feat: check_sql_safe 优化一下

2025-08-19 15:11:03 +08:00 · 2025-08-19 15:11:03 +08:00 · 4921383de1
parent bbfa512bb1
commit 4921383de1
1 changed files with 4 additions and 1 deletions
--- a/apps/bi/services.py
+++ b/apps/bi/services.py
@ -12,8 +12,11 @@ def check_sql_safe(sql: str):
    """检查sql安全性
    """
    sql_upper = sql.upper()
+    # 将SQL按空格和分号分割成单词
+    words = [word for word in sql_upper.replace(';', ' ').split() if word]
    for kw in forbidden_keywords:
-        if kw in sql_upper:
+        # 检查关键字是否作为独立单词出现
+        if kw in words:
            raise ParseError(f'sql查询有风险-{kw}')
    return sql