国网代码安全扫描-SQL问题整改

amos-boot-module/amos-boot-module-api/amos-boot-module-ccs-api/src/main/resources/mapper/FireEquipmentSignalLogMapper.xml

@@ -61,7 +61,7 @@
         </if>
         order by a.create_date desc
         <if test="top != null">
-         limit ${top}
+         limit @TOP
         </if>
     </select>
     <select id="distinctByEquipmentId" resultType="com.yeejoin.amos.boot.module.ccs.api.dto.FireEquipmentDto">

amos-boot-module/amos-boot-module-api/amos-boot-module-ccs-api/src/main/resources/mapper/FireRiskSourceMapper.xml

@@ -17,7 +17,7 @@
         ORDER BY
         rs.rpni DESC, rs.rpn DESC
         <if test="top != null and top !=''">
-            limit ${top}
+            limit @TOP
         </if>
     </select>
 </mapper>

amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/java/com/yeejoin/amos/boot/module/common/api/interceptor/PluginInterceptor.java

@@ -37,8 +37,6 @@ public class PluginInterceptor implements Interceptor {
      * @throws Throwable
      */
     public Object intercept(Invocation invocation) throws Throwable {
-        System.out.println("====intercept======");
-
         Object[] args = invocation.getArgs();
         MappedStatement mappedStatement = (MappedStatement) args[0];
         Object parameter = args[1];
@@ -134,18 +132,45 @@ public class PluginInterceptor implements Interceptor {
             ReflectionUtils.makeAccessible(field);
             field.set(boundSql, sql);
             return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql);
-        } else {
+        } else if (
+                "com.yeejoin.amos.boot.module.ccs.api.mapper.FireEquipmentSignalLogMapper.queryAlarmLogList".equals(id) ||
+                "com.yeejoin.amos.boot.module.ccs.api.mapper.FireRiskSourceMapper.queryForRpnDescList".equals(id)
+        ) {
+            String orderBy = "";
+            if (parameter instanceof HashMap) {
+                orderBy = ((HashMap<?, ?>) parameter).get("top").toString();
+            }
+            sql = sql.replaceAll("@TOP", orderBy);
+
+            Field field = boundSql.getClass().getDeclaredField("sql");
+            ReflectionUtils.makeAccessible(field);
+            field.set(boundSql, sql);
+            return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql);
+        }
+        else if (
+                "com.yeejoin.indicators.report.api.mapper.IdxBizEventQuestionLogMapper.IdxBizEventQuestionLogModel".equals(id)
+        ) {
+            String orderBy = "";
+            if (parameter instanceof HashMap) {
+                orderBy = ((HashMap<?, ?>) parameter).get("orderBy").toString();
+            }
+            sql = sql.replaceAll("@ORDER_BY", orderBy);
+
+            Field field = boundSql.getClass().getDeclaredField("sql");
+            ReflectionUtils.makeAccessible(field);
+            field.set(boundSql, sql);
+            return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql);
+        }
+        else {
             return invocation.proceed();
         }
     }
 
     public Object plugin(Object target) {
-        System.out.println("-----------------------------plugin-------------------------");
         return Plugin.wrap(target, this);
     }
 
     public void setProperties(Properties properties) {
-        System.out.println("====setProperties======");
     }
 
 }
\ No newline at end of file

amos-boot-module/amos-boot-module-api/amos-boot-module-jcs-api/src/main/resources/mapper/SignMapper.xml

@@ -226,10 +226,10 @@
             <if test="sortField != null and sortField != ''">
                 <choose>
                     <when test="sortOrder == 'ascend'">
-                        ${sortField} ASC
+                        @SORT_FIELD ASC
                     </when>
                     <otherwise>
-                        ${sortField} DESC
+                        @SORT_FIELD DESC
                     </otherwise>
                 </choose>
             </if>