Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.2.0 wall过滤器配置multi-statement-allow: true不起作用 #640

Open
yupeishan opened this issue May 15, 2024 · 4 comments
Open

4.2.0 wall过滤器配置multi-statement-allow: true不起作用 #640

yupeishan opened this issue May 15, 2024 · 4 comments

Comments

@yupeishan
Copy link

Enviroment

JDK Version(required): 1.8

SpringBoot Version(required): 2.5

dynamic-datasource-spring-boot-starter Version(required): 4.2

druid Version(optional): 1.2.16

Describe what happened

您好,请问wall过滤器中如何允许多重语句的执行,也就是multi-statement-allow 我试过在spring.datasource.druid.filter.wall下面配置,或者在spring.datasource.dynamic.druid.wall下面配置,以及都进行配置,均不起作用,执行多重语句时仍然出现报错,
Cause: java.sql.SQLException: sql injection violation, dbType mysql, druid-version 1.2.16, multi-statement not allow
jdbc连接中也配置了allowMultiQueries=true

yml

spring:
    datasource:
        type: com.alibaba.druid.pool.DruidDataSource
        druid:
            stat-view-servlet:
                enabled: true
                # 设置白名单,不填则允许所有访问
                allow:
                url-pattern: /druid/*
                # 控制台管理用户名和密码
                login-username: admin
                login-password: admin123
                reset-enable: true
            web-stat-filter:
                enabled: true
                # 排除资源
                exclusions: .js,*.gif,*.jpg,*.bmp,*.png,*.css,*.ico,/druid/*
                # 开启session统计
                session-stat-enable: true
                # session统计的最大个数
                session-stat-max-count: 100
                # 过滤路径
                url-pattern: /*
            filter:
                stat:
                    enabled: true
                    # 慢SQL记录
                    log-slow-sql: true
                    slow-sql-millis: 5000
                    merge-sql: true
                wall:
                    enabled: true
                    config:
                        multi-statement-allow: true
                        drop-table-allow: false
        dynamic:
            # 主数据源
            primary: master
            # 严格模式
            strict: false
            # 懒加载
            lazy: true
            druid:
                # 初始连接数
                initialSize: 5
                # 最小连接池数量
                minIdle: 10
                # 最大连接池数量
                maxActive: 20
                # 配置获取连接等待超时的时间
                maxWait: 6000
                # 配置连接超时时间
                connectTimeout: 30000
                # 配置网络超时时间
                socketTimeout: 60000
                # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
                timeBetweenEvictionRunsMillis: 2000
                # 配置一个连接在池中最小生存的时间,单位是毫秒
                minEvictableIdleTimeMillis: 600000
                # 配置一个连接在池中最大生存的时间,单位是毫秒
                maxEvictableIdleTimeMillis: 900000
                testWhileIdle: true
                testOnBorrow: false
                testOnReturn: false
                filters: stat,wall,slf4j
                wall:
                    enabled: true
                    config:
                        multi-statement-allow: true
                        drop-table-allow: false
            datasource:
                master:
                    driverClassName: com.mysql.cj.jdbc.Driver
                    url: jdbc:mysql://${AMS_HOST:ams-host}:${AMS_PORT:3306}/newlight?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true
                    username: ${MYSQL_USER:test}
                    password: ${MYSQL_PWD:test@123}
                    druid:
                        validation-query: select 1
@yupeishan yupeishan changed the title 4.2.0 wall过滤器配置multi-statement-allow: true不起作用 #5916 4.2.0 wall过滤器配置multi-statement-allow: true不起作用 May 15, 2024
@yupeishan
Copy link
Author

以下为mybatis执行的语句

<update id="updateBatch">
        <foreach collection="list" item="item" separator=";">
            update sys_dict_data
            <trim prefix="SET" suffixOverrides=",">
                <if test="item.dictLabel != null and item.dictLabel != ''">dict_label = #{item.dictLabel},</if>
                <if test="item.dictValue != null and item.dictValue != ''">dict_value = #{item.dictValue},</if>
                <if test="item.dictType != null and item.dictType != ''">dict_type = #{item.dictType},</if>
                <if test="item.dictSort != null and item.dictSort != ''">dict_sort = #{item.dictSort},</if>
                <if test="item.status != null and item.status != ''">status = #{item.status},</if>
            </trim>
            where dict_code = #{item.dictCode}
        </foreach>
</update>

@yupeishan
Copy link
Author

yupeishan commented May 15, 2024
edited
Loading

另外,配置文件中我只配置了master数据源,其他数据源通过JDBC的方式在启动时进行加载

@zouzhiy
Copy link

zouzhiy commented Aug 26, 2024

源头应该是DsConfigUtil的getSetterMethods,只获取了当前类的set get方法,没有读取到父类的get set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zouzhiy @yupeishan and others