From 619626ae7ef85afc60c720fb309efb08b58b0cb7 Mon Sep 17 00:00:00 2001
From: 潘志宝 <979469083@qq.com>
Date: 星期一, 20 一月 2025 09:43:26 +0800
Subject: [PATCH] sqlInject2
---
iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
index 9a9e4e5..ed1c49d 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
@@ -3,6 +3,8 @@
import com.iailab.framework.common.pojo.PageResult;
import com.iailab.framework.common.service.impl.BaseServiceImpl;
import com.iailab.framework.common.util.object.BeanUtils;
+import com.iailab.framework.tenant.core.context.DataContextHolder;
+import com.iailab.module.data.common.xss.SQLFilter;
import com.iailab.module.data.ind.item.vo.IndItemValueVO;
import com.iailab.module.data.ind.value.dao.IndItemValueDao;
import com.iailab.module.data.ind.value.dto.QuerySourceValueDTO;
@@ -14,7 +16,6 @@
import org.springframework.stereotype.Service;
import java.util.List;
-import java.util.Map;
import java.util.UUID;
/**
@@ -64,8 +65,12 @@
log.warn("数据源不能为空");
return null;
}
-
-
+ SQLFilter.sqlInject2(dto.getSelectSql());
+ SQLFilter.sqlInject2(dto.getViewSql());
+ SQLFilter.sqlInject2(dto.getWhereSql());
+ SQLFilter.sqlInject2(dto.getGroupSql());
+ SQLFilter.sqlInject2(dto.getGroupSql());
+ DataContextHolder.setDataSourceId(Long.valueOf(dto.getDataSource()));
return baseDao.getSourceValue(dto);
}
}
\ No newline at end of file
--
Gitblit v1.9.3