Unverified Commit dc2ce689 authored by dzygcc's avatar dzygcc Committed by GitHub

remove sensitive info for more api. (#829)

Co-authored-by: 's avatardzygcc <avadar@qq.com>
parent 8cc95731
...@@ -24,6 +24,7 @@ package com.dlink.security; ...@@ -24,6 +24,7 @@ package com.dlink.security;
import com.dlink.common.result.ProTableResult; import com.dlink.common.result.ProTableResult;
import com.dlink.common.result.Result; import com.dlink.common.result.Result;
import com.dlink.model.History; import com.dlink.model.History;
import com.dlink.model.JobInfoDetail;
import com.dlink.result.ExplainResult; import com.dlink.result.ExplainResult;
import com.dlink.result.SqlExplainResult; import com.dlink.result.SqlExplainResult;
import org.aspectj.lang.JoinPoint; import org.aspectj.lang.JoinPoint;
...@@ -53,6 +54,7 @@ public class SecurityAspect { ...@@ -53,6 +54,7 @@ public class SecurityAspect {
public void afterReturning(JoinPoint joinPoint, Object returnValue) { public void afterReturning(JoinPoint joinPoint, Object returnValue) {
// mask sql for explain // mask sql for explain
// openapi/explainSql
if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof ExplainResult) { if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof ExplainResult) {
ExplainResult exp = ((ExplainResult) ((Result<?>) returnValue).getDatas()); ExplainResult exp = ((ExplainResult) ((Result<?>) returnValue).getDatas());
List<SqlExplainResult> sqlExplainResults = exp.getSqlExplainResults(); List<SqlExplainResult> sqlExplainResults = exp.getSqlExplainResults();
...@@ -65,6 +67,23 @@ public class SecurityAspect { ...@@ -65,6 +67,23 @@ public class SecurityAspect {
} }
} }
// /api/studio/explainSql
if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof List<?> ) {
List<?> list = (List<?>) ((Result<?>) returnValue).getDatas();
if (list.isEmpty() || !(list.get(0) instanceof SqlExplainResult)) {
return;
}
List<SqlExplainResult> exp = ((List<SqlExplainResult>) ((Result<?>) returnValue).getDatas());
List<SqlExplainResult> sqlExplainResults = exp;
if (CollectionUtils.isEmpty(sqlExplainResults)) {
return;
}
for (SqlExplainResult explainResult : sqlExplainResults) {
String sql = explainResult.getSql();
explainResult.setSql(mask(sql, SENSITIVE, MASK));
}
}
// mask statement for histories // mask statement for histories
if (returnValue instanceof ProTableResult<?> && ((ProTableResult<?>) returnValue).getData() instanceof List<?>) { if (returnValue instanceof ProTableResult<?> && ((ProTableResult<?>) returnValue).getData() instanceof List<?>) {
List<?> list = ((ProTableResult<?>) returnValue).getData(); List<?> list = ((ProTableResult<?>) returnValue).getData();
...@@ -86,6 +105,16 @@ public class SecurityAspect { ...@@ -86,6 +105,16 @@ public class SecurityAspect {
history.setStatement(mask(statement, SENSITIVE, MASK)); history.setStatement(mask(statement, SENSITIVE, MASK));
} }
} }
// /getJobInfoDetail
if (returnValue instanceof Result<?> && ((Result<?>) returnValue).getDatas() instanceof JobInfoDetail) {
JobInfoDetail jobInfoDetail = ((JobInfoDetail) ((Result<?>) returnValue).getDatas());
History history = jobInfoDetail.getHistory();
if (null != history) {
String statement = history.getStatement();
history.setStatement(mask(statement, SENSITIVE, MASK));
}
}
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment