当前使用版本(必填,否则不予处理)
3.5.3.2
该问题是如何引起的?(确定最新版也有问题再提!!!)
从3.5.3.1升级到3.5.4.1后发现错误,最终定位问题版本为3.5.3.2。
当xml中存在连续的多条注释语句
<!---->
会将其解析为
;
重现步骤(如果有就写完整)
例如
select count(1) from table
<!---->
<!---->
where 1=1
最终解析为
SELECT count(1) FROM table;where 1 = 1
但如果是下述代码,就能正常执行
```
select count(1) from table
where 1=1
### 部分报错信息
Caused by: java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.11, syntax error: not supported.pos 42, line 1, column 38, token WHERE : SELECT count(1) FROM sca_scan_result;where 1 = 1 at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:828) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:270) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:531) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:908) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:116) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:531) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:326) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:362) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:88) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:90) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:60) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49) at com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor.intercept(MybatisPlusInterceptor.java:106) at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59) at com.sun.proxy.$Proxy350.prepare(Unknown Source) at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:90) at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49) at org.jeecg.config.mybatis.MybatisInterceptor.intercept(MybatisInterceptor.java:163) at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59) at com.sun.proxy.$Proxy349.update(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49) at com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor.intercept(MybatisPlusInterceptor.java:106) at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:59) at com.sun.proxy.$Proxy349.update(Unknown Source) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:425) ... 130 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: not supported.pos 42, line 1, column 38, token WHERE at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:615) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:112) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:618) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:572) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:805) ... 174 common frames omitted ```
Comment From: nieqiurong
提供复现工程
Comment From: wjcIvan
提供复现工程
https://github.com/wjcIvan/mybatis-plus-demo
Comment From: nieqiurong