public/PandaX
1
0
Fork 0
mirror of https://gitee.com/XM-GO/PandaX.git synced 2026-04-23 02:48:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复SQL注入漏洞

Browse Source 
Signed-off-by: lixxxww <941403820@qq.com>
This commit is contained in:
lixxxww
2024-01-22 10:23:00 +00:00
committed by Gitee
parent 364aa0d6c6
commit 5f3465124f
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/tdengine/tdengine_table.go
View File

@@ -22,17 +22,19 @@ func (s *TdEngine) InsertDevice(deviceKey string, data map[string]interface{}) e
} }
var ( var (
field = []string{} field []string
value = []string{} value []interface{}
placeholders []string
) )
for k, v := range data { for k, v := range data {
field = append(field, k) field = append(field, k)
value = append(value, "'"+kgo.KConv.ToStr(v)+"'") value = append(value, kgo.KConv.ToStr(v))
placeholders = append(placeholders, "?")
} }
// 存在sql注入隐患在之后的提交修复
sql := "INSERT INTO ? (?) VALUES (?)" sql := fmt.Sprintf("INSERT INTO %s (%s) VALUES (%s)", strings.ToLower(deviceKey), strings.Join(field, ","), strings.Join(placeholders, ","))
_, err := s.db.Exec(sql, strings.ToLower(deviceKey), strings.Join(field, ","), strings.Join(value, ",")) _, err := s.db.Exec(sql, value...)
return err return err
} }