Description
Database Type
postgresql
Database Version
14
Druid Version
1.2.24
JDK Version
openjdk 21
Error SQL
select rf1_0.id,rf1_0.alias,rf1_0.code,rf1_0.component,rf1_0.created_at,rf1_0.custom_type,rf1_0.group_id,rf1_0.hidden,rf1_0.icon,rf1_0.link_url,rf1_0.name,rf1_0.orders,rf1_0.parent_id,rf1_0.path,rf1_0.relevance_ids,rf1_0.resource_id,rf1_0.scope,rf1_0.sub_system,rf1_0.title,rf1_0.updated_at from real_functions rf1_0 left join groups g1_0 on g1_0.id=rf1_0.group_id where rf1_0.name like ? escape '\' and g1_0.id=? fetch first ? rows only
Testcase Code
使用JPA自动生成的查询方法,进行containg查询。spring-boot版本3.4.4。
RealFunction realFunction = realFunctionRepository.findFirstByNameContainingAndGroupId(drawShowName, group.getId());
Stacktrace Info
Caused by: java.sql.SQLException: sql injection violation, dbType postgresql, , druid-version 1.2.24, syntax error: ERROR. pos 437, line 1, column 397, token ERROR : select rf1_0.id,rf1_0.alias,rf1_0.code,rf1_0.component,rf1_0.created_at,rf1_0.custom_type,rf1_0.group_id,rf1_0.hidden,rf1_0.icon,rf1_0.link_url,rf1_0.name,rf1_0.orders,rf1_0.parent_id,rf1_0.path,rf1_0.relevance_ids,rf1_0.resource_id,rf1_0.scope,rf1_0.sub_system,rf1_0.title,rf1_0.updated_at from real_functions rf1_0 left join groups g1_0 on g1_0.id=rf1_0.group_id where rf1_0.name like ? escape '' and g1_0.id=? fetch first ? rows only
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:878) ~[druid-1.2.24.jar:?]
WallFilter.java:878
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:355) ~[druid-1.2.24.jar:?]
WallFilter.java:355
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:921) ~[druid-1.2.24.jar:?]
FilterAdapter.java:921
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:921) ~[druid-1.2.24.jar:?]
FilterAdapter.java:921
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:137) ~[druid-1.2.24.jar:?]
FilterEventAdapter.java:137
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:361) ~[druid-1.2.24.jar:?]
ConnectionProxyImpl.java:361
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:407) ~[druid-1.2.24.jar:?]
DruidPooledConnection.java:407
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$4.doPrepare(StatementPreparerImpl.java:151) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:180) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StatementPreparerImpl.java:180
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl.prepareQueryStatement(StatementPreparerImpl.java:153) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StatementPreparerImpl.java:153
at org.hibernate.sql.exec.internal.StandardStatementCreator.createStatement(StandardStatementCreator.java:49) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StandardStatementCreator.java:49
at org.hibernate.sql.results.jdbc.internal.DeferredResultSetAccess.executeQuery(DeferredResultSetAccess.java:235) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
DeferredResultSetAccess.java:235
at org.hibernate.sql.results.jdbc.internal.DeferredResultSetAccess.getResultSet(DeferredResultSetAccess.java:171) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
DeferredResultSetAccess.java:171
at org.hibernate.sql.results.jdbc.internal.JdbcValuesResultSetImpl.(JdbcValuesResultSetImpl.java:74) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcValuesResultSetImpl.java:74
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.resolveJdbcValuesSource(JdbcSelectExecutorStandardImpl.java:355) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:355
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.doExecuteQuery(JdbcSelectExecutorStandardImpl.java:137) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:137
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.executeQuery(JdbcSelectExecutorStandardImpl.java:102) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:102
at org.hibernate.sql.exec.spi.JdbcSelectExecutor.executeQuery(JdbcSelectExecutor.java:91) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutor.java:91
at org.hibernate.sql.exec.spi.JdbcSelectExecutor.list(JdbcSelectExecutor.java:165) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutor.java:165
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.lambda$new$1(ConcreteSqmSelectQueryPlan.java:152) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:152
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.withCacheableSqmInterpretation(ConcreteSqmSelectQueryPlan.java:442) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:442
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.performList(ConcreteSqmSelectQueryPlan.java:362) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:362
at org.hibernate.query.sqm.internal.QuerySqmImpl.doList(QuerySqmImpl.java:380) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
QuerySqmImpl.java:380
at org.hibernate.query.spi.AbstractSelectionQuery.list(AbstractSelectionQuery.java:143) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
AbstractSelectionQuery.java:143
at org.hibernate.query.spi.AbstractSelectionQuery.getSingleResult(AbstractSelectionQuery.java:275) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
AbstractSelectionQuery.java:275
at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:224) ~[spring-data-jpa-3.4.4.jar:3.4.4]
JpaQueryExecution.java:224
at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:93) ~[spring-data-jpa-3.4.4.jar:3.4.4]
JpaQueryExecution.java:93
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:152) ~[spring-data-jpa-3.4.4.jar:3.4.4]
AbstractJpaQuery.java:152
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:140) ~[spring-data-jpa-3.4.4.jar:3.4.4]
AbstractJpaQuery.java:140
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.doInvoke(RepositoryMethodInvoker.java:170) ~[spring-data-commons-3.4.4.jar:3.4.4]
RepositoryMethodInvoker.java:170
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.invoke(RepositoryMethodInvoker.java:158) ~[spring-data-commons-3.4.4.jar:3.4.4]
RepositoryMethodInvoker.java:158
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.doInvoke(QueryExecutorMethodInterceptor.java:170) ~[spring-data-commons-3.4.4.jar:3.4.4]
QueryExecutorMethodInterceptor.java:170
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.invoke(QueryExecutorMethodInterceptor.java:149) ~[spring-data-commons-3.4.4.jar:3.4.4]
QueryExecutorMethodInterceptor.java:149
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:69) ~[spring-data-commons-3.4.4.jar:3.4.4]
DefaultMethodInvokingMethodInterceptor.java:69
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
ReflectiveMethodInvocation.java:184
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:380) ~[spring-tx-6.2.5.jar:6.2.5]
TransactionAspectSupport.java:380
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) ~[spring-tx-6.2.5.jar:6.2.5]
TransactionInterceptor.java:119
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
ReflectiveMethodInvocation.java:184
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:138) ~[spring-tx-6.2.5.jar:6.2.5]
PersistenceExceptionTranslationInterceptor.java:138
... 176 more
Caused by: com.alibaba.druid.sql.parser.ParserException: ERROR. pos 437, line 1, column 397, token ERROR
at com.alibaba.druid.sql.parser.SQLExprParser.primary(SQLExprParser.java:1288) ~[druid-1.2.24.jar:?]
SQLExprParser.java:1288
at com.alibaba.druid.sql.dialect.postgresql.parser.PGExprParser.primary(PGExprParser.java:318) ~[druid-1.2.24.jar:?]
PGExprParser.java:318
at com.alibaba.druid.sql.parser.SQLExprParser.relationalRest(SQLExprParser.java:3902) ~[druid-1.2.24.jar:?]
SQLExprParser.java:3902
at com.alibaba.druid.sql.parser.SQLExprParser.exprRest(SQLExprParser.java:179) ~[druid-1.2.24.jar:?]
SQLExprParser.java:179
at com.alibaba.druid.sql.parser.SQLSelectParser.parseWhere(SQLSelectParser.java:759) ~[druid-1.2.24.jar:?]
SQLSelectParser.java:759
at com.alibaba.druid.sql.dialect.postgresql.parser.PGSelectParser.query(PGSelectParser.java:130) ~[druid-1.2.24.jar:?]
PGSelectParser.java:130
at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:77) ~[druid-1.2.24.jar:?]
SQLSelectParser.java:77
at com.alibaba.druid.sql.dialect.postgresql.parser.PGSQLStatementParser.parseSelect(PGSQLStatementParser.java:615) ~[druid-1.2.24.jar:?]
PGSQLStatementParser.java:615
at com.alibaba.druid.sql.dialect.postgresql.parser.PGSQLStatementParser.parseSelect(PGSQLStatementParser.java:35) ~[druid-1.2.24.jar:?]
PGSQLStatementParser.java:35
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:232) ~[druid-1.2.24.jar:?]
SQLStatementParser.java:232
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:119) ~[druid-1.2.24.jar:?]
SQLStatementParser.java:119
at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:494) ~[druid-1.2.24.jar:?]
WallProvider.java:494
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:446) ~[druid-1.2.24.jar:?]
WallProvider.java:446
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:855) ~[druid-1.2.24.jar:?]
WallFilter.java:855
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:355) ~[druid-1.2.24.jar:?]
WallFilter.java:355
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:921) ~[druid-1.2.24.jar:?]
FilterAdapter.java:921
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:921) ~[druid-1.2.24.jar:?]
FilterAdapter.java:921
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:137) ~[druid-1.2.24.jar:?]
FilterEventAdapter.java:137
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:587) ~[druid-1.2.24.jar:?]
FilterChainImpl.java:587
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:361) ~[druid-1.2.24.jar:?]
ConnectionProxyImpl.java:361
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:407) ~[druid-1.2.24.jar:?]
DruidPooledConnection.java:407
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$4.doPrepare(StatementPreparerImpl.java:151) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StatementPreparerImpl.java:151
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:180) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StatementPreparerImpl.java:180
at org.hibernate.engine.jdbc.internal.StatementPreparerImpl.prepareQueryStatement(StatementPreparerImpl.java:153) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
at org.hibernate.sql.exec.internal.StandardStatementCreator.createStatement(StandardStatementCreator.java:49) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
StandardStatementCreator.java:49
at org.hibernate.sql.results.jdbc.internal.DeferredResultSetAccess.executeQuery(DeferredResultSetAccess.java:235) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
DeferredResultSetAccess.java:235
at org.hibernate.sql.results.jdbc.internal.DeferredResultSetAccess.getResultSet(DeferredResultSetAccess.java:171) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
DeferredResultSetAccess.java:171
at org.hibernate.sql.results.jdbc.internal.JdbcValuesResultSetImpl.(JdbcValuesResultSetImpl.java:74) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcValuesResultSetImpl.java:74
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.resolveJdbcValuesSource(JdbcSelectExecutorStandardImpl.java:355) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:355
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.doExecuteQuery(JdbcSelectExecutorStandardImpl.java:137) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:137
at org.hibernate.sql.exec.internal.JdbcSelectExecutorStandardImpl.executeQuery(JdbcSelectExecutorStandardImpl.java:102) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutorStandardImpl.java:102
at org.hibernate.sql.exec.spi.JdbcSelectExecutor.executeQuery(JdbcSelectExecutor.java:91) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutor.java:91
at org.hibernate.sql.exec.spi.JdbcSelectExecutor.list(JdbcSelectExecutor.java:165) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
JdbcSelectExecutor.java:165
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.lambda$new$1(ConcreteSqmSelectQueryPlan.java:152) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:152
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.withCacheableSqmInterpretation(ConcreteSqmSelectQueryPlan.java:442) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:442
at org.hibernate.query.sqm.internal.ConcreteSqmSelectQueryPlan.performList(ConcreteSqmSelectQueryPlan.java:362) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
ConcreteSqmSelectQueryPlan.java:362
at org.hibernate.query.sqm.internal.QuerySqmImpl.doList(QuerySqmImpl.java:380) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
QuerySqmImpl.java:380
at org.hibernate.query.spi.AbstractSelectionQuery.list(AbstractSelectionQuery.java:143) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
AbstractSelectionQuery.java:143
at org.hibernate.query.spi.AbstractSelectionQuery.getSingleResult(AbstractSelectionQuery.java:275) ~[hibernate-core-6.6.11.Final.jar:6.6.11.Final]
AbstractSelectionQuery.java:275
at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:224) ~[spring-data-jpa-3.4.4.jar:3.4.4]
JpaQueryExecution.java:224
at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:93) ~[spring-data-jpa-3.4.4.jar:3.4.4]
JpaQueryExecution.java:93
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:152) ~[spring-data-jpa-3.4.4.jar:3.4.4]
AbstractJpaQuery.java:152
at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:140) ~[spring-data-jpa-3.4.4.jar:3.4.4]
AbstractJpaQuery.java:140
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.doInvoke(RepositoryMethodInvoker.java:170) ~[spring-data-commons-3.4.4.jar:3.4.4]
RepositoryMethodInvoker.java:170
at org.springframework.data.repository.core.support.RepositoryMethodInvoker.invoke(RepositoryMethodInvoker.java:158) ~[spring-data-commons-3.4.4.jar:3.4.4]
RepositoryMethodInvoker.java:158
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.doInvoke(QueryExecutorMethodInterceptor.java:170) ~[spring-data-commons-3.4.4.jar:3.4.4]
QueryExecutorMethodInterceptor.java:170
at org.springframework.data.repository.core.support.QueryExecutorMethodInterceptor.invoke(QueryExecutorMethodInterceptor.java:149) ~[spring-data-commons-3.4.4.jar:3.4.4]
QueryExecutorMethodInterceptor.java:149
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
ReflectiveMethodInvocation.java:184
at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:69) ~[spring-data-commons-3.4.4.jar:3.4.4]
DefaultMethodInvokingMethodInterceptor.java:69
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:380) ~[spring-tx-6.2.5.jar:6.2.5]
TransactionAspectSupport.java:380
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) ~[spring-tx-6.2.5.jar:6.2.5]
TransactionInterceptor.java:119
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.2.5.jar:6.2.5]
ReflectiveMethodInvocation.java:184
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:138) ~[spring-tx-6.2.5.jar:6.2.5]
PersistenceExceptionTranslationInterceptor.java:138
... 176 more
Error Info
Caused by: com.alibaba.druid.sql.parser.ParserException: ERROR. pos 437, line 1, column 397, token ERROR