DEX: Work in progress

2026-02-25 16:36:19 +01:00
parent 7a97a7fe55
commit 143070e179
14 changed files with 275 additions and 122 deletions
--- a/current/[DD_ECM]-Database/DEX_SQL/[PRDEX_TEST_DYNAMIC_SQL].sql
+++ b/current/[DD_ECM]-Database/DEX_SQL/[PRDEX_TEST_DYNAMIC_SQL].sql
@@ -37,20 +37,107 @@ BEGIN TRY
 	DECLARE @QUERY					NVARCHAR(MAX)	= ISNULL(@pQUERY,N''),
 			@RETURN_STATUS			INT				= ISNULL(@pRETURN_STATUS,50000),
 			@QUERY_NAME				NVARCHAR(100)	= ISNULL(@pQUERY_NAME,N'@QUERY'),
+			@QUERY_SCAN				NVARCHAR(MAX)	= N'',
+			@QUERY_SCAN_NORM		NVARCHAR(MAX)	= N'',
+			@COMMENT_START			INT				= 0,
+			@COMMENT_END			INT				= 0,
+			@SCAN_POS				INT				= 1,
+			@TOKEN_START			INT				= 0,
+			@TOKEN_END				INT				= 0,
+			@QUOTE_START			INT				= 0,
+			@QUOTE_END				INT				= 0,
+			@TOKEN					NVARCHAR(200)	= N'',
 			@HAS_UNRESOLVED_PLACEHOLDER	BIT				= 0,
 			@HAS_RESTRICTED_SQL		BIT				= 0,
 			@RETURN_ERROR_TEXT		NVARCHAR(MAX)	= N'';
 	----------------------------------------------------------------------------------------------------------------------------

 	--=========================================-- validate query content --====================================================--
-	SET @HAS_UNRESOLVED_PLACEHOLDER = CASE WHEN PATINDEX('%[%][A-Z_][A-Z0-9_][A-Z0-9_][A-Z0-9_][%]%',UPPER(@QUERY)) > 0 THEN 1 ELSE 0 END;
+	SET @QUERY_SCAN = UPPER(@QUERY);
+
+	SET @COMMENT_START = CHARINDEX('/*',@QUERY_SCAN);
+	WHILE (@COMMENT_START > 0)
+	BEGIN
+		SET @COMMENT_END = CHARINDEX('*/',@QUERY_SCAN,@COMMENT_START + 2);
+
+		IF (@COMMENT_END = 0)
+			BREAK;
+
+		SET @QUERY_SCAN = STUFF(@QUERY_SCAN,@COMMENT_START,(@COMMENT_END - @COMMENT_START + 2),REPLICATE(' ',(@COMMENT_END - @COMMENT_START + 2)));
+		SET @COMMENT_START = CHARINDEX('/*',@QUERY_SCAN,@COMMENT_START + 1);
+	END;
+
+	SET @COMMENT_START = CHARINDEX('--',@QUERY_SCAN);
+	WHILE (@COMMENT_START > 0)
+	BEGIN
+		SET @COMMENT_END = CHARINDEX(CHAR(10),@QUERY_SCAN,@COMMENT_START + 2);
+
+		IF (@COMMENT_END = 0)
+			SET @COMMENT_END = LEN(@QUERY_SCAN) + 1;
+
+		SET @QUERY_SCAN = STUFF(@QUERY_SCAN,@COMMENT_START,(@COMMENT_END - @COMMENT_START),REPLICATE(' ',(@COMMENT_END - @COMMENT_START)));
+		SET @COMMENT_START = CHARINDEX('--',@QUERY_SCAN,@COMMENT_START + 1);
+	END;
+
+	SET @QUERY_SCAN_NORM = REPLACE(REPLACE(REPLACE(@QUERY_SCAN,CHAR(9),' '),CHAR(10),' '),CHAR(13),' ');
+
+	WHILE (CHARINDEX('  ',@QUERY_SCAN_NORM) > 0)
+	BEGIN
+		SET @QUERY_SCAN_NORM = REPLACE(@QUERY_SCAN_NORM,'  ',' ');
+	END;
+
+	SET @QUOTE_START = CHARINDEX('''',@QUERY_SCAN);
+	WHILE (@QUOTE_START > 0)
+	BEGIN
+		SET @QUOTE_END = CHARINDEX('''',@QUERY_SCAN,@QUOTE_START + 1);
+
+		IF (@QUOTE_END = 0)
+			BREAK;
+
+		SET @QUERY_SCAN = STUFF(@QUERY_SCAN,@QUOTE_START,(@QUOTE_END - @QUOTE_START + 1),REPLICATE(' ',(@QUOTE_END - @QUOTE_START + 1)));
+		SET @QUOTE_START = CHARINDEX('''',@QUERY_SCAN,@QUOTE_START + 1);
+	END;
+
+	WHILE (1 = 1)
+	BEGIN
+		SET @TOKEN_START = CHARINDEX('%',@QUERY_SCAN,@SCAN_POS);
+
+		IF (@TOKEN_START = 0)
+			BREAK;
+
+		SET @TOKEN_END = CHARINDEX('%',@QUERY_SCAN,@TOKEN_START + 1);
+
+		IF (@TOKEN_END = 0)
+			BREAK;
+
+		SET @TOKEN = SUBSTRING(@QUERY_SCAN,@TOKEN_START + 1,@TOKEN_END - @TOKEN_START - 1);
+
+		IF (LEN(@TOKEN) > 0)
+		AND (LEFT(@TOKEN,1) LIKE '[A-Z_]')
+		AND (@TOKEN NOT LIKE '%[^A-Z0-9_]%')
+		BEGIN
+			SET @HAS_UNRESOLVED_PLACEHOLDER = 1;
+			BREAK;
+		END;
+
+		SET @SCAN_POS = @TOKEN_END + 1;
+	END;
+
 	SET @HAS_RESTRICTED_SQL = CASE WHEN
-		(PATINDEX('%;--%',UPPER(@QUERY)) > 0) OR
-		(PATINDEX('%XP_CMDSHELL%',UPPER(@QUERY)) > 0) OR
-		(PATINDEX('%SP_CONFIGURE%',UPPER(@QUERY)) > 0) OR
-		(PATINDEX('%ALTER LOGIN%',UPPER(@QUERY)) > 0) OR
-		(PATINDEX('%CREATE LOGIN%',UPPER(@QUERY)) > 0) OR
-		(PATINDEX('%DROP DATABASE%',UPPER(@QUERY)) > 0)
+		(CHARINDEX(';--',@QUERY_SCAN_NORM) > 0) OR
+		(CHARINDEX('; --',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%XP_CMDSHELL%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%SP_OA%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%OPENROWSET%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%OPENDATASOURCE%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%BULK INSERT%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%SP_CONFIGURE%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%RECONFIGURE%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%ALTER SERVER%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%ALTER LOGIN%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%CREATE LOGIN%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%DROP LOGIN%',@QUERY_SCAN_NORM) > 0) OR
+		(PATINDEX('%DROP DATABASE%',@QUERY_SCAN_NORM) > 0)
 	THEN 1 ELSE 0 END;
 	----------------------------------------------------------------------------------------------------------------------------