fix(X-Pack): 同步管理，源数据源、目标数据源列表以及任务列表-查询条件存在 SQL 注入风险

sdk/api/api-sync/src/main/java/io/dataease/api/sync/datasource/api/SyncDatasourceApi.java

@@ -2,12 +2,12 @@ package io.dataease.api.sync.datasource.api;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import io.dataease.api.sync.datasource.dto.DBTableDTO;
+import io.dataease.api.sync.datasource.dto.DatasourceGridRequest;
 import io.dataease.api.sync.datasource.dto.GetDatasourceRequest;
 import io.dataease.api.sync.datasource.dto.SyncDatasourceDTO;
 import io.dataease.api.sync.datasource.vo.SyncDatasourceVO;
 import io.dataease.auth.DeApiPath;
 import io.dataease.exception.DEException;
-import io.dataease.request.BaseGridRequest;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -26,10 +26,10 @@ import static io.dataease.constant.AuthResourceEnum.SYNC_DATASOURCE;
 public interface SyncDatasourceApi {
 
     @PostMapping("/source/pager/{goPage}/{pageSize}")
-    IPage<SyncDatasourceVO> sourcePager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody BaseGridRequest request);
+    IPage<SyncDatasourceVO> sourcePager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody DatasourceGridRequest request);
 
     @PostMapping("/target/pager/{goPage}/{pageSize}")
-    IPage<SyncDatasourceVO> targetPager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody BaseGridRequest request);
+    IPage<SyncDatasourceVO> targetPager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody DatasourceGridRequest request);
 
     @PostMapping("/save")
     void save(@RequestBody SyncDatasourceDTO dataSourceDTO) throws DEException;

sdk/api/api-sync/src/main/java/io/dataease/api/sync/datasource/dto/DatasourceGridRequest.java

@@ -0,0 +1,16 @@
+package io.dataease.api.sync.datasource.dto;
+
+import io.dataease.model.KeywordRequest;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+import java.util.List;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class DatasourceGridRequest extends KeywordRequest implements Serializable {
+    private List<String> status;
+    private List<String> dsType;
+    private List<String> createTime;
+}

sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskApi.java

@@ -1,11 +1,11 @@
 package io.dataease.api.sync.task.api;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import io.dataease.api.sync.task.dto.TaskGridRequest;
 import io.dataease.api.sync.task.dto.TaskInfoDTO;
 import io.dataease.api.sync.task.vo.TaskInfoVO;
 import io.dataease.auth.DeApiPath;
 import io.dataease.exception.DEException;
-import io.dataease.request.BaseGridRequest;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -20,7 +20,7 @@ import static io.dataease.constant.AuthResourceEnum.TASK;
 public interface TaskApi {
 
     @PostMapping("/pager/{goPage}/{pageSize}")
-    IPage<TaskInfoVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody BaseGridRequest request);
+    IPage<TaskInfoVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody TaskGridRequest request);
 
     @PostMapping("/add")
     void add(@RequestBody TaskInfoDTO jobInfo) throws DEException;

sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/api/TaskLogApi.java

@@ -1,11 +1,14 @@
 package io.dataease.api.sync.task.api;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import io.dataease.api.sync.task.dto.TaskLogGridRequest;
 import io.dataease.api.sync.task.vo.LogResultVO;
 import io.dataease.api.sync.task.vo.TaskLogVO;
 import io.dataease.auth.DeApiPath;
-import io.dataease.request.BaseGridRequest;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 
 import static io.dataease.constant.AuthResourceEnum.TASK;
 
@@ -16,7 +19,7 @@ import static io.dataease.constant.AuthResourceEnum.TASK;
 @DeApiPath(value = "/sync/task/log", rt = TASK)
 public interface TaskLogApi {
     @PostMapping("/pager/{goPage}/{pageSize}")
-    IPage<TaskLogVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody BaseGridRequest request);
+    IPage<TaskLogVO> pager(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody TaskLogGridRequest request);
 
     @GetMapping("/detail/{logId}/{fromLineNum}")
     LogResultVO logDetail(@PathVariable("logId") String logId, @PathVariable("fromLineNum") int fromLineNum);

sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/dto/TaskGridRequest.java

@@ -0,0 +1,17 @@
+package io.dataease.api.sync.task.dto;
+
+import io.dataease.model.KeywordRequest;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+import java.util.List;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class TaskGridRequest extends KeywordRequest implements Serializable {
+    private List<String> logStatus;
+    private List<String> status;
+    private List<String> lastExecuteTime;
+    private List<String> nextExecuteTime;
+}

sdk/api/api-sync/src/main/java/io/dataease/api/sync/task/dto/TaskLogGridRequest.java

@@ -0,0 +1,16 @@
+package io.dataease.api.sync.task.dto;
+
+import io.dataease.model.KeywordRequest;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+import java.util.List;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class TaskLogGridRequest extends KeywordRequest implements Serializable {
+    private String taskId;
+    private List<String> status;
+    private List<String> lastExecuteTime;
+}