADMIN_PRIV privileges can manage blacklists by executing the following commands:

~~~sql
ADD SQLBLACKLIST #sql#
DELETE SQLBLACKLIST #sql#
SHOW SQLBLACKLISTS
ADD SQLBLACKLIST "<sql>"
DELETE SQLBLACKLIST <sql_index_number>
SHOW SQLBLACKLISTS
~~~

* When `enable_sql_blacklist` is true, every SQL query needs to be filtered by sqlblacklist. If it matches, the user will be informed that theSQL is in the blacklist. Otherwise, the SQL will be executed normally. The message may be as follows when the SQL is blacklisted:
Expand All @@ -31,10 +31,16 @@ SHOW SQLBLACKLISTS
## Add blacklist

~~~sql
ADD SQLBLACKLIST #sql#
ADD SQLBLACKLIST "<sql>"
~~~

**#sql#** is a regular expression for a certain type of SQL. Since SQL itself contains the common characters `(`, `)`, `*`, `.` that may be mixed up with the semantics of regular expressions, so we need to distinguish those by using escape characters. Given that `(` and `)` are used too often in SQL, there is no need to use escape characters. Other special characters need to use the escape character `\` as a prefix. For example:
**sql** is a regular expression for a certain type of SQL.

:::tip
Currently, StarRocks supports adding SELECT statements to the SQL Blacklist.
:::

Since SQL itself contains the common characters `(`, `)`, `*`, `.` that may be mixed up with the semantics of regular expressions, so we need to distinguish those by using escape characters. Given that `(` and `)` are used too often in SQL, there is no need to use escape characters. Other special characters need to use the escape character `\` as a prefix. For example:

* Prohibit `count(\*)`:

Expand Down Expand Up @@ -88,13 +94,15 @@ The SQL shown in `Forbidden SQL` is escaped for all SQL semantic characters.
## Delete blacklist

~~~sql
DELETE SQLBLACKLIST #indexlist#
DELETE SQLBLACKLIST <sql_index_number>
~~~

For example, delete the sqlblacklist 3 and 4 in the above blacklist:
`<sql_index_number>` is a list of SQL IDs separated by comma (,).

For example, delete the No.3 and No.4 SQLs in the above blacklist:

~~~sql
delete sqlblacklist 3, 4; -- #indexlist# is a list of IDs separated by comma (,).
delete sqlblacklist 3, 4;
~~~

Then, the remaining sqlblacklist is as follows:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ For more about SQL Blacklist, see [Manage SQL Blacklist](../../../administration

:::tip

This operation requires the SYSTEM-level BLACKLIST privilege. You can follow the instructions in [GRANT](../account-management/GRANT.md) to grant this privilege.
- This operation requires the SYSTEM-level BLACKLIST privilege. You can follow the instructions in [GRANT](../account-management/GRANT.md) to grant this privilege.
- Currently, StarRocks supports adding SELECT statements to the SQL Blacklist.

:::

Expand Down
18 changes: 12 additions & 6 deletions docs/zh/administration/management/resource_management/Blacklist.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
displayed_sidebar: "Chinese"
---

---
displayed_sidebar: "Chinese"
---
# 管理黑名单

本文介绍如何管理 SQL 黑名单 (SQL Blacklist)。
Expand All @@ -25,10 +25,16 @@ ADMIN SET FRONTEND CONFIG ("enable_sql_blacklist" = "true");
通过以下命令添加 SQL 黑名单。

```sql
ADD SQLBLACKLIST "sql";
ADD SQLBLACKLIST "<sql>";
```

**"sql"**:某类 SQL 的正则表达式。由于 SQL 常用字符里面就包含 `(`、`)`、`*`、`.` 等字符,这些字符会和正则表达式中的语义混淆,因此在设置黑名单的时候需要通过转义符作出区分,鉴于 `(` 和 `)` 在SQL中使用频率过高,我们内部进行了处理,设置的时候不需要转义,其他特殊字符需要使用转义字符"\"作为前缀。
**sql**:某类 SQL 的正则表达式。

:::tip
当前 StarRocks 支持将 SELECT 语句加入 SQL 黑名单。
:::

由于 SQL 常用字符里面就包含 `(`、`)`、`*`、`.` 等字符,这些字符会和正则表达式中的语义混淆,因此在设置黑名单的时候需要通过转义符作出区分,鉴于 `(` 和 `)` 在SQL中使用频率过高,我们内部进行了处理,设置的时候不需要转义,其他特殊字符需要使用转义字符"\"作为前缀。

示例:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ displayed_sidebar: "Chinese"

:::tip

该操作需要 SYSTEM 级的 BLACKLIST 权限。请参考 [GRANT](../account-management/GRANT.md) 为用户赋权。

- 该操作需要 SYSTEM 级的 BLACKLIST 权限。请参考 [GRANT](../account-management/GRANT.md) 为用户赋权。
- 当前 StarRocks 支持将 SELECT 语句加入 SQL 黑名单。
:::

## 语法
Expand Down
Loading