public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-14 17:51:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复Mysql JDBC 连接参数未验证导致任意文件读取漏洞

Browse Source
This commit is contained in:
taojinlong
2025-02-05 16:08:12 +08:00
committed by taojinlong
parent 0de36f1312
commit 340739ce80
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/backend/src/main/java/io/dataease/dto/datasource/MysqlConfiguration.java
View File

@@ -36,7 +36,7 @@ public class MysqlConfiguration extends JdbcConfiguration {
public List<String> getIllegalParameters() {
List<String> newIllegalParameters = new ArrayList<>();
newIllegalParameters.addAll(illegalParameters);
newIllegalParameters.addAll(Arrays.asList("allowloadlocalinfile", "allowUrlInLocalInfile", "allowLoadLocalInfileInPath"));
newIllegalParameters.addAll(Arrays.asList("maxAllowedPacket", "allowloadlocalinfile", "allowUrlInLocalInfile", "allowLoadLocalInfileInPath"));
return newIllegalParameters;
}