数据安全接口修复

2 weeks ago · 5d96d55e82
1 changed files with 14 additions and 14 deletions
--- a/vue-fastapi-backend/module_admin/service/metasecurity_service.py
+++ b/vue-fastapi-backend/module_admin/service/metasecurity_service.py
@ -734,25 +734,25 @@ async def replace_table_with_subquery(ctrSqlDict, oldStrSql):
            original_table = match.group(2)
            alias_part = match.group(3)    # " AS xxx" 或 " xxx"
            alias_name = match.group(4)    # xxx
-
+            sql_keywords = {
+                      "SELECT", "INSERT", "UPDATE", "DELETE", "MERGE", "TRUNCATE",
+                      "VALUES", "RETURNING", "FROM", "WHERE", "GROUP", "HAVING", "ORDER",
+                      "LIMIT", "OFFSET", "DISTINCT", "ALL", "UNION", "INTERSECT", "EXCEPT",
+                      "JOIN", "INNER", "LEFT", "RIGHT", "FULL", "CROSS", "NATURAL", "USING", "ON",
+                      "TABLE", "VIEW", "INDEX", "PRIMARY", "KEY", "FOREIGN", "REFERENCES", "NOT", 
+                      "NULL", "UNIQUE", "CHECK", "DEFAULT", "IF", "ELSE", "CASE", "WHEN", "THEN", 
+                      "END", "LOOP", "FOR", "WHILE", "CREATE", "ALTER", "DROP", "TRUNCATE", "COMMENT",
+                      "EXISTS", "IN", "IS", "LIKE", "ILIKE", "SIMILAR", "BETWEEN", "AND", "OR", "ANY", 
+                      "ALL", "SOME", "FETCH", "NEXT", "ONLY", "ASC", "DESC", "GRANT", "REVOKE", "ROLE", 
+                      "USER", "CURRENT_DATE", "CURRENT_TIME", "CURRENT_TIMESTAMP",
+                  }
            # 动态获取子查询
-            if original_table in ctrSqlDict:
+            if original_table in ctrSqlDict and alias_name not in sql_keywords:
                # 使用 ctrSqlDict 中的子查询替换表名
                replaced = f"{keyword} ({ctrSqlDict[original_table]}) {alias_part}"
            else:
                # 默认处理逻辑：判断 alias 是否为关键字
-                sql_keywords = {
-                    "SELECT", "INSERT", "UPDATE", "DELETE", "MERGE", "TRUNCATE",
-                    "VALUES", "RETURNING", "FROM", "WHERE", "GROUP", "HAVING", "ORDER",
-                    "LIMIT", "OFFSET", "DISTINCT", "ALL", "UNION", "INTERSECT", "EXCEPT",
-                    "JOIN", "INNER", "LEFT", "RIGHT", "FULL", "CROSS", "NATURAL", "USING", "ON",
-                    "TABLE", "VIEW", "INDEX", "PRIMARY", "KEY", "FOREIGN", "REFERENCES", "NOT", 
-                    "NULL", "UNIQUE", "CHECK", "DEFAULT", "IF", "ELSE", "CASE", "WHEN", "THEN", 
-                    "END", "LOOP", "FOR", "WHILE", "CREATE", "ALTER", "DROP", "TRUNCATE", "COMMENT",
-                    "EXISTS", "IN", "IS", "LIKE", "ILIKE", "SIMILAR", "BETWEEN", "AND", "OR", "ANY", 
-                    "ALL", "SOME", "FETCH", "NEXT", "ONLY", "ASC", "DESC", "GRANT", "REVOKE", "ROLE", 
-                    "USER", "CURRENT_DATE", "CURRENT_TIME", "CURRENT_TIMESTAMP",
-                }
+      

                if alias_name and alias_name.upper().split()[0] not in sql_keywords:
                    replaced = f"{keyword} ({subquery}) {alias_part}"