public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-15 05:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix:【漏洞】修复 H2 JDBC RCE Bypass

Browse Source
This commit is contained in:
taojinlong
2026-02-25 16:42:17 +08:00
committed by taojinlong
parent e916785a11
commit 7e1829593c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/core-backend/src/main/java/io/dataease/datasource/type/H2.java
View File

@@ -9,6 +9,7 @@ import org.springframework.stereotype.Component;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
@EqualsAndHashCode(callSuper = true)
@Data
@@ -18,7 +19,7 @@ public class H2 extends DatasourceConfiguration {
public String getJdbc() {
for (String illegalParameter : getH2IllegalParameters()) {
if (jdbc.toUpperCase().replace("\\", "").contains(illegalParameter)) {
if (jdbc.toUpperCase(Locale.ENGLISH).replace("\\", "").contains(illegalParameter)) {
DEException.throwException("Has illegal parameter: " + jdbc);
}
}