public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-13 17:14:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix typo in 'truncate' in CHECK_INJECT_PATTERN

Browse Source
This commit is contained in:
xuwei-fit2cloud
2026-03-05 04:52:13 +08:00
committed by GitHub
parent 159e900c27
commit e9cef4909f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sdk/dataease-plugin-datasource/src/main/java/io/dataease/plugins/datasource/provider/DefaultExtDDLProvider.java
View File

@@ -10,7 +10,7 @@ import java.util.regex.Pattern;
public class DefaultExtDDLProvider extends ExtDDLProvider {
private final Pattern CHECK_INJECT_PATTERN = Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)|(.*\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|sleep|extractvalue|updatexml|substring|database|concat|rand|gtid_subset)\\b.*)");
private final Pattern CHECK_INJECT_PATTERN = Pattern.compile("(.*\\=.*\\-\\-.*)|(.*(\\+).*)|(.*\\w+(%|\\$|#|&)\\w+.*)|(.*\\|\\|.*)|(.*\\s+(and|or)\\s+.*)|(.*\\b(select|update|union|and|or|delete|insert|truncate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|sleep|extractvalue|updatexml|substring|database|concat|rand|gtid_subset)\\b.*)");
@Override
public boolean checkSqlInjection(String sql) {