public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-14 12:22:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix:【漏洞】修复 数据源 SQL注入漏洞

Browse Source
This commit is contained in:
taojinlong
2026-02-25 16:12:23 +08:00
committed by taojinlong
parent 5902d1031b
commit e916785a11
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/core-backend/src/main/java/io/dataease/datasource/provider/CalciteProvider.java
View File

@@ -315,6 +315,9 @@ public class CalciteProvider extends Provider {
DatasourceConfiguration datasourceConfiguration = JsonUtil.parseObject(datasourceRequest.getDatasource().getConfiguration(), DatasourceConfiguration.class);
String table = datasourceRequest.getTable();
if (!getTables(datasourceRequest).stream().map(DatasetTableDTO::getTableName).collect(Collectors.toList()).contains(table)) {
DEException.throwException(Translator.get("i18n_invalid_table_name"));
}
if (StringUtils.isEmpty(table)) {
ResultSet resultSet = null;
try (Connection con = getConnectionFromPool(datasourceRequest.getDatasource().getId()); Statement statement = getStatement(con, 30)) {