mirror of
https://github.com/dataease/dataease.git
synced 2026-05-15 13:32:18 +08:00
fix: 过滤 mysql、redshift 非法参数
This commit is contained in:
taojinlong
@@ -27,22 +27,24 @@ public class Mysql extends DatasourceConfiguration {
|
||||
}
|
||||
return getJdbcUrl();
|
||||
}
|
||||
String jdbcUrl = "";
|
||||
if (StringUtils.isEmpty(extraParams.trim())) {
|
||||
return "jdbc:mysql://HOSTNAME:PORT/DATABASE"
|
||||
jdbcUrl = "jdbc:mysql://HOSTNAME:PORT/DATABASE"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim());
|
||||
} else {
|
||||
for (String illegalParameter : illegalParameters) {
|
||||
if (URLDecoder.decode(getExtraParams()).toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(getExtraParams()).contains(illegalParameter.toLowerCase())) {
|
||||
DEException.throwException("Illegal parameter: " + illegalParameter);
|
||||
}
|
||||
}
|
||||
return "jdbc:mysql://HOSTNAME:PORT/DATABASE?EXTRA_PARAMS"
|
||||
jdbcUrl = "jdbc:mysql://HOSTNAME:PORT/DATABASE?EXTRA_PARAMS"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim())
|
||||
.replace("EXTRA_PARAMS", getExtraParams().trim());
|
||||
}
|
||||
for (String illegalParameter : illegalParameters) {
|
||||
if (URLDecoder.decode(jdbcUrl).toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(jdbcUrl).contains(illegalParameter.toLowerCase())) {
|
||||
DEException.throwException("Illegal parameter: " + illegalParameter);
|
||||
}
|
||||
}
|
||||
return jdbcUrl;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,40 +1,58 @@
|
||||
package io.dataease.datasource.type;
|
||||
|
||||
import io.dataease.exception.DEException;
|
||||
import io.dataease.extensions.datasource.vo.DatasourceConfiguration;
|
||||
import lombok.Data;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.net.URLDecoder;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
@Data
|
||||
@Component("pg")
|
||||
public class Pg extends DatasourceConfiguration {
|
||||
private String driver = "org.postgresql.Driver";
|
||||
private String extraParams = "";
|
||||
private List<String> illegalParameters = Arrays.asList("socketFactory", "socketFactoryArg");
|
||||
|
||||
public String getJdbc() {
|
||||
if(StringUtils.isNoneEmpty(getUrlType()) && !getUrlType().equalsIgnoreCase("hostName")){
|
||||
for (String illegalParameter : illegalParameters) {
|
||||
if (URLDecoder.decode(getJdbcUrl()).contains(illegalParameter)) {
|
||||
DEException.throwException("Illegal parameter: " + illegalParameter);
|
||||
}
|
||||
}
|
||||
return getJdbcUrl();
|
||||
}
|
||||
String jdbcUrl = "";
|
||||
if(StringUtils.isEmpty(extraParams.trim())){
|
||||
if (StringUtils.isEmpty(getSchema())) {
|
||||
return "jdbc:postgresql://HOSTNAME:PORT/DATABASE"
|
||||
jdbcUrl = "jdbc:postgresql://HOSTNAME:PORT/DATABASE"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim());
|
||||
} else {
|
||||
return "jdbc:postgresql://HOSTNAME:PORT/DATABASE?currentSchema=SCHEMA"
|
||||
jdbcUrl = "jdbc:postgresql://HOSTNAME:PORT/DATABASE?currentSchema=SCHEMA"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim())
|
||||
.replace("SCHEMA", getSchema().trim());
|
||||
}
|
||||
}else {
|
||||
return "jdbc:postgresql://HOSTNAME:PORT/DATABASE?EXTRA_PARAMS"
|
||||
jdbcUrl = "jdbc:postgresql://HOSTNAME:PORT/DATABASE?EXTRA_PARAMS"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim())
|
||||
.replace("EXTRA_PARAMS", getExtraParams().trim());
|
||||
|
||||
}
|
||||
for (String illegalParameter : illegalParameters) {
|
||||
if (URLDecoder.decode(jdbcUrl).toLowerCase().contains(illegalParameter.toLowerCase()) || URLDecoder.decode(jdbcUrl).contains(illegalParameter.toLowerCase())) {
|
||||
DEException.throwException("Illegal parameter: " + illegalParameter);
|
||||
}
|
||||
}
|
||||
return jdbcUrl;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,9 +26,15 @@ public class Redshift extends DatasourceConfiguration {
|
||||
}
|
||||
return getJdbcUrl();
|
||||
}
|
||||
return "jdbc:redshift://HOSTNAME:PORT/DATABASE"
|
||||
String jdbcUrl = "jdbc:redshift://HOSTNAME:PORT/DATABASE"
|
||||
.replace("HOSTNAME", getLHost().trim())
|
||||
.replace("PORT", getLPort().toString().trim())
|
||||
.replace("DATABASE", getDataBase().trim());
|
||||
for (String illegalParameter : illegalParameters) {
|
||||
if (URLDecoder.decode(jdbcUrl).contains(illegalParameter)) {
|
||||
DEException.throwException("Illegal parameter: " + illegalParameter);
|
||||
}
|
||||
}
|
||||
return jdbcUrl;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user