From 976e14ad95b0eb0ae2ee08a014c9b435f452b40f Mon Sep 17 00:00:00 2001
From: 潘志宝 <979469083@qq.com>
Date: 星期一, 20 一月 2025 09:28:11 +0800
Subject: [PATCH] sqlInject

---
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/plan/data/controller/admin/PlanDataSetController.java |    3 +++
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java   |    6 ++++++
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java   |    3 +++
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
index bd83fbe..d117c17 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
@@ -3,6 +3,7 @@
 import com.iailab.framework.common.pojo.CommonResult;
 import com.iailab.framework.common.pojo.PageResult;
 import com.iailab.framework.common.util.object.BeanUtils;
+import com.iailab.module.data.common.xss.SQLFilter;
 import com.iailab.module.data.ind.data.entity.IndDataSetEntity;
 import com.iailab.module.data.ind.data.service.IndDataSetService;
 import com.iailab.module.data.ind.data.vo.IndDataSetPageReqVO;
@@ -47,6 +48,7 @@
     @Operation(summary = "创建指标数据集")
     @PreAuthorize("@ss.hasPermission('data:ind-data-set:create')")
     public CommonResult<Boolean> create(@Valid @RequestBody IndDataSetSaveReqVO createReqVO) {
+        SQLFilter.sqlInject(createReqVO.getQuerySql());
         indDataSetService.create(createReqVO);
         return success(true);
     }
@@ -55,6 +57,7 @@
     @Operation(summary = "修改指标数据集")
     @PreAuthorize("@ss.hasPermission('data:ind-data-set:update')")
     public CommonResult<Boolean> update(@Valid @RequestBody IndDataSetSaveReqVO updateReqVO) {
+        SQLFilter.sqlInject(updateReqVO.getQuerySql());
         indDataSetService.update(updateReqVO);
         return success(true);
     }
diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
index 00e7c5b..625bf6e 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/value/service/impl/IndItemValueServiceImpl.java
@@ -4,6 +4,7 @@
 import com.iailab.framework.common.service.impl.BaseServiceImpl;
 import com.iailab.framework.common.util.object.BeanUtils;
 import com.iailab.framework.tenant.core.context.DataContextHolder;
+import com.iailab.module.data.common.xss.SQLFilter;
 import com.iailab.module.data.ind.item.vo.IndItemValueVO;
 import com.iailab.module.data.ind.value.dao.IndItemValueDao;
 import com.iailab.module.data.ind.value.dto.QuerySourceValueDTO;
@@ -64,6 +65,11 @@
             log.warn("数据源不能为空");
             return null;
         }
+        SQLFilter.sqlInject(dto.getSelectSql());
+        SQLFilter.sqlInject(dto.getViewSql());
+        SQLFilter.sqlInject(dto.getWhereSql());
+        SQLFilter.sqlInject(dto.getGroupSql());
+        SQLFilter.sqlInject(dto.getGroupSql());
         DataContextHolder.setDataSourceId(Long.valueOf(dto.getDataSource()));
         return baseDao.getSourceValue(dto);
     }
diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/plan/data/controller/admin/PlanDataSetController.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/plan/data/controller/admin/PlanDataSetController.java
index bacdaba..0314c7b 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/plan/data/controller/admin/PlanDataSetController.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/plan/data/controller/admin/PlanDataSetController.java
@@ -3,6 +3,7 @@
 import com.iailab.framework.common.pojo.CommonResult;
 import com.iailab.framework.common.pojo.PageResult;
 import com.iailab.framework.common.util.object.BeanUtils;
+import com.iailab.module.data.common.xss.SQLFilter;
 import com.iailab.module.data.plan.data.entity.PlanDataSetEntity;
 import com.iailab.module.data.plan.data.service.PlanDataSetService;
 import com.iailab.module.data.plan.data.vo.PlanDataSetPageReqVO;
@@ -46,6 +47,7 @@
     @Operation(summary = "创建计划数据集")
     @PreAuthorize("@ss.hasPermission('data:plan-data-set:create')")
     public CommonResult<Boolean> create(@Valid @RequestBody PlanDataSetSaveReqVO createReqVO) {
+        SQLFilter.sqlInject(createReqVO.getQuerySql());
         indDataSetService.create(createReqVO);
         return success(true);
     }
@@ -54,6 +56,7 @@
     @Operation(summary = "修改计划数据集")
     @PreAuthorize("@ss.hasPermission('data:plan-data-set:update')")
     public CommonResult<Boolean> update(@Valid @RequestBody PlanDataSetSaveReqVO updateReqVO) {
+        SQLFilter.sqlInject(updateReqVO.getQuerySql());
         indDataSetService.update(updateReqVO);
         return success(true);
     }

--
Gitblit v1.9.3