From 77078658715bd85af5867afbfd5f1fcc37cf03c8 Mon Sep 17 00:00:00 2001
From: taojinlong <jinlong@fit2cloud.com>
Date: Mon, 1 Sep 2025 16:21:05 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/io/dataease/datasource/type/Db2.java |  9 ++++-
 .../io/dataease/datasource/type/Impala.java   | 35 +++++++++++++++----
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java b/core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java
index 3983a60d05..c8123e6c6a 100644
--- a/core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/type/Db2.java
@@ -14,7 +14,14 @@ import java.util.List;
 public class Db2 extends DatasourceConfiguration {
     private String driver = "com.ibm.db2.jcc.DB2Driver";
     private String extraParams = "";
-    private List<String> illegalParameters = Arrays.asList("rmi");
+    private List<String> illegalParameters = Arrays.asList(
+            // 原有参数（如RMI相关）
+            "java.naming.factory.initial", "java.naming.provider.url", "rmi",
+            // 新增：LDAP协议及相关危险参数
+            "ldap://", "ldaps://", "java.naming.factory.object", "java.naming.factory.state",
+            // 其他JDBC危险参数
+            "autoDeserialize", "connectionProperties", "initSQL"
+    );
 
     public String getJdbc() {
         if (StringUtils.isNoneEmpty(getUrlType()) && !getUrlType().equalsIgnoreCase("hostName")) {
diff --git a/core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java b/core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java
index 4d0c520ce0..bf1e4dd08e 100644
--- a/core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java
+++ b/core/core-backend/src/main/java/io/dataease/datasource/type/Impala.java
@@ -6,6 +6,7 @@ import lombok.Data;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 
+import java.net.URLDecoder;
 import java.util.Arrays;
 import java.util.List;
 
@@ -14,27 +15,49 @@ import java.util.List;
 public class Impala extends DatasourceConfiguration {
     private String driver = "com.cloudera.impala.jdbc.Driver";
     private String extraParams = "";
-    private List<String> illegalParameters = Arrays.asList("autoDeserialize", "queryInterceptors", "statementInterceptors", "detectCustomCollations");
+    private List<String> illegalParameters = Arrays.asList(
+            // 原有非法参数
+            "autoDeserialize", "queryInterceptors", "statementInterceptors", "detectCustomCollations",
+            // 新增：Kerberos认证相关危险参数（漏洞利用核心参数）
+            "krbJAASFile", "KrbJAASFile", "krb5.conf", "Krb5Conf",
+            // 新增：JDNI/反序列化相关危险参数
+            "jndi", "JNDI", "java.naming.factory.initial", "java.naming.provider.url",
+            // 新增：其他JDBC危险参数
+            "connectionProperties", "ConnectionProperties", "initSQL", "InitSQL"
+    );
     private List<String> showTableSqls = Arrays.asList("show tables");
 
     public String getJdbc() {
-        if(StringUtils.isNoneEmpty(getUrlType()) && !getUrlType().equalsIgnoreCase("hostName")){
+        if (StringUtils.isNoneEmpty(getUrlType()) && !getUrlType().equalsIgnoreCase("hostName")) {
+            for (String illegalParameter : illegalParameters) {
+                if (URLDecoder.decode(getJdbcUrl()).toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(getExtraParams()).contains(illegalParameter.toLowerCase())) {
+                    DEException.throwException("Illegal parameter: " + illegalParameter);
+                }
+            }
+
             if (!getJdbcUrl().startsWith("jdbc:impala")) {
                 DEException.throwException("Illegal jdbcUrl: " + getJdbcUrl());
             }
             return getJdbcUrl();
         }
-        if(StringUtils.isEmpty(extraParams.trim())){
-            return "jdbc:impala://HOSTNAME:PORT/DATABASE"
+        String jdbcUrl = "";
+        if (StringUtils.isEmpty(extraParams.trim())) {
+            jdbcUrl = "jdbc:impala://HOSTNAME:PORT/DATABASE"
                     .replace("HOSTNAME", getLHost().trim())
                     .replace("PORT", getLPort().toString().trim())
                     .replace("DATABASE", getDataBase().trim());
-        }else {
-            return "jdbc:impala://HOSTNAME:PORT/DATABASE;EXTRA_PARAMS"
+        } else {
+            jdbcUrl = "jdbc:impala://HOSTNAME:PORT/DATABASE;EXTRA_PARAMS"
                     .replace("HOSTNAME", getLHost().trim())
                     .replace("PORT", getLPort().toString().trim())
                     .replace("DATABASE", getDataBase().trim())
                     .replace("EXTRA_PARAMS", getExtraParams().trim());
         }
+        for (String illegalParameter : illegalParameters) {
+            if (URLDecoder.decode(jdbcUrl).toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(jdbcUrl).contains(illegalParameter.toLowerCase())) {
+                DEException.throwException("Illegal parameter: " + illegalParameter);
+            }
+        }
+        return jdbcUrl;
     }
 }