From 867ee929cf6e6bfc90f85031d6635423bd2bfe2f Mon Sep 17 00:00:00 2001 From: nick2wang Date: Mon, 27 Dec 2021 17:09:15 +0800 Subject: [PATCH] Update db_diagnostic.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 修复会话管理存在的sql注入风险 #1299 --- sql/db_diagnostic.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/sql/db_diagnostic.py b/sql/db_diagnostic.py index a09a617013..48965ad608 100644 --- a/sql/db_diagnostic.py +++ b/sql/db_diagnostic.py @@ -69,9 +69,10 @@ def create_kill_session(request): if AliyunRdsConfig.objects.filter(instance=instance, is_enable=True).exists(): result = aliyun_create_kill_session(request) else: - thread_ids = thread_ids.replace('[', '').replace(']', '') + thread_ids = json.loads(thread_ids) query_engine = get_engine(instance=instance) - sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});".format(thread_ids) + sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});"\ + .format(','.join(str(tid) for tid in thread_ids)) all_kill_sql = query_engine.query('information_schema', sql) kill_sql = '' for row in all_kill_sql.rows: @@ -99,9 +100,10 @@ def kill_session(request): if AliyunRdsConfig.objects.filter(instance=instance, is_enable=True).exists(): result = aliyun_kill_session(request) else: - thread_ids = thread_ids.replace('[', '').replace(']', '') + thread_ids = json.loads(thread_ids) engine = get_engine(instance=instance) - sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});".format(thread_ids) + sql = "select concat('kill ', id, ';') from information_schema.processlist where id in ({});"\ + .format(','.join(str(tid) for tid in thread_ids)) all_kill_sql = engine.query('information_schema', sql) kill_sql = '' for row in all_kill_sql.rows: