Fixed SQL Injection Vulnerabilities (#1184) (#1185)

Jixiangup · web-flow · commit 470fae8b6264 · 2024-07-15T17:58:30.000+08:00
Fixed API `/taier/api/console/listNames` SQL Injection Vulnerabilities (#1184)
diff --git a/taier-dao/src/main/resources/sqlmap/ScheduleJobCacheMapper.xml b/taier-dao/src/main/resources/sqlmap/ScheduleJobCacheMapper.xml
@@ -21,7 +21,7 @@
     <select id="listNames" resultType="java.lang.String">
         select job_name
         from schedule_job_cache
-        where job_name like '%${jobName}%'
+        where job_name like concat('%', #{jobName}, '%')
           and is_deleted = 0;
     </select>
 
