[inlong] branch master updated: [INLONG-7675][Manager] Check OrderType when calling listAll to prevent sql injection (#7676)

[he...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

healchow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/inlong.git


The following commit(s) were added to refs/heads/master by this push:
     new 93f8f2f44 [INLONG-7675][Manager] Check OrderType when calling listAll to prevent sql injection (#7676)
93f8f2f44 is described below

commit 93f8f2f441f8aa3b47953aaedfbc78ea5cc33a38
Author: fuweng11 <76...@users.noreply.github.com>
AuthorDate: Sun Mar 26 23:33:57 2023 +0800

    [INLONG-7675][Manager] Check OrderType when calling listAll to prevent sql injection (#7676)
---
 .../apache/inlong/manager/service/stream/InlongStreamServiceImpl.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/stream/InlongStreamServiceImpl.java b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/stream/InlongStreamServiceImpl.java
index b83b5e633..91db42763 100644
--- a/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/stream/InlongStreamServiceImpl.java
+++ b/inlong-manager/manager-service/src/main/java/org/apache/inlong/manager/service/stream/InlongStreamServiceImpl.java
@@ -335,6 +335,8 @@ public class InlongStreamServiceImpl implements InlongStreamService {
         // the person in charge of the inlong group has the authority of all inlong streams,
         // so do not filter by in charge person
         PageHelper.startPage(request.getPageNum(), request.getPageSize());
+        OrderFieldEnum.checkOrderField(request);
+        OrderTypeEnum.checkOrderType(request);
         Page<InlongStreamEntity> page = (Page<InlongStreamEntity>) streamMapper.selectByCondition(request);
         List<InlongStreamInfo> streamInfoList = CommonBeanUtils.copyListProperties(page, InlongStreamInfo::new);