update 执行自定义SQL查询,限制只允许查询语句

master
yinq 1 week ago
parent 80e2be6f9c
commit e05196aaa2

@ -307,6 +307,11 @@ public class SysDatabaseLinkServiceImpl implements ISysDatabaseLinkService {
@Override
public List<LinkedHashMap<String, Object>> querySql(Long linkId, String sql) {
// 校验只允许查询SQL
String sqlTrim = sql.trim().toLowerCase(Locale.ROOT);
if (!(sqlTrim.startsWith("select") || sqlTrim.startsWith("with"))) {
throw new RuntimeException("只允许执行查询SELECT/CTE语句");
}
SysDatabaseLink link = baseMapper.selectById(linkId);
if (link == null) {
throw new RuntimeException("数据库连接信息不存在");

Loading…
Cancel
Save