Skip to content

Commit

Permalink
禁止keys命令
Browse files Browse the repository at this point in the history
  • Loading branch information
@hhyo
hhyo committed Apr 17, 2019
1 parent dff5330 commit 0247e01
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions sql/engines/redis.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,17 +45,14 @@ def query_check(self, db_name=None, sql='', limit_num=0):
"""提交查询前的检查"""
result = {'msg': '', 'bad_query': False, 'filtered_sql': sql, 'has_star': False}
safe_cmd = ["exists", "ttl", "pttl", "type", "get", "mget", "strlen",
"hgetall", "hexists", "hget", "hmget", "keys", "hkeys", "hvals",
"hgetall", "hexists", "hget", "hmget", "hkeys", "hvals",
"smembers", "scard", "sdiff", "sunion", "sismember", "llen", "lrange", "lindex"]
# 命令校验,仅可以执行safe_cmd内的命令
for cmd in safe_cmd:
result['bad_query'] = True
if re.match(fr'^{cmd}', sql.strip(), re.I):
result['bad_query'] = False
break
# 禁止keys *
if re.match(r'^keys\s+\*', sql.strip(), re.I):
result['bad_query'] = True
if result['bad_query']:
result['msg'] = "禁止执行该命令!"
return result
Expand Down

0 comments on commit 0247e01

Please sign in to comment.