一、该问题的重现步骤是什么?
生产环境锁定管理查询页面是空的,经排查是查询条件userAgent被注入。已排除Nginx和SpringCloudGateway的问题
同过apiFox 调试接口 /auth-lock/page?current=1&size=10; 查询条件userAgent被注入了;
后端收到的日志:
2026-05-26T10:31:30.675738094+08:00 ===> GET: /auth-lock/page Parameters: {"query":{"current":1,"size":10,"ascs":null,"descs":null},"authLock":{"id":null,"tenantId":null,"lockType":null,"lockStatus":null,"lockTarget":null,"remoteIp":null,"userAgent":"Apifox/1.0.0 (https://apifox.com)","userId":null,"lockBeginTime":null,"lockEndTime":null,"lockReason":null,"unlockReason":null,"failCount":null,"status":null,"isDeleted":null}}
2026-05-26T10:31:30.675746564+08:00 ===Headers=== Authorization: Basic d2ViOmdhbGF4eV93ZWI=
2026-05-26T10:31:30.675751237+08:00 ===Headers=== Accept: */*
2026-05-26T10:31:30.675765206+08:00 ===Headers=== Connection: keep-alive
2026-05-26T10:31:30.675769432+08:00 ===Headers=== User-Agent: Apifox/1.0.0 (https://apifox.com)
2026-05-26T10:31:30.675774019+08:00 ===Headers=== Blade-Requested-With: BladeHttpRequest
2026-05-26T10:31:30.675778149+08:00 ===Headers=== Host: 193.100.100.205:31584
2026-05-26T10:31:30.675782356+08:00 ===Headers=== Accept-Encoding: gzip, deflate, br
2026-05-26T10:31:30.675819116+08:00 ===Headers=== Blade-Auth: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhZGNpZC5jbiIsImF1ZCI6WyJhZGNpZCJdLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiY2xpZW50X2lkIjoid2ViIiwidGVuYW50X2lkIjoiMDAwMDAwIiwidXNlcl9pZCI6IjEiLCJkZXB0X2lkIjoiYWRtaW4iLCJwb3N0X2lkIjoiMTEyMzU5ODgxNzczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwib2F1dGhfaWQiOiIiLCJhY2NvdW50IjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiIsIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsInJvbGVfbmFtZSI6ImFkbWluaXN0cmF0b3IiLCJkZXRhaWwiOnsidHlwZSI6IndlYiIsInB3ZE5lZWRDaGFuZ2UiOmZhbHNlLCJncmFudF90eXBlIjoicGFzc3dvcmQifSwiZXhwIjoxNzc5NzY1NTUyLCJuYmYiOjE3Nzk3NTgyOTJ9.5z6Vj6s4Ebw7sjUNOC65GQKVihj2WGzK6b0pV9JelmM
2026-05-26T10:31:30.675826040+08:00 ================ Request End ================
2026-05-26T10:31:30.675830414+08:00
2026-05-26T10:31:30.677011712+08:00 2026-05-26 10:31:30.676 DEBUG 1 --- [ XNIO-1 task-2] o.s.core.tenant.BladeTenantInterceptor : original SQL: SELECT id,tenant_id,lock_type,lock_status,lock_target,remote_ip,user_agent,user_id,lock_begin_time,lock_end_time,lock_reason,unlock_reason,fail_count,status,is_deleted FROM blade_auth_lock WHERE is_deleted=0 AND user_agent=? ORDER BY lock_begin_time DESC
2026-05-26T10:31:30.677742915+08:00 2026-05-26 10:31:30.677 DEBUG 1 --- [ XNIO-1 task-2] o.s.core.tenant.BladeTenantInterceptor : SQL to parse, SQL: SELECT id,tenant_id,lock_type,lock_status,lock_target,remote_ip,user_agent,user_id,lock_begin_time,lock_end_time,lock_reason,unlock_reason,fail_count,status,is_deleted FROM blade_auth_lock WHERE is_deleted=0 AND user_agent=? ORDER BY lock_begin_time DESC
2026-05-26T10:31:30.677779524+08:00 2026-05-26 10:31:30.677 DEBUG 1 --- [ XNIO-1 task-2] o.s.core.tenant.BladeTenantInterceptor : parse the finished SQL: SELECT id, tenant_id, lock_type, lock_status, lock_target, remote_ip, user_agent, user_id, lock_begin_time, lock_end_time, lock_reason, unlock_reason, fail_count, status, is_deleted FROM blade_auth_lock WHERE is_deleted = 0 AND user_agent = ? ORDER BY lock_begin_time DESC
2026-05-26T10:31:30.688535130+08:00 2026-05-26 10:31:30.688 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.m.A.selectList_mpCount : ==> Preparing: SELECT COUNT(*) AS total FROM blade_auth_lock WHERE is_deleted = 0 AND user_agent = ?
2026-05-26T10:31:30.688568756+08:00 2026-05-26 10:31:30.688 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.m.A.selectList_mpCount : ==> Parameters: Apifox/1.0.0 (https://apifox.com)(String)
2026-05-26T10:31:30.695817082+08:00 2026-05-26 10:31:30.695 DEBUG 1 --- [ XNIO-1 task-2] o.s.s.m.A.selectList_mpCount : <== Total: 1
2026-05-26T10:31:30.695926090+08:00 2026-05-26 10:31:30.695 INFO 1 --- [ XNIO-1 task-2] o.s.core.mp.plugins.SqlLogInterceptor :
2026-05-26T10:31:30.695933567+08:00
2026-05-26T10:31:30.695939592+08:00 ============== Sql Start ==============
2026-05-26T10:31:30.695947041+08:00 Execute SQL : select count(*) as total from blade_auth_lock where is_deleted = 0 and user_agent = 'Apifox/1.0.0 (https://apifox.com)'
2026-05-26T10:31:30.695952212+08:00 Execute Time: 7.110ms
2026-05-26T10:31:30.695957902+08:00 ============== Sql End ==============
2026-05-26T10:31:30.695973598+08:00
2026-05-26T10:31:30.696111248+08:00 2026-05-26 10:31:30.696 INFO 1 --- [ XNIO-1 task-2] o.s.core.log.aspect.RequestLogAspect :
2026-05-26T10:31:30.696136023+08:00
2026-05-26T10:31:30.696179106+08:00 =============== Response Start ================
2026-05-26T10:31:30.696209343+08:00 ===Result=== {"code":200,"success":true,"data":{"records":[],"total":0,"size":10,"current":1,"pages":0},"msg":"操作成功"}
2026-05-26T10:31:30.696214306+08:00 <=== GET: /auth-lock/page (20 ms)
2026-05-26T10:31:30.696218592+08:00 =============== Response End ================二、你期待的结果是什么?实际看到的又是什么?
三、你正在使用的是什么产品,什么版本?在什么操作系统上?
BladeX4.9
四、请提供详细的错误堆栈信息,这很重要。
五、若有更多详细信息,请在下面提供。
加载中...
苏公网安备 32041102000998号