fix: 修复检测逻辑

2025-08-22 19:08:43 +08:00 · 2025-08-22 19:08:43 +08:00 · 718276c410
commit 718276c410
parent 56eccd36ae
1 changed files with 2 additions and 7 deletions
--- a/lxDb/sql.go
+++ b/lxDb/sql.go
@ -291,7 +291,7 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
 			if !isSafeSQL(q.OrderBy) {
-				return errors.New("检测到潜在的SQL注入风险")
+				return errors.New("环境异常")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
@ -405,7 +405,7 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
 			if !isSafeSQL(q.OrderBy) {
-				return errors.New("检测到潜在的SQL注入风险")
+				return errors.New("环境异常")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
@ -574,11 +574,6 @@ func isSafeSQL(sql string) bool {
 		return false
 	}

-	// 检查是否包含单引号或双引号（可能的字符串注入）
-	if strings.Contains(sql, "'") || strings.Contains(sql, "\"") {
-		return false
-	}
-
 	return true
 }