fix: 修复检测逻辑
This commit is contained in:
wangjie
parent
56eccd36ae
commit
718276c410
@ -291,7 +291,7 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
|
|||||||
if q.OrderBy != "" {
|
if q.OrderBy != "" {
|
||||||
// 验证输入参数的安全性
|
// 验证输入参数的安全性
|
||||||
if !isSafeSQL(q.OrderBy) {
|
if !isSafeSQL(q.OrderBy) {
|
||||||
return errors.New("检测到潜在的SQL注入风险")
|
return errors.New("环境异常")
|
||||||
}
|
}
|
||||||
safeOrderBy := sanitizeOrderBy(q.OrderBy)
|
safeOrderBy := sanitizeOrderBy(q.OrderBy)
|
||||||
if safeOrderBy != "" {
|
if safeOrderBy != "" {
|
||||||
@ -405,7 +405,7 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
|
|||||||
if q.OrderBy != "" {
|
if q.OrderBy != "" {
|
||||||
// 验证输入参数的安全性
|
// 验证输入参数的安全性
|
||||||
if !isSafeSQL(q.OrderBy) {
|
if !isSafeSQL(q.OrderBy) {
|
||||||
return errors.New("检测到潜在的SQL注入风险")
|
return errors.New("环境异常")
|
||||||
}
|
}
|
||||||
safeOrderBy := sanitizeOrderBy(q.OrderBy)
|
safeOrderBy := sanitizeOrderBy(q.OrderBy)
|
||||||
if safeOrderBy != "" {
|
if safeOrderBy != "" {
|
||||||
@ -574,11 +574,6 @@ func isSafeSQL(sql string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// 检查是否包含单引号或双引号(可能的字符串注入)
|
|
||||||
if strings.Contains(sql, "'") || strings.Contains(sql, "\"") {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user