Fixed SQL Injection Vulnerabilities (#1184) (#1185)

Fixed API `/taier/api/console/listNames` SQL Injection Vulnerabilities (#1184)
DTStack · Jul 15, 2024 · 470fae8 · 470fae8
1 parent 4af3e15
commit 470fae8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/taier-dao/src/main/resources/sqlmap/ScheduleJobCacheMapper.xml b/taier-dao/src/main/resources/sqlmap/ScheduleJobCacheMapper.xml
@@ -21,7 +21,7 @@
     <select id="listNames" resultType="java.lang.String">
         select job_name
         from schedule_job_cache
-        where job_name like '%${jobName}%'
+        where job_name like concat('%', #{jobName}, '%')
           and is_deleted = 0;
     </select>