ou yuanning

其实你可以试一下直接用 select语句测，应该效果是一样的

还有一个。 filter_list 可能也可以根据情况来确定是否放进去。

after discuss with @reusee @domingozhang @heni02 @qingxinhome what will do in this issue are: 1、find the case which rewrite some input to SQL and execute. (eg: we will rewrite 'show...

1、SQL injection in MO, now: you run these sql, will drop table foo. ``` drop user `foo"; drop table foo; select "1`; create role 'foo"; drop table foo; select "';...

how to fixed it？ solution 1 try to make every input have a rule（like : user_name can only use alphabet&integer）, and check it before fmt.Sprintf. solution 2 try to add...

fix sql injection like: 1、change one execute sql to multi sql 2、add some expr after sql, make the where clause incorrect we also have some fmt.Sprintf to rewrite sql in...

that's not SQL injection. but, i think we can check user name & database name at first

dup : https://github.com/matrixorigin/MO-Cloud/issues/1574

临时表要重写。现在的临时表实现是有问题的。会有万圣节问题。

看着应该是agg的哈希基数过大造成的。辛苦龙冉帮忙看看