Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hint not allow error #4103

Closed
fox1987 opened this issue Dec 21, 2020 · 2 comments
Closed

hint not allow error #4103

fox1987 opened this issue Dec 21, 2020 · 2 comments
Labels
Bug
Milestone
1.2.5

Comments

@fox1987
Copy link

fox1987 commented Dec 21, 2020
edited by wenshao
Loading

开启filter之后,如下sql 1.2.3版本会报错

          String url = "jdbc:oracle:thin:@xx/xx";
        String driver = "oracle.jdbc.driver.OracleDriver";
        String user_name = "xx";
        String password = "xx";
        DruidDataSource dataSource = new DruidDataSource();
        dataSource.setDriverClassName(driver);
        dataSource.setUsername(user_name);
        dataSource.setPassword(password);
        dataSource.setUrl(url);
        dataSource.setMaxActive(5);
        dataSource.setMaxWait(20000);
        dataSource.setFilters("wall,stat");
        dataSource.init();
     Connection connection = dataSource.getConnection();
  PreparedStatement preparedStatement =  connection.prepareStatement("select/*+QUERY_TIMEOUT(600000000)*/ * from test_number");
        ResultSet resultSet = preparedStatement.executeQuery();

会有如下报错:
java.sql.SQLException: sql injection violation, dbType oracle, druid-version 1.2.3, hint not allow : select/+QUERY_TIMEOUT(600000000)/ * from test_number

at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:856)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341)
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351)

回退到1.1.23版本没有报错。
@leavesyang
Copy link

遇到了相同问题, 1.2.3, 1.2.4都会报这个错hint not allow

@wenshao wenshao added this to the 1.2.5 milestone Dec 25, 2020
@wenshao wenshao added the Bug label Dec 25, 2020
@wenshao
Copy link
Member

wenshao commented Feb 17, 2021

https://github.com/alibaba/druid/releases/tag/1.2.5
问题已修复,请用新版本

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
1.2.5
Development

No branches or pull requests
3 participants
@fox1987 @wenshao @leavesyang