sql injection violation, delete not allow

最新推荐文章于 2023-09-22 11:45:14 发布

w_xj

最新推荐文章于 2023-09-22 11:45:14 发布

阅读量2.2k

点赞数 4

分类专栏： java

本文链接：https://blog.csdn.net/x1210128068/article/details/88846796

版权

java 专栏收录该内容

8 篇文章 0 订阅

订阅专栏

org.springframework.jdbc.UncategorizedSQLException:
### Error updating database. Cause: java.sql.SQLException: sql injection violation, delete not allow : DELETE FROM t_user
### SQL: DELETE FROM t_user
### Cause: java.sql.SQLException: sql injection violation, delete not allow : DELETE FROM t_user
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, delete not allow : DELETE FROM t_user; nested exception is java.sql.SQLException: sql injection violation, delete not allow : DELETE FROM t_user
   at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:90)
   at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:82)
   at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:82)
   at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)
   at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:446)
   at com.sun.proxy.$Proxy99.delete(Unknown Source)
   at org.mybatis.spring.SqlSessionTemplate.delete(SqlSessionTemplate.java:310)
   at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:68)
   at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
   at com.sun.proxy.$Proxy123.deleteUser(Unknown Source)
   at com.cncp.classification.CncpClassificationApplicationTests.deleteUser(CncpClassificationApplicationTests.java:64)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:483)
   at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
   at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
   at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
   at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
   at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
   at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
   at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
   at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
   at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:252)
   at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94)
   at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
   at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
   at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
   at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
   at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
   at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
   at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
   at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
   at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191)
   at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
   at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
   at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
   at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
   at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
   at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
Caused by: java.sql.SQLException: sql injection violation, delete not allow : DELETE FROM t_user
   at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:800)
   at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)
   at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
   at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:929)
   at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122)
   at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
   at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
   at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:349)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:483)
   at org.apache.ibatis.logging.jdbc.ConnectionLogger.invoke(ConnectionLogger.java:55)
   at com.sun.proxy.$Proxy131.prepareStatement(Unknown Source)
   at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:87)
   at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88)
   at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59)
   at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:85)
   at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49)
   at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
   at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
   at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:198)
   at org.apache.ibatis.session.defaults.DefaultSqlSession.delete(DefaultSqlSession.java:213)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:483)
   at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:433)
   ... 35 more

问题：

WallFilter得check未通过，delete删除不被允许

解决方案：

配置文件中修改如下地方

spring.datasource.druid.filters=stat,wall,slf4j 删除掉wall

spring.datasource.druid.filter.wall.enabled=true true设为false

配置这两处地方是为了checksql语句，当前项目不允许数据库删除，删除为逻辑删除，修改状态值

w_xj

关注

4
点赞
踩
1

收藏

觉得还不错? 一键收藏
1
评论
sql injection violation, delete not allow

org.springframework.jdbc.UncategorizedSQLException:### Error updating database. Cause: java.sql.SQLException: sql injection violation, delete not allow : DELETE FROM t_user### SQL: DELETE FROM t_us...
复制链接

扫一扫