From 619626ae7ef85afc60c720fb309efb08b58b0cb7 Mon Sep 17 00:00:00 2001
From: 潘志宝 <979469083@qq.com>
Date: 星期一, 20 一月 2025 09:43:26 +0800
Subject: [PATCH] sqlInject2

---
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
index 00e7c5b..ed1c49d 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
@@ -4,6 +4,7 @@
 import com.iailab.framework.common.service.impl.BaseServiceImpl;
 import com.iailab.framework.common.util.object.BeanUtils;
 import com.iailab.framework.tenant.core.context.DataContextHolder;
+import com.iailab.module.data.common.xss.SQLFilter;
 import com.iailab.module.data.ind.item.vo.IndItemValueVO;
 import com.iailab.module.data.ind.value.dao.IndItemValueDao;
 import com.iailab.module.data.ind.value.dto.QuerySourceValueDTO;
@@ -64,6 +65,11 @@
             log.warn("数据源不能为空");
             return null;
         }
+        SQLFilter.sqlInject2(dto.getSelectSql());
+        SQLFilter.sqlInject2(dto.getViewSql());
+        SQLFilter.sqlInject2(dto.getWhereSql());
+        SQLFilter.sqlInject2(dto.getGroupSql());
+        SQLFilter.sqlInject2(dto.getGroupSql());
         DataContextHolder.setDataSourceId(Long.valueOf(dto.getDataSource()));
         return baseDao.getSourceValue(dto);
     }

--
Gitblit v1.9.3