Search

US-20260127310-A1 - Structured Query Language (SQL) Defense Method and System, and Computing Device Cluster

US20260127310A1US 20260127310 A1US20260127310 A1US 20260127310A1US-20260127310-A1

Abstract

An SQL defense method includes an SQL defense rule configuration unit configuring corresponding SQL defense rules for a plurality of SQL engines through a unified entrance, where each SQL defense rule includes an effective SQL engine and a corresponding execution action, and the SQL defense rules corresponding to the plurality of SQL engines have a same format; and the SQL defense rule configuration unit sending each configured SQL defense rule to a corresponding SQL engine based on the effective SQL engine in each SQL defense rule, so that the SQL engine performs defense on a received SQL statement according to the obtained SQL defense rule.

Inventors

  • Wenbo Wu
  • Shengtao ZHAO
  • Dingmei Wu

Assignees

  • Huawei Cloud Computing Technologies Co., Ltd.

Dates

Publication Date
20260507
Application Date
20251230
Priority Date
20230704

Claims (20)

  1. 1 . A method, applied to a structured query language (SQL) defense system, and comprising: configuring, by an SQL defense rule configuration unit of the SQL defense system, SQL defense rules for a plurality of SQL engines of the SQL defense system through a unified entrance, wherein the SQL defense rules comprise effective SQL engines and execution actions, and wherein the SQL defense rules have a same format; and sending, by the SQL defense rule configuration unit, the SQL defense rules to the SQL engines based on the effective SQL engines to enable the SQL engines to perform defense on a received SQL statement according to the SQL defense rules.
  2. 2 . The method of claim 1 , wherein sending the SQL defense rules comprises automatically sending, by the SQL defense rule configuration unit, the configured SQL defense rules to the SQL engines in a loading periodicity based on the effective SQL engines.
  3. 3 . The method of claim 1 , wherein the plurality of SQL engines comprises a first SQL engine, and wherein the method further comprises: obtaining, by the first SQL engine, at least one of the SQL defense rules, wherein the at least one of the SQL defense rules comprises a first SQL defense rule; receiving, by the first SQL engine, a first SQL statement from a service layer of the first SQL engine; and executing, by the first SQL engine, an action in the first SQL defense rule based on the first SQL statement satisfying the first SQL defense rule.
  4. 4 . The method of claim 3 , wherein the SQL defense rule comprises a hint-type SQL defense rule, an intercept-type SQL defense rule, or a fuse-type SQL defense rule.
  5. 5 . The method of claim 4 , wherein the first SQL defense rule is the hint-type SQL defense rule, and wherein executing the action in the first SQL defense rule comprises continuing, by the first SQL engine, executing the first SQL statement.
  6. 6 . The method of claim 5 , further comprising displaying, by the first SQL engine, hint information of the first SQL statement to a user.
  7. 7 . The method of claim 4 , wherein the first SQL defense rule is the intercept-type SQL defense rule or the fuse-type SQL defense rule, and wherein executing the action in the first SQL defense rule comprises stopping, by the first SQL engine, executing the first SQL statement.
  8. 8 . The method of claim 7 , further comprising displaying, by the first SQL engine to a user, causation information of stopping the execution of the first SQL statement.
  9. 9 . The method of claim 1 , wherein the SQL defense rules further comprise effective tenant lists and rule identifiers.
  10. 10 . A structured query language (SQL) defense system, comprising: one or more memories configured to store instructions; and one or more processors coupled to the one or more memories and configured to execute the instructions to cause the SQL defense system to: configure SQL defense rules for a plurality of SQL engines of the SQL defense system through a unified entrance, wherein the SQL defense rules comprise effective SQL engines and execution actions, and wherein the SQL defense rules have a same format; and send the SQL defense rules to the SQL engines based on the effective SQL engines to enable the SQL engines to perform defense on a received SQL statement according to the SQL defense rules.
  11. 11 . The SQL defense system of claim 10 , wherein the one or more processors are further configured to execute the instructions to cause the SQL defense system to further send the SQL defense rules by automatically sending the configured SQL defense rules to the SQL engines in a loading periodicity based on the effective SQL engines.
  12. 12 . The SQL defense system of claim 10 , wherein the one or more processors are further configured to execute the instructions to further cause the SQL defense system to: obtain at least one of the SQL defense rules, wherein the at least one of the SQL defense rules comprises a first SQL defense rule; receive a first SQL statement from a service layer; and execute an action in the first SQL defense rule based on the first SQL statement satisfying the first SQL defense rule.
  13. 13 . The SQL defense system of claim 12 , wherein the SQL defense rule comprises a hint-type SQL defense rule, an intercept-type SQL defense rule, or a fuse-type SQL defense rule.
  14. 14 . The SQL defense system of claim 13 , wherein the first SQL defense rule is the hint-type SQL defense rule, and wherein the one or more processors are further configured to execute the instructions to cause the SQL defense system to further execute the action in the first SQL defense rule by continuing executing the first SQL statement.
  15. 15 . The SQL defense system of claim 14 , wherein the one or more processors are configured to execute the instructions to cause the SQL defense system to display hint information of the first SQL statement to a user.
  16. 16 . The SQL defense system of claim 13 , wherein the first SQL defense rule is the intercept-type SQL defense rule or the fuse-type SQL defense rule, and wherein the one or more processors are further configured to execute the instructions to cause the SQL defense system to further execute the action in the first SQL defense rule by stopping executing the first SQL statement.
  17. 17 . The SQL defense system of claim 16 , wherein the one or more processors are configured to execute the instructions to cause the SQL defense system to display, to a user, causation information of stopping the execution of the first SQL statement.
  18. 18 . The SQL defense system of claim 10 , wherein the SQL defense rules further comprise effective tenant lists and rule identifiers.
  19. 19 . A computer program product comprising instructions that are stored on a non-transitory computer-readable storage medium and that, when executed by one or more processors, cause a structured query language (SQL) defense system to: configure SQL defense rules for a plurality of SQL engines of the SQL defense system through a unified entrance, wherein the SQL defense rules comprise effective SQL engines and execution actions, and wherein the SQL defense rules have a same format; and send the SQL defense rules to the SQL engines based on the effective SQL engines to enable the SQL engines to perform defense on a received SQL statement according to the SQL defense rules.
  20. 20 . The computer program product of claim 19 , wherein the instructions, when executed by the one or more processors, further cause the SQL defense system to: obtain at least one of the SQL defense rules, wherein the at least one of the SQL defense rules comprise a first SQL defense rule; receive a first SQL statement from a service layer; and execute an action in the first SQL defense rule based on the first SQL statement satisfying the first SQL defense rule.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This is a continuation of International Patent Application No. PCT/CN2024/072812 filed on January 17, 2024, which claims priority to Chinese Patent Application No. 202310980456.8 filed on August 4, 2023 and Chinese Patent Application No. 202310813133.X filed on July 4, 2023. All of the aforementioned applications are hereby incorporated by reference in their entireties. TECHNICAL FIELD This disclosure relates to the database field, and, to a structured query language SQL defense method and system, and a computing device cluster. BACKGROUND In a current structured query language (SQL) engine, data query services are provided for users by executing SQL statements of the users. With development of technologies, SQL engines keep emerging. While the SQL engines offer people a diversity of solutions, some problems are also exposed. For example, quality of SQL statements input by the users varies, and low-quality SQL statements cause unpredictable impact on a platform or system. Large or bad SQL statements may cause system breakdown, leading to the service being unavailable. Slow SQL statements affect system stability, and this is mainly manifested as that a thread pool of a server is fully occupied, causing an avalanche effect, and other normal SQL statements failing to be normally executed. Consequently, a phenomenon of system suspension occurs. In related technical solutions, parsing and defense of SQL statements are performed at a service layer. Because the SQL statement is parsed and determined at the service layer, a service procedure at the service layer may need to be reconstructed. In addition, because the SQL statement may need to be parsed and determined at the service layer, SQL statements satisfying a requirement may need to be sent to the SQL engine. When processing the SQL statement, the SQL engine also may need to parse the SQL statement again, causing a high performance loss. Furthermore, each SQL engine parses and performs defense on the SQL statement according to an SQL syntax of the SQL engine. Consequently, both flexibility and scalability are poor, and universality of the SQL syntax is insufficient. Therefore, how to enhance flexibility and scalability of SQL defense becomes a technical problem to be resolved. SUMMARY This disclosure provides an SQL defense method and system, and a computing device. The method can enhance flexibility and scalability of SQL defense. According to a first aspect, an SQL defense method is provided, where the method is applied to an SQL defense system, and the SQL defense system includes an SQL defense rule configuration unit and a plurality of SQL engines. The method includes the SQL defense rule configuration unit configures corresponding SQL defense rules for the plurality of SQL engines through a unified entrance, where each SQL defense rule includes an effective SQL engine and a corresponding execution action, and the SQL defense rules corresponding to the plurality of SQL engines have a same format; and the SQL defense rule configuration unit sends each configured SQL defense rule to a corresponding SQL engine based on the effective SQL engine in each SQL defense rule, so that the SQL engine performs defense on a received SQL statement according to the obtained SQL defense rule. In the foregoing technical solution, the SQL defense rules in the same format are configured for and delivered to the plurality of SQL engines through the unified entrance, and the SQL engine performs defense on the received SQL statement according to the obtained SQL defense rule. In this way, a service layer does not need to parse the SQL statement, and parsing and defense of the SQL statement are directly performed in the SQL engine, so that a performance loss is low. In addition, because the SQL defense rules can be configured for the plurality of SQL engines, and the SQL defense rules have the same format, flexibility, scalability, and universality of an SQL syntax are enhanced. With reference to the first aspect, in some implementations of the first aspect, the plurality of SQL engines include a first SQL engine, and the method further includes: The first SQL engine obtains at least one corresponding SQL defense rule from the SQL defense rule configuration unit, where the at least one SQL defense rule includes a first SQL defense rule; the first SQL engine receives a first SQL statement from a service layer; and the first SQL engine executes an action in the first SQL defense rule based on the first SQL statement satisfying the first SQL defense rule. In the foregoing technical solution, the SQL engine can autonomously perform defense on the SQL statement, to avoid unpredictable impact caused by a low-quality SQL statement on a big data analytics and processing platform or a database, so that the defense is more accurate. In addition, because the SQL statement is directly parsed in the SQL engine first, the SQL statement does not need to