You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by ha...@apache.org on 2022/05/23 07:20:01 UTC

[iotdb] branch master updated: fixed grafana connector sql inject (#5990)

This is an automated email from the ASF dual-hosted git repository.

haonan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git


The following commit(s) were added to refs/heads/master by this push:
     new ec0ca1044d fixed grafana connector sql inject (#5990)
ec0ca1044d is described below

commit ec0ca1044d2bb3d94320d115a22c1d7ea5e29881
Author: CloudWise-Lukemiao <76...@users.noreply.github.com>
AuthorDate: Mon May 23 15:19:56 2022 +0800

    fixed grafana connector sql inject (#5990)
---
 .../apache/iotdb/web/grafana/controller/DatabaseConnectController.java  | 2 +-
 .../main/java/org/apache/iotdb/web/grafana/dao/impl/BasicDaoImpl.java   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/controller/DatabaseConnectController.java b/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/controller/DatabaseConnectController.java
index f13f7d5a49..176a1549f8 100644
--- a/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/controller/DatabaseConnectController.java
+++ b/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/controller/DatabaseConnectController.java
@@ -127,7 +127,7 @@ public class DatabaseConnectController {
       logger.info("query finished");
       return result.toString();
     } catch (Exception e) {
-      logger.error("/query failed, request body is {}", json, e);
+      logger.error("/query failed, request body is {}", json.replaceAll("[\n\r\t]", "_"), e);
     }
     return null;
   }
diff --git a/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/dao/impl/BasicDaoImpl.java b/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/dao/impl/BasicDaoImpl.java
index dc68618d4b..99f6195654 100644
--- a/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/dao/impl/BasicDaoImpl.java
+++ b/grafana-connector/src/main/java/org/apache/iotdb/web/grafana/dao/impl/BasicDaoImpl.java
@@ -101,7 +101,7 @@ public class BasicDaoImpl implements BasicDao {
       default:
         timestampRadioX = 1L;
     }
-    logger.info("Use timestamp precision {}", timestampPrecision);
+    logger.info("Use timestamp precision {}", timestampPrecision.replaceAll("[\n\r\t]", "_"));
   }
 
   /**