From f6eca216cf514823dea5c05b37ad2c8a01fcb773 Mon Sep 17 00:00:00 2001
From: gigibox <gigibox@163.com>
Date: 星期二, 20 六月 2023 16:22:23 +0800
Subject: [PATCH] 修改查询接口
---
kingdee/query.go | 37 +++++++++++++++++++++++++++++--------
1 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/kingdee/query.go b/kingdee/query.go
index 3926f88..65fd8d4 100644
--- a/kingdee/query.go
+++ b/kingdee/query.go
@@ -2,6 +2,7 @@
import (
"encoding/json"
+ "strings"
"kingdee-dbapi/config"
"kingdee-dbapi/logger"
@@ -15,28 +16,34 @@
logger.Debug("鎺ユ敹鍒版煡璇㈣姹�,%s", sql)
+ if !sqlCheck(sql) {
+ logger.Warn("璇嗗埆鍒板嵄闄╃殑sql璇彞, 鎷掔粷鎵ц. %s", sql)
+
+ return nil
+ }
+
if db == nil {
logger.Debug("鏁版嵁搴撴湭杩炴帴")
return nil
}
- rows, err := db.Raw(`select * from users`).Rows()
+ rows, err := db.Raw(sql).Rows()
if err != nil {
result = append(result, err.Error())
return err
}
- var colums []string
+ var cols []string
for rows.Next() {
//鍏堣幏鍙栨墍鏈夌殑column
- if colums == nil {
- colums, _ = rows.Columns()
+ if cols == nil {
+ cols, _ = rows.Columns()
}
//寤虹珛淇╀釜interface鏁扮粍锛宑olumnPointers涓瓨鍦╟olumns鐨勫湴鍧�
- columns := make([]interface{}, len(colums))
- columnPointers := make([]interface{}, len(colums))
+ columns := make([]interface{}, len(cols))
+ columnPointers := make([]interface{}, len(cols))
for i, _ := range columns {
//璧嬪�煎湴鍧�
columnPointers[i] = &columns[i]
@@ -45,13 +52,12 @@
//鎵弿缁撴灉
rows.Scan(columnPointers...)
m := make(map[string]interface{})
- for i, colName := range colums {
+ for i, colName := range cols {
val := columnPointers[i].(*interface{})
m[colName] = *val
}
result = append(result, m)
- //result = append(result, row)
}
logger.Debug("鏁版嵁搴撹繑鍥炴暟鎹�%+v", result)
@@ -66,3 +72,18 @@
return nil
}
+
+// 绠�鍗曡繃婊や笅sql璇彞,鎷掔粷澧炲垹鏀规搷浣�
+func sqlCheck(sql string) bool {
+ var dangerousWords = []string{"INSERT", "UPDATE", "DELETE", "ALTER", "DROP", "DECLARE", "EXECUTE", "EXEC", "INTO", "TRANCATE"}
+
+ var upperStr = strings.ToUpper(sql)
+
+ for _, word := range dangerousWords {
+ if strings.Contains(upperStr, word) {
+ return false
+ }
+ }
+
+ return true
+}
--
Gitblit v1.8.0