druid mysql bug: like 条件 写为 "%"?"%" 时报错

gtlvzcf8  于 4个月前  发布在  Druid
关注(0)|答案(1)|浏览(56)

1.测试版本: 1.1.21/1.2,6均出现该问题
2.出错sql :select * from demo where name like "%"?"%"
出错位置: ps = conn.prepareStatement(sql);
经测试 :MysqlDataSource 的 ps = conn.prepareStatement(sql); 无该问题.
3.异常信息:
java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.5, syntax error: syntax error, error in :'name like "%"?"%", pos 54, line 1, column 54, token ? : select * from demo d where d.name like "%"?"%"
4:附录,在使用wallFilter时,其解析也会出错.类似于以下报错:
sql injection violation, syntax error: syntax error, error in :'code like "%"?"%" ', expect QUES, actual QUES pos 232, line 9, column 43, token QUES

报错位置存在于以下位置:
com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'code like "%"?"%" ', expect QUES, actual QUES pos 232, line 9, column 43, token QUES at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:344) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:532) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:182) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:624) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:578)

0ve6wy6x

0ve6wy6x1#

附 MysqlDataSource 测试文件

import com.alibaba.druid.util.JdbcUtils;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.mysql.cj.jdbc.MysqlDataSource;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;

import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.util.List;
import java.util.Map;

/**
 * @author lichen
 * @email 250846434@qq.com
 * @date 2021/9/1 14:08
 */
@Slf4j
public class ConnTest {
    private static DataSource ds;

    public static void main(String[] args) throws SQLException {
        ds = getDataSource();
        List<Map<String, Object>> a = executeQuery("select * from demo where name like \"%\"?\"%\"", "1");

    }

    //
    private static DataSource getDataSource() {
        MysqlDataSource ds = new MysqlDataSource();
        ds.setUrl("jdbc:mysql://127.0.0.1:3306/demo?allowMultiQueries=true&useUnicode=true&useSSL=false&serverTimezone=GMT%2B8&autoReconnect=true&characterEncoding=UTF-8&rewriteBatchedStatements=true");
        ds.setUser();
        ds.setPassword();
        return ds;
    }

    @SneakyThrows
    public static List<Map<String, Object>> executeQuery(String sql, Object... params) {
        List<Map<String, Object>> result = Lists.newArrayList();
        Connection conn = ds.getConnection();
        PreparedStatement ps = conn.prepareStatement(sql);
        for (int i = 0; i < params.length; i++) {
            ps.setObject(i + 1, params[i]);
        }
        ResultSet rs = ps.executeQuery();
        ResultSetMetaData metaData = rs.getMetaData(); //获得列的结果
        while (rs.next()) {
            Map<String, Object> map = Maps.newHashMap();
            for (int i = 0; i < metaData.getColumnCount(); i++) {
                String key = metaData.getColumnName(i + 1);
                Object value = rs.getObject(i + 1);
                map.put(key, value);
            }
            result.add(map);
        }
        JdbcUtils.close(rs);
        JdbcUtils.close(ps);
        JdbcUtils.close(conn);
        return result;
    }
}

相关问题