Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

连续的多条注释语句被解析成分号; #5847

Closed
wjcIvan opened this issue Dec 15, 2023 · 3 comments
Closed

连续的多条注释语句被解析成分号; #5847

wjcIvan opened this issue Dec 15, 2023 · 3 comments
Labels
duplicate jsqlparser

Comments

@wjcIvan
Copy link

wjcIvan commented Dec 15, 2023

当前使用版本(必填,否则不予处理)

3.5.3.2

该问题是如何引起的?(确定最新版也有问题再提!!!)

从3.5.3.1升级到3.5.4.1后发现错误,最终定位问题版本为3.5.3.2。
当xml中存在连续的多条注释语句
<!---->
会将其解析为
;

重现步骤(如果有就写完整)

例如

        select count(1) from table
<!---->
<!---->
        where 1=1

最终解析为

SELECT count(1) FROM table;where 1 = 1

但如果是下述代码,就能正常执行

       select count(1) from table
       <!---->
       <!---->
       where 1=1

部分报错信息

Caused by: java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.11, syntax error: not supported.pos 42, line 1, column 38, token WHERE : SELECT count(1) FROM sca_scan_result;where 1 = 1
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:828)
	at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:270)
	at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:531)
	at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:908)
	at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:116)
	at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:531)
	at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:326)
	at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:362)
	at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:88)
	at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:90)
	at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:60)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49)
	at com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor.intercept(MybatisPlusInterceptor.java:106)
	at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59)
	at com.sun.proxy.$Proxy350.prepare(Unknown Source)
	at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:90)
	at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49)
	at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
	at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49)
	at org.jeecg.config.mybatis.MybatisInterceptor.intercept(MybatisInterceptor.java:163)
	at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59)
	at com.sun.proxy.$Proxy349.update(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49)
	at com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor.intercept(MybatisPlusInterceptor.java:106)
	at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59)
	at com.sun.proxy.$Proxy349.update(Unknown Source)
	at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:425)
	... 130 common frames omitted
Caused by: com.alibaba.druid.sql.parser.ParserException: not supported.pos 42, line 1, column 38, token WHERE
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:615)
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:112)
	at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:618)
	at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:572)
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:805)
	... 174 common frames omitted
@nieqiurong
Copy link
Contributor

提供复现工程

@wjcIvan
Copy link
Author

wjcIvan commented Dec 25, 2023

提供复现工程

https://github.com/wjcIvan/mybatis-plus-demo

@nieqiurong
Copy link
Contributor

#5686

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate jsqlparser
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nieqiurong @wjcIvan