Comments (4)
drivebyer
commented on June 9, 2024
缺陷原因:
SQLE 接受 scanner 上传 SQL 时,未对上传的 Token 和审核计划名做一致性校验。
修复方案:
在 ScannerVerifier 拦截器中增加校验,校验请求的 审核计划的 token 是否和数据库中未删除的审核计划的 token 一致。
from sqle.
HuangWeiCen
commented on June 9, 2024
发现一个延申问题, 审核计划删掉再重新创建一个同名计划后, 审核执行时的任务报告ID(audit_plan_report_id)不会清零,而是从之前的那个审核计划的最后一个报告ID继续往下计数
from sqle.
Marcus9530
commented on June 9, 2024
验证版本
UI Version: release-1.2201.x 0ad3134
Server Version: release-1.2201.x-ee 892ff4c7c3
验证步骤:
1.新建一个审核任务,然后在gitlab上进行变更,触发jenkins的编译
2.在sqle上删除这个审核任务,然后新建一个审核任务,此时jenkins的token和新审核任务的不一致,不应该会继续推送sql语句信息
3.观测jenkins的编译,控制台输出信息提示token检查不一致,sqle上新建审核任务也没有收到新的sql语句信息
from sqle.
Marcus9530
commented on June 9, 2024
验证版本
UI Version: release-1.2201.x 0ad3134
Server Version: release-1.2201.x-ee 892ff4c7c3
验证步骤:
1.新建一个审核任务,然后在gitlab上进行变更,触发jenkins的编译
2.在sqle上删除这个审核任务,然后新建一个审核任务,此时jenkins的token和新审核任务的不一致,不应该会继续推送sql语句信息
3.观测jenkins的编译,控制台输出信息提示token检查不一致,sqle上新建审核任务也没有收到新的sql语句信息
from sqle.
Related Issues (20)
- 上线的问题SQL需要定位 HOT 2
- 导入项目预览时展示项目描述 HOT 1
- 审核文件时,审核结果展示的SQL文本换行不准确
- xml文件审核,pg插件报错
- sqle无法打印debug级别日志
- 审核结果页面分页时无法跳转
- sqle-ms-plugin:测试数据源连通性失败
- SQL工单下载审核报告参数错误 HOT 1
- 无法提交SQL工单,且页面没有明确的错误信息 HOT 1
- sql审核时过滤掉没有审核能力的规则
- 索引创建建议规则空指针报错 HOT 1
- 索引创建建议规则不支持列是别名的情况
- pg数据源密码不支持%号
- oracle TOP SQL 采集失败
- 回滚语句包含二进制数据会导致保存失败 HOT 1
- char字段包含emoji表情,回滚语句没有生成对应emoji
- MySQL审核存储过程脚本时SQL片段切分不正确
- sql工单页面前端代码重构 HOT 1
- 工单审核时,update语句生成的回滚语句无法使用 HOT 1
- 工单详情存在一些不合理的权限问题 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqle.