首页
留言
关于
友链
更多
足迹
实验室
地图组件
Search
1
SpringMVC+Spring+MyBatis整合完整版Web实例(附数据)
2,628 阅读
2
关于在Flutter实现Google地图的方法
1,042 阅读
3
SqlServer分组排序后取第一条记录
709 阅读
4
Maven仓库报错:Could not transfer artifact org.springframework.boot:spring-boot-maven-plugin:pom···
623 阅读
5
druid报异常 “sql injection violation, part alway true condition not allow”的解决方案
531 阅读
发现
技术
生活
户外
登录
Search
标签搜索
Git
JavaScript
Oracle
Git学习
Java
Flutter
MySQL
SQL Server
Spring Boot
对称加密算法
IntelliJ IDEA
Google地图
Maven
ES6
秦岭户外
Flutter 2.0
linux
Tomcat
Redis
Spring
Bai Keyang
累计撰写
269
篇文章
累计收到
275
条评论
首页
栏目
发现
技术
生活
户外
页面
留言
关于
友链
足迹
搜索到
1
篇与
SQL注入解决
的结果
2018-09-14
druid报异常 “sql injection violation, part alway true condition not allow”的解决方案
使用durid连接池组件,今天在使用Flyway的时候发现在执行SQL时抛出了一个异常:Caused by: java.sql.SQLException: sql injection violation, comment not allow : CREATE TABLE `test`.`schema_version` ( `installed_rank` INT NOT NULL, `version` VARCHAR(50), `description` VARCHAR(200) NOT NULL, `type` VARCHAR(20) NOT NULL, `script` VARCHAR(1000) NOT NULL, `checksum` INT, `installed_by` VARCHAR(100) NOT NULL, `installed_on` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, `execution_time` INT NOT NULL, `success` BOOL NOT NULL, -- Add the primary key as part of the CREATE TABLE statement in case `innodb_force_primary_key` is enabled CONSTRAINT `schema_version_pk`PRIMARY KEY (`installed_rank`) ) ENGINE=InnoDB at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:727) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.wall.WallFilter.statement_execute(WallFilter.java:397) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.filter.FilterChainImpl.statement_execute(FilterChainImpl.java:2487) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.filter.FilterAdapter.statement_execute(FilterAdapter.java:2451) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.filter.FilterEventAdapter.statement_execute(FilterEventAdapter.java:188) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.filter.FilterChainImpl.statement_execute(FilterChainImpl.java:2487) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.proxy.jdbc.StatementProxyImpl.execute(StatementProxyImpl.java:137) ~[druid-1.0.29.jar:1.0.29] at com.alibaba.druid.pool.DruidPooledStatement.execute(DruidPooledStatement.java:418) ~[druid-1.0.29.jar:1.0.29] at org.flywaydb.core.internal.dbsupport.JdbcTemplate.executeStatement(JdbcTemplate.java:267) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.internal.dbsupport.SqlScript.execute(SqlScript.java:142) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.internal.metadatatable.MetaDataTableImpl.createIfNotExists(MetaDataTableImpl.java:154) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.internal.metadatatable.MetaDataTableImpl.lock(MetaDataTableImpl.java:173) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.internal.command.DbMigrate.migrate(DbMigrate.java:146) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.Flyway$1.execute(Flyway.java:1010) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.Flyway$1.execute(Flyway.java:971) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.Flyway.execute(Flyway.java:1464) ~[flyway-core-4.2.0.jar:?] at org.flywaydb.core.Flyway.migrate(Flyway.java:971) ~[flyway-core-4.2.0.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_77] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_77] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_77] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_77] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1706) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1645) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireByType(AbstractAutowireCapableBeanFactory.java:1292) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1199) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:545) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331) ~[spring-beans-4.2.6.RELEASE.jar:4.2.6.RELEASE] ... 58 more上面异常信息中 sql injection violation, part alway true condition not allow 的意思是 sql注入,操作不被允许执行。解决方案:参数filters: 属性类型是字符串,通过别名的方式配置扩展插件,常用的插件有: 监控统计用的filter:stat 日志用的filter:log4j 防御sql注入的filter:wall。把 filters配置中 去掉 wall即可。druid详细参数配置地址:https://github.com/alibaba/druid/wiki/DruidDataSource%E9%85%8D%E7%BD%AE%E5%B1%9E%E6%80%A7%E5%88%97%E8%A1%A8
2018年09月14日
531 阅读
0 评论
0 点赞