防止注入敏感词

vue-fastapi-backend/module_admin/service/metasecurity_service.py

@@ -289,6 +289,10 @@ class MetaSecurityService:
             raise ServiceException(data='', message='用户不存在')
         if not page_object.password == user[0].password:
             raise ServiceException(data='', message='用户密码错误！')
+        forbidden_keywords = ["UPDATE", "DELETE", "INSERT", "DROP", "ALTER", "TRUNCATE"]
+        pattern = re.compile(r"\b(" + "|".join(forbidden_keywords) + r")\b", re.IGNORECASE)
+        if pattern.search(page_object.sqlStr):
+            raise ServiceException(data='', message='SQL 中包含敏感词（UPDATE, DELETE, INSERT, DROP, ALTER, TRUNCATE），禁止执行！')
         query_user = await UserDao.get_user_by_id(query_db, user_id=user[0].user_id)
         role_id_list = [item.role_id for item in query_user.get('user_role_info')]
         #2.测试数据源连接是否正常