remove sensitive info for more api. (#829)

Co-authored-by: dzygcc <avadar@qq.com>

remove sensitive info for more api. (#829)
Co-authored-by: dzygcc <avadar@qq.com>
dc2ce689 · dzygcc · GitHub · 8cc95731 · dc2ce689
Unverified Commit dc2ce689 authored Aug 08, 2022 by dzygcc Committed by GitHub Aug 08, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 0 deletions

SecurityAspect.java ...dmin/src/main/java/com/dlink/security/SecurityAspect.java +29 -0

No files found.
--- a/dlink-admin/src/main/java/com/dlink/security/SecurityAspect.java
+++ b/dlink-admin/src/main/java/com/dlink/security/SecurityAspect.java
@@ -24,6 +24,7 @@ package com.dlink.security;
 import com.dlink.common.result.ProTableResult;
 import com.dlink.common.result.Result;
 import com.dlink.model.History;
+import com.dlink.model.JobInfoDetail;
 import com.dlink.result.ExplainResult;
 import com.dlink.result.SqlExplainResult;
 import org.aspectj.lang.JoinPoint;
@@ -53,6 +54,7 @@ public class SecurityAspect {
    public void afterReturning(JoinPoint joinPoint, Object returnValue) {
        // mask sql for explain
+        // openapi/explainSql
        if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof ExplainResult) {
            ExplainResult exp = ((ExplainResult) ((Result<?>) returnValue).getDatas());
            List<SqlExplainResult> sqlExplainResults = exp.getSqlExplainResults();
@@ -65,6 +67,23 @@ public class SecurityAspect {
            }
        }
+        // /api/studio/explainSql
+        if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof List<?> ) {
+            List<?> list = (List<?>) ((Result<?>) returnValue).getDatas();
+            if (list.isEmpty() || !(list.get(0)  instanceof SqlExplainResult)) {
+                return;
+            }
+            List<SqlExplainResult> exp = ((List<SqlExplainResult>) ((Result<?>) returnValue).getDatas());
+            List<SqlExplainResult> sqlExplainResults = exp;
+            if (CollectionUtils.isEmpty(sqlExplainResults)) {
+                return;
+            }
+            for (SqlExplainResult explainResult : sqlExplainResults) {
+                String sql = explainResult.getSql();
+                explainResult.setSql(mask(sql, SENSITIVE, MASK));
+            }
+        }
        // mask statement for histories
        if (returnValue instanceof ProTableResult<?> && ((ProTableResult<?>) returnValue).getData() instanceof List<?>) {
            List<?> list = ((ProTableResult<?>) returnValue).getData();
@@ -86,6 +105,16 @@ public class SecurityAspect {
                history.setStatement(mask(statement, SENSITIVE, MASK));
            }
        }
+        // /getJobInfoDetail
+        if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof JobInfoDetail) {
+            JobInfoDetail jobInfoDetail = ((JobInfoDetail) ((Result<?>) returnValue).getDatas());
+            History history = jobInfoDetail.getHistory();
+            if (null != history) {
+                String statement = history.getStatement();
+                history.setStatement(mask(statement, SENSITIVE, MASK));
+            }
+        }
    }