From 438d06af2fce94d26f8d61da456e406a8cc2e62b Mon Sep 17 00:00:00 2001
From: caoqianming <caoqianming@foxmail.com>
Date: Tue, 10 Jun 2025 08:48:13 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0check=5Fsql=5Fsafe=20?=
 =?UTF-8?q?=E7=A8=B3=E5=AE=9A=E6=80=A7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/bi/services.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/bi/services.py b/apps/bi/services.py
index 4c44ccfa..29cc91e4 100644
--- a/apps/bi/services.py
+++ b/apps/bi/services.py
@@ -5,7 +5,7 @@ from apps.bi.models import Dataset
 import concurrent
 from apps.utils.sql import execute_raw_sql, format_sqldata
 
-forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE"]
+forbidden_keywords = ["UPDATE", "DELETE", "DROP", "TRUNCATE", "INSERT", "CREATE", "ALTER", "GRANT", "REVOKE", "EXEC", "EXECUTE"]
 
 
 def check_sql_safe(sql: str):