feat: 增加check_sql_safe 稳定性

2025-06-10 08:48:13 +08:00 · 2025-06-10 08:48:13 +08:00 · 438d06af2f
parent 84690e7b54
commit 438d06af2f
1 changed files with 1 additions and 1 deletions
--- a/apps/bi/services.py
+++ b/apps/bi/services.py
@ -5,7 +5,7 @@ from apps.bi.models import Dataset
 import concurrent
 from apps.utils.sql import execute_raw_sql, format_sqldata

-forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE"]
+forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE", "INSERT", "CREATE", "ALTER", "GRANT", "REVOKE", "EXEC", "EXECUTE"]


 def check_sql_safe(sql: str):