From 4921383de1c1ce1664a75dca106b3dcc6c4e95ba Mon Sep 17 00:00:00 2001
From: caoqianming <caoqianming@foxmail.com>
Date: Tue, 19 Aug 2025 15:11:03 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20check=5Fsql=5Fsafe=20=E4=BC=98=E5=8C=96?=
 =?UTF-8?q?=E4=B8=80=E4=B8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/bi/services.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/bi/services.py b/apps/bi/services.py
index e9fad319..0bba6d35 100644
--- a/apps/bi/services.py
+++ b/apps/bi/services.py
@@ -12,8 +12,11 @@ def check_sql_safe(sql: str):
     """检查sql安全性
     """
     sql_upper = sql.upper()
+    # 将SQL按空格和分号分割成单词
+    words = [word for word in sql_upper.replace(';', ' ').split() if word]
     for kw in forbidden_keywords:
-        if kw in sql_upper:
+        # 检查关键字是否作为独立单词出现
+        if kw in words:
             raise ParseError(f'sql查询有风险-{kw}')
     return sql