fix(数据源): Mysql jdbc反序列化漏洞

backend/src/main/java/io/dataease/dto/datasource/MysqlConfiguration.java

@@ -5,12 +5,16 @@ import lombok.Getter;
 import lombok.Setter;
 import org.apache.commons.lang3.StringUtils;
 
+import java.util.Arrays;
+import java.util.List;
+
 @Getter
 @Setter
 public class MysqlConfiguration extends JdbcConfiguration {
 
     private String driver = "com.mysql.jdbc.Driver";
     private String extraParams = "characterEncoding=UTF-8&connectTimeout=5000&useSSL=false&allowPublicKeyRetrieval=true&zeroDateTimeBehavior=convertToNull";
+    private List<String> illegalParameters = Arrays.asList("autoDeserialize", "queryInterceptors", "statementInterceptors", "detectCustomCollations");
 
     public String getJdbc() {
         if (StringUtils.isEmpty(extraParams.trim())) {
@@ -19,6 +23,12 @@ public class MysqlConfiguration extends JdbcConfiguration {
                     .replace("PORT", getPort().toString().trim())
                     .replace("DATABASE", getDataBase().trim());
         } else {
+            for (String illegalParameter : illegalParameters) {
+                if (getExtraParams().contains(illegalParameter)) {
+                    throw new RuntimeException("Illegal parameter: " + illegalParameter);
+                }
+            }
+
             return "jdbc:mysql://HOSTNAME:PORT/DATABASE?EXTRA_PARAMS"
                     .replace("HOSTNAME", getHost().trim())
                     .replace("PORT", getPort().toString().trim())