center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix: 限制 mysql 非法参数

Browse Source
This commit is contained in:
taojinlong 2023-10-26 16:04:20 +08:00
parent 2a601cfdd6
commit 244b07a3cf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java
View File

@ -13,7 +13,7 @@ import java.util.List;
public class Mysql extends DatasourceConfiguration { public class Mysql extends DatasourceConfiguration {
private String driver = "com.mysql.cj.jdbc.Driver"; private String driver = "com.mysql.cj.jdbc.Driver";
private String extraParams = "characterEncoding=UTF-8&connectTimeout=5000&useSSL=false&allowPublicKeyRetrieval=true&zeroDateTimeBehavior=convertToNull"; private String extraParams = "characterEncoding=UTF-8&connectTimeout=5000&useSSL=false&allowPublicKeyRetrieval=true&zeroDateTimeBehavior=convertToNull";
private List<String> illegalParameters = Arrays.asList("autoDeserialize", "queryInterceptors", "statementInterceptors", "detectCustomCollations"); private List<String> illegalParameters = Arrays.asList("autoDeserialize", "queryInterceptors", "statementInterceptors", "detectCustomCollations", "allowloadlocalinfile", "allowUrlInLocalInfile", "allowLoadLocalInfileInPath");
private List<String> showTableSqls = Arrays.asList("show tables"); private List<String> showTableSqls = Arrays.asList("show tables");
public String getJdbc() { public String getJdbc() {
@ -24,7 +24,7 @@ public class Mysql extends DatasourceConfiguration {
.replace("DATABASE", getDataBase().trim()); .replace("DATABASE", getDataBase().trim());
} else { } else {
for (String illegalParameter : illegalParameters) { for (String illegalParameter : illegalParameters) {
if (getExtraParams().contains(illegalParameter)) { if (getExtraParams().toLowerCase().contains(illegalParameter.toLowerCase())) {
throw new RuntimeException("Illegal parameter: " + illegalParameter); throw new RuntimeException("Illegal parameter: " + illegalParameter);
} }
} }