mirror of
https://github.com/dataease/dataease.git
synced 2026-06-12 08:21:09 +08:00
fix: 【漏洞】修复SQL 注入
This commit is contained in:
tjlygdx
@@ -96,13 +96,25 @@ public class DeSqlparserUtils {
|
||||
} else {
|
||||
if (defaultsSqlVariableDetail != null && StringUtils.isNotEmpty(defaultsSqlVariableDetail.getDefaultValue())) {
|
||||
if (!isEdit && isFromDataSet && defaultsSqlVariableDetail.getDefaultValueScope().equals(SqlVariableDetails.DefaultValueScope.ALLSCOPE)) {
|
||||
sqlItemBuilder.append(defaultsSqlVariableDetail.getDefaultValue());
|
||||
sqlItemLastIndex = m.end();
|
||||
PreparedSqlFragment preparedSqlFragment = buildPreparedSqlFragmentForDefaultValue(defaultsSqlVariableDetail);
|
||||
boolean quoted = isQuotedVariable(sqlItem, m.start(), m.end());
|
||||
if (quoted) {
|
||||
sqlItemBuilder.setLength(sqlItemBuilder.length() - 1);
|
||||
}
|
||||
sqlItemBuilder.append(preparedSqlFragment.replacement());
|
||||
sqlItemLastIndex = quoted ? m.end() + 1 : m.end();
|
||||
sqlItemFieldWithValues.addAll(preparedSqlFragment.tableFieldWithValues());
|
||||
replaceParamItem = true;
|
||||
}
|
||||
if (isEdit) {
|
||||
sqlItemBuilder.append(defaultsSqlVariableDetail.getDefaultValue());
|
||||
sqlItemLastIndex = m.end();
|
||||
PreparedSqlFragment preparedSqlFragment = buildPreparedSqlFragmentForDefaultValue(defaultsSqlVariableDetail);
|
||||
boolean quoted = isQuotedVariable(sqlItem, m.start(), m.end());
|
||||
if (quoted) {
|
||||
sqlItemBuilder.setLength(sqlItemBuilder.length() - 1);
|
||||
}
|
||||
sqlItemBuilder.append(preparedSqlFragment.replacement());
|
||||
sqlItemLastIndex = quoted ? m.end() + 1 : m.end();
|
||||
sqlItemFieldWithValues.addAll(preparedSqlFragment.tableFieldWithValues());
|
||||
replaceParamItem = true;
|
||||
}
|
||||
}
|
||||
@@ -254,6 +266,17 @@ public class DeSqlparserUtils {
|
||||
return new PreparedSqlFragment(String.join(",", replacements), values);
|
||||
}
|
||||
|
||||
private PreparedSqlFragment buildPreparedSqlFragmentForDefaultValue(SqlVariableDetails sqlVariableDetails) {
|
||||
SqlVariableDetails defaultValueDetail = new SqlVariableDetails();
|
||||
defaultValueDetail.setVariableName(sqlVariableDetails.getVariableName());
|
||||
defaultValueDetail.setType(sqlVariableDetails.getType());
|
||||
defaultValueDetail.setDeType(sqlVariableDetails.getDeType());
|
||||
defaultValueDetail.setId(sqlVariableDetails.getId());
|
||||
defaultValueDetail.setOperator(sqlVariableDetails.getOperator());
|
||||
defaultValueDetail.setValue(Collections.singletonList(sqlVariableDetails.getDefaultValue()));
|
||||
return buildPreparedSqlFragment(defaultValueDetail);
|
||||
}
|
||||
|
||||
private List<String> resolvePreparedValues(SqlVariableDetails sqlVariableDetails) {
|
||||
if (StringUtils.equals(sqlVariableDetails.getOperator(), "in")) {
|
||||
return CollectionUtils.isEmpty(sqlVariableDetails.getValue()) ? Collections.emptyList() : sqlVariableDetails.getValue();
|
||||
|
||||
@@ -106,13 +106,25 @@ public class SqlparserUtils {
|
||||
} else {
|
||||
if (defaultsSqlVariableDetail != null && StringUtils.isNotEmpty(defaultsSqlVariableDetail.getDefaultValue())) {
|
||||
if (!isEdit && isFromDataSet && defaultsSqlVariableDetail.getDefaultValueScope().equals(SqlVariableDetails.DefaultValueScope.ALLSCOPE)) {
|
||||
sqlBuilder.append(defaultsSqlVariableDetail.getDefaultValue());
|
||||
lastIndex = matcher.end();
|
||||
PreparedSqlFragment preparedSqlFragment = buildPreparedSqlFragmentForDefaultValue(defaultsSqlVariableDetail);
|
||||
boolean quoted = isQuotedVariable(sql, matcher.start(), matcher.end());
|
||||
if (quoted) {
|
||||
sqlBuilder.setLength(sqlBuilder.length() - 1);
|
||||
}
|
||||
sqlBuilder.append(preparedSqlFragment.replacement());
|
||||
lastIndex = quoted ? matcher.end() + 1 : matcher.end();
|
||||
tableFieldWithValues.addAll(preparedSqlFragment.tableFieldWithValues());
|
||||
replaced = true;
|
||||
}
|
||||
if (isEdit) {
|
||||
sqlBuilder.append(defaultsSqlVariableDetail.getDefaultValue());
|
||||
lastIndex = matcher.end();
|
||||
PreparedSqlFragment preparedSqlFragment = buildPreparedSqlFragmentForDefaultValue(defaultsSqlVariableDetail);
|
||||
boolean quoted = isQuotedVariable(sql, matcher.start(), matcher.end());
|
||||
if (quoted) {
|
||||
sqlBuilder.setLength(sqlBuilder.length() - 1);
|
||||
}
|
||||
sqlBuilder.append(preparedSqlFragment.replacement());
|
||||
lastIndex = quoted ? matcher.end() + 1 : matcher.end();
|
||||
tableFieldWithValues.addAll(preparedSqlFragment.tableFieldWithValues());
|
||||
replaced = true;
|
||||
}
|
||||
}
|
||||
@@ -741,6 +753,17 @@ public class SqlparserUtils {
|
||||
return new PreparedSqlFragment(String.join(",", replacements), values);
|
||||
}
|
||||
|
||||
private PreparedSqlFragment buildPreparedSqlFragmentForDefaultValue(SqlVariableDetails sqlVariableDetails) {
|
||||
SqlVariableDetails defaultValueDetail = new SqlVariableDetails();
|
||||
defaultValueDetail.setVariableName(sqlVariableDetails.getVariableName());
|
||||
defaultValueDetail.setType(sqlVariableDetails.getType());
|
||||
defaultValueDetail.setDeType(sqlVariableDetails.getDeType());
|
||||
defaultValueDetail.setId(sqlVariableDetails.getId());
|
||||
defaultValueDetail.setOperator(sqlVariableDetails.getOperator());
|
||||
defaultValueDetail.setValue(Collections.singletonList(sqlVariableDetails.getDefaultValue()));
|
||||
return buildPreparedSqlFragment(defaultValueDetail);
|
||||
}
|
||||
|
||||
private List<String> resolvePreparedValues(SqlVariableDetails sqlVariableDetails) {
|
||||
if (StringUtils.equals(sqlVariableDetails.getOperator(), "in")) {
|
||||
return CollectionUtils.isEmpty(sqlVariableDetails.getValue()) ? Collections.emptyList() : sqlVariableDetails.getValue();
|
||||
|
||||
@@ -10,6 +10,7 @@ import io.dataease.api.permissions.dataset.dto.DataSetRowPermissionsTreeDTO;
|
||||
import io.dataease.api.permissions.user.vo.UserFormVO;
|
||||
import io.dataease.auth.bo.TokenUserBO;
|
||||
import io.dataease.chart.utils.ChartDataBuild;
|
||||
import io.dataease.commons.utils.SqlVariableHandleResult;
|
||||
import io.dataease.commons.utils.SqlparserUtils;
|
||||
import io.dataease.constant.AuthEnum;
|
||||
import io.dataease.constant.SQLConstants;
|
||||
@@ -140,7 +141,9 @@ public class DatasetDataManage {
|
||||
} else {
|
||||
// parser sql params and replace default value
|
||||
String s = new String(Base64.getDecoder().decode(tableInfoDTO.getSql()));
|
||||
String originSql = new SqlparserUtils().handleVariableDefaultValue(s, datasetTableDTO.getSqlVariableDetails(), true, false, null, datasourceRequest.getIsCross(), datasourceRequest.getDsList(), pluginManage, getUserEntity());
|
||||
SqlVariableHandleResult sqlResult = new SqlparserUtils().handleVariableDefaultValueWithPreparedParams(s, datasetTableDTO.getSqlVariableDetails(), true, false, null, datasourceRequest.getIsCross(), datasourceRequest.getDsList(), pluginManage, getUserEntity());
|
||||
String originSql = sqlResult.getSql();
|
||||
datasourceRequest.setTableFieldWithValues(sqlResult.getTableFieldWithValues());
|
||||
originSql = provider.replaceComment(originSql);
|
||||
// add sql table schema
|
||||
|
||||
@@ -456,7 +459,9 @@ public class DatasetDataManage {
|
||||
// parser sql params and replace default value
|
||||
|
||||
String s = new String(Base64.getDecoder().decode(dto.getSql()));
|
||||
String originSql = new SqlparserUtils().handleVariableDefaultValue(datasetSQLManage.subPrefixSuffixChar(s), dto.getSqlVariableDetails(), true, true, null, dto.getIsCross(), dsMap, pluginManage, getUserEntity());
|
||||
SqlVariableHandleResult sqlResult = new SqlparserUtils().handleVariableDefaultValueWithPreparedParams(datasetSQLManage.subPrefixSuffixChar(s), dto.getSqlVariableDetails(), true, true, null, dto.getIsCross(), dsMap, pluginManage, getUserEntity());
|
||||
String originSql = sqlResult.getSql();
|
||||
datasourceRequest.setTableFieldWithValues(sqlResult.getTableFieldWithValues());
|
||||
originSql = provider.replaceComment(originSql);
|
||||
|
||||
// sql 作为临时表,外层加上limit
|
||||
|
||||
Reference in New Issue
Block a user