From 9416c12df248d4d5695ed06e724589c91c24c2d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=B5=B5=E7=A9=BA=E4=BA=8B=E3=82=B9=E3=83=94=E3=83=AA?= =?UTF-8?q?=E3=83=83=E3=83=88?= Date: Sat, 27 Jul 2024 12:58:56 +0800 Subject: [PATCH 1/3] [Doc] Update SQL Blacklist (#48996) (cherry picked from commit 5cf740c0c15a6164035050815ed0e43f3815d392) # Conflicts: # docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md # docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md --- docs/en/administration/Blacklist.md | 24 ++++++++++++------- .../Administration/ADD_SQLBLACKLIST.md | 9 +++++++ docs/zh/administration/Blacklist.md | 18 +++++++++----- .../Administration/ADD_SQLBLACKLIST.md | 10 ++++++++ 4 files changed, 47 insertions(+), 14 deletions(-) diff --git a/docs/en/administration/Blacklist.md b/docs/en/administration/Blacklist.md index e9259c873f05e..142730893efaa 100644 --- a/docs/en/administration/Blacklist.md +++ b/docs/en/administration/Blacklist.md @@ -19,9 +19,9 @@ admin set frontend config ("enable_sql_blacklist" = "true") The admin user who has ADMIN_PRIV privileges can manage blacklists by executing the following commands: ~~~sql -ADD SQLBLACKLIST #sql# -DELETE SQLBLACKLIST #sql# -SHOW SQLBLACKLISTS +ADD SQLBLACKLIST "" +DELETE SQLBLACKLIST +SHOW SQLBLACKLISTS ~~~ * When `enable_sql_blacklist` is true, every SQL query needs to be filtered by sqlblacklist. If it matches, the user will be informed that theSQL is in the blacklist. Otherwise, the SQL will be executed normally. The message may be as follows when the SQL is blacklisted: @@ -31,10 +31,16 @@ SHOW SQLBLACKLISTS ## Add blacklist ~~~sql -ADD SQLBLACKLIST #sql# +ADD SQLBLACKLIST "" ~~~ -**#sql#** is a regular expression for a certain type of SQL. Since SQL itself contains the common characters `(`, `)`, `*`, `.` that may be mixed up with the semantics of regular expressions, so we need to distinguish those by using escape characters. Given that `(` and `)` are used too often in SQL, there is no need to use escape characters. Other special characters need to use the escape character `\` as a prefix. For example: +**sql** is a regular expression for a certain type of SQL. + +:::tip +Currently, StarRocks supports adding SELECT statements to the SQL Blacklist. +::: + +Since SQL itself contains the common characters `(`, `)`, `*`, `.` that may be mixed up with the semantics of regular expressions, so we need to distinguish those by using escape characters. Given that `(` and `)` are used too often in SQL, there is no need to use escape characters. Other special characters need to use the escape character `\` as a prefix. For example: * Prohibit `count(\*)`: @@ -88,13 +94,15 @@ The SQL shown in `Forbidden SQL` is escaped for all SQL semantic characters. ## Delete blacklist ~~~sql -DELETE SQLBLACKLIST #indexlist# +DELETE SQLBLACKLIST ~~~ -For example, delete the sqlblacklist 3 and 4 in the above blacklist: +`` is a list of SQL IDs separated by comma (,). + +For example, delete the No.3 and No.4 SQLs in the above blacklist: ~~~sql -delete sqlblacklist 3, 4; -- #indexlist# is a list of IDs separated by comma (,). +delete sqlblacklist 3, 4; ~~~ Then, the remaining sqlblacklist is as follows: diff --git a/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md b/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md index 613882efe6419..c61d3bf357be8 100644 --- a/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md +++ b/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md @@ -10,9 +10,18 @@ Adds a regular expression to the SQL blacklist to forbid certain SQL patterns. W For more about SQL Blacklist, see [Manage SQL Blacklist](../../../administration/Blacklist.md). +<<<<<<< HEAD > **NOTE** > > Only users with the ADMIN privilege can add SQL regular expressions to the SQL blacklist. +======= +:::tip + +- This operation requires the SYSTEM-level BLACKLIST privilege. You can follow the instructions in [GRANT](../account-management/GRANT.md) to grant this privilege. +- Currently, StarRocks supports adding SELECT statements to the SQL Blacklist. + +::: +>>>>>>> 5cf740c0c1 ([Doc] Update SQL Blacklist (#48996)) ## Syntax diff --git a/docs/zh/administration/Blacklist.md b/docs/zh/administration/Blacklist.md index 6b626704009fa..4c469f8f89594 100644 --- a/docs/zh/administration/Blacklist.md +++ b/docs/zh/administration/Blacklist.md @@ -1,7 +1,7 @@ ---- -displayed_sidebar: "Chinese" ---- - +--- +displayed_sidebar: "Chinese" +--- + # 管理黑名单 本文介绍如何管理 SQL 黑名单 (SQL Blacklist)。 @@ -23,10 +23,16 @@ ADMIN SET FRONTEND CONFIG ("enable_sql_blacklist" = "true"); 通过以下命令添加 SQL 黑名单。 ```sql -ADD SQLBLACKLIST "sql"; +ADD SQLBLACKLIST ""; ``` -**"sql"**:某类 SQL 的正则表达式。由于 SQL 常用字符里面就包含 `(`、`)`、`*`、`.` 等字符,这些字符会和正则表达式中的语义混淆,因此在设置黑名单的时候需要通过转义符作出区分,鉴于 `(` 和 `)` 在SQL中使用频率过高,我们内部进行了处理,设置的时候不需要转义,其他特殊字符需要使用转义字符"\"作为前缀。 +**sql**:某类 SQL 的正则表达式。 + +:::tip +当前 StarRocks 支持将 SELECT 语句加入 SQL 黑名单。 +::: + +由于 SQL 常用字符里面就包含 `(`、`)`、`*`、`.` 等字符,这些字符会和正则表达式中的语义混淆,因此在设置黑名单的时候需要通过转义符作出区分,鉴于 `(` 和 `)` 在SQL中使用频率过高,我们内部进行了处理,设置的时候不需要转义,其他特殊字符需要使用转义字符"\"作为前缀。 示例: diff --git a/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md b/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md index d2da2419a6829..b6295c1a233b6 100644 --- a/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md +++ b/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md @@ -8,7 +8,17 @@ displayed_sidebar: "Chinese" 将一个 SQL 正则表达式添加至 SQL 黑名单。启用 SQL 黑名单功能后,StarRocks 会将所有需要执行的 SQL 语句与黑名单中的 SQL 正则表达式进行比较。StarRocks 不会执行与黑名单中任何正则表达式相匹配的 SQL,并返回错误。 +<<<<<<< HEAD 有关 SQL 黑名单的更多信息,请参阅 [管理 SQL 黑名单](../../../administration/Blacklist.md)。 +======= +有关 SQL 黑名单的更多信息,请参阅 [管理 SQL 黑名单](../../../administration/management/resource_management/Blacklist.md)。 + +:::tip + +- 该操作需要 SYSTEM 级的 BLACKLIST 权限。请参考 [GRANT](../account-management/GRANT.md) 为用户赋权。 +- 当前 StarRocks 支持将 SELECT 语句加入 SQL 黑名单。 +::: +>>>>>>> 5cf740c0c1 ([Doc] Update SQL Blacklist (#48996)) ## 语法 From 45d96d9ef3c2f10d658a049974591459db1d29e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=B5=B5=E7=A9=BA=E4=BA=8B=E3=82=B9=E3=83=94=E3=83=AA?= =?UTF-8?q?=E3=83=83=E3=83=88?= Date: Mon, 29 Jul 2024 09:37:55 +0800 Subject: [PATCH 2/3] Update ADD_SQLBLACKLIST.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 絵空事スピリット --- .../sql-statements/Administration/ADD_SQLBLACKLIST.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md b/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md index c61d3bf357be8..199f08d7af950 100644 --- a/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md +++ b/docs/en/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md @@ -10,18 +10,12 @@ Adds a regular expression to the SQL blacklist to forbid certain SQL patterns. W For more about SQL Blacklist, see [Manage SQL Blacklist](../../../administration/Blacklist.md). -<<<<<<< HEAD -> **NOTE** -> -> Only users with the ADMIN privilege can add SQL regular expressions to the SQL blacklist. -======= :::tip -- This operation requires the SYSTEM-level BLACKLIST privilege. You can follow the instructions in [GRANT](../account-management/GRANT.md) to grant this privilege. +- Only users with the ADMIN privilege can add SQL regular expressions to the SQL blacklist. - Currently, StarRocks supports adding SELECT statements to the SQL Blacklist. ::: ->>>>>>> 5cf740c0c1 ([Doc] Update SQL Blacklist (#48996)) ## Syntax From 36e7b482850f5f2928b623c50ed83aa66e8f2256 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=B5=B5=E7=A9=BA=E4=BA=8B=E3=82=B9=E3=83=94=E3=83=AA?= =?UTF-8?q?=E3=83=83=E3=83=88?= Date: Mon, 29 Jul 2024 09:38:52 +0800 Subject: [PATCH 3/3] Update ADD_SQLBLACKLIST.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 絵空事スピリット --- .../sql-statements/Administration/ADD_SQLBLACKLIST.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md b/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md index b6295c1a233b6..81378c40176ca 100644 --- a/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md +++ b/docs/zh/sql-reference/sql-statements/Administration/ADD_SQLBLACKLIST.md @@ -8,17 +8,13 @@ displayed_sidebar: "Chinese" 将一个 SQL 正则表达式添加至 SQL 黑名单。启用 SQL 黑名单功能后,StarRocks 会将所有需要执行的 SQL 语句与黑名单中的 SQL 正则表达式进行比较。StarRocks 不会执行与黑名单中任何正则表达式相匹配的 SQL,并返回错误。 -<<<<<<< HEAD 有关 SQL 黑名单的更多信息,请参阅 [管理 SQL 黑名单](../../../administration/Blacklist.md)。 -======= -有关 SQL 黑名单的更多信息,请参阅 [管理 SQL 黑名单](../../../administration/management/resource_management/Blacklist.md)。 :::tip -- 该操作需要 SYSTEM 级的 BLACKLIST 权限。请参考 [GRANT](../account-management/GRANT.md) 为用户赋权。 +- 该操作需要 admin 角色。 - 当前 StarRocks 支持将 SELECT 语句加入 SQL 黑名单。 ::: ->>>>>>> 5cf740c0c1 ([Doc] Update SQL Blacklist (#48996)) ## 语法