Skip to content

Commit 355d229

Browse files
committed
Server:解决子查询泄漏SQLConfig的dbPassword等信息;优化子查询缓存路径及报错信息
1 parent 39a905b commit 355d229

File tree

2 files changed

+17
-5
lines changed

2 files changed

+17
-5
lines changed

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractObjectParser.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -339,14 +339,14 @@ public boolean onParse(@NotNull String key, @NotNull Object value) throws Except
339339
}
340340

341341

342-
JSONArray arr = parser.onArrayParse(subquery, AbstractParser.getAbsPath(path, replaceKey), replaceKey, true);
342+
JSONArray arr = parser.onArrayParse(subquery, AbstractParser.getAbsPath(path, replaceKey), "[]", true);
343343

344344
JSONObject obj = arr == null || arr.isEmpty() ? null : arr.getJSONObject(0);
345345

346346
String from = subquery.getString("from");
347347
JSONObject arrObj = obj.getJSONObject(from);
348348
if (arrObj == null) {
349-
throw new IllegalArgumentException("子查询 " + path + "/" + key + ":{ from:value } 中 value 对应的数组对象不存在!");
349+
throw new IllegalArgumentException("子查询 " + path + "/" + key + ":{ from:value } 中 value 对应的主表对象不存在!");
350350
}
351351
//
352352
SQLConfig cfg = arrObj == null ? null : (SQLConfig) arrObj.get(AbstractParser.KEY_CONFIG);
@@ -360,11 +360,11 @@ public boolean onParse(@NotNull String key, @NotNull Object value) throws Except
360360
s.setRange(range);
361361
s.setKey(replaceKey);
362362
s.setConfig(cfg);
363-
364-
parser.putQueryResult(AbstractParser.getAbsPath(path, key), s); //字符串引用保证不了安全性 parser.getSQL(cfg));
365363

366364
key = replaceKey;
367365
value = s; //(range == null || range.isEmpty() ? "" : "range") + "(" + cfg.getSQL(false) + ") ";
366+
367+
parser.putQueryResult(AbstractParser.getAbsPath(path, key), s); //字符串引用保证不了安全性 parser.getSQL(cfg));
368368
}
369369
else if (value instanceof String) { // 引用赋值路径
370370

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/Subquery.java

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
package zuo.biao.apijson.server;
1616

1717
import com.alibaba.fastjson.JSONObject;
18+
import com.alibaba.fastjson.annotation.JSONField;
1819

1920
/**子查询 配置
2021
* @author Lemon
@@ -30,44 +31,55 @@ public class Subquery {
3031
private String key; //id
3132
private SQLConfig config;
3233

33-
34+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
3435
public String getPath() {
3536
return path;
3637
}
3738
public void setPath(String path) {
3839
this.path = path;
3940
}
41+
42+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
4043
public String getOriginKey() {
4144
return originKey;
4245
}
4346
public void setOriginKey(String originKey) {
4447
this.originKey = originKey;
4548
}
49+
50+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
4651
public JSONObject getOriginValue() {
4752
return originValue;
4853
}
4954
public void setOriginValue(JSONObject originValue) {
5055
this.originValue = originValue;
5156
}
5257

58+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
5359
public String getFrom() {
5460
return from;
5561
}
5662
public void setFrom(String from) {
5763
this.from = from;
5864
}
65+
66+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
5967
public String getRange() {
6068
return range;
6169
}
6270
public void setRange(String range) {
6371
this.range = range;
6472
}
73+
74+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
6575
public String getKey() {
6676
return key;
6777
}
6878
public void setKey(String key) {
6979
this.key = key;
7080
}
81+
82+
@JSONField(serialize = false) //解决泄漏 SQLConfig 里的 dbPassword 等
7183
public SQLConfig getConfig() {
7284
return config;
7385
}

0 commit comments

Comments
 (0)