diff --git a/jeecg-boot/jeecg-module-system/jeecg-system-biz/pom.xml b/jeecg-boot/jeecg-module-system/jeecg-system-biz/pom.xml
index 84209ffe2..2b5967cc6 100644
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/pom.xml
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/pom.xml
@@ -19,7 +19,7 @@
org.hibernate
hibernate-core
-
@@ -30,19 +30,31 @@
weixin4j
-
org.jeecgframework.jimureport
jimubi-spring-boot3-starter
- -->
+
+
+ com.github.jsqlparser
+ jsqlparser
+
+
+
diff --git a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/firewall/SqlInjection/impl/DictTableWhiteListHandlerImpl.java b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/firewall/SqlInjection/impl/DictTableWhiteListHandlerImpl.java
index b26dad02d..47003b5a4 100644
--- a/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/firewall/SqlInjection/impl/DictTableWhiteListHandlerImpl.java
+++ b/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/firewall/SqlInjection/impl/DictTableWhiteListHandlerImpl.java
@@ -1,6 +1,11 @@
package org.jeecg.config.firewall.SqlInjection.impl;
import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.JSQLParserException;
+import net.sf.jsqlparser.parser.CCJSqlParserUtil;
+import net.sf.jsqlparser.schema.Table;
+import net.sf.jsqlparser.statement.select.PlainSelect;
+import net.sf.jsqlparser.statement.select.Select;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.exception.JeecgSqlInjectionException;
import org.jeecg.common.util.oConvertUtils;
@@ -12,8 +17,11 @@ import org.jeecg.config.firewall.interceptor.LowCodeModeInterceptor;
import org.jeecg.modules.system.entity.SysTableWhiteList;
import org.jeecg.modules.system.security.DictQueryBlackListHandler;
import org.jeecg.modules.system.service.ISysTableWhiteListService;
+import org.jeecgframework.minidao.sqlparser.AbstractSqlProcessor;
+import org.jeecgframework.minidao.sqlparser.impl.JsqlparserSqlProcessor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.jeecgframework.minidao.util.MiniDaoUtil;
import java.net.URLDecoder;
import java.util.*;
@@ -63,34 +71,42 @@ public class DictTableWhiteListHandlerImpl implements IDictTableWhiteListHandler
@Override
public boolean isPassBySql(String sql) {
-// Map parsedMap = null;
-// try {
-// parsedMap = JSqlParserUtils.parseAllSelectTable(sql);
-// } catch (Exception e) {
-// log.warn("校验sql语句,解析报错:{}", e.getMessage());
-// }
-// // 如果sql有问题,则肯定执行不了,所以直接返回true
-// if (parsedMap == null) {
-// return true;
-// }
-// log.info("获取select sql信息 :{} ", parsedMap);
-// // 遍历当前sql中的所有表名,如果有其中一个表或表的字段不在白名单中,则不通过
-// for (Map.Entry entry : parsedMap.entrySet()) {
-// SelectSqlInfo sqlInfo = entry.getValue();
-// if (sqlInfo.isSelectAll()) {
-// log.warn("查询语句中包含 * 字段,暂时先通过");
-// continue;
-// }
-// Set queryFields = sqlInfo.getAllRealSelectFields();
-// // 校验表名和字段是否允许查询
-// String tableName = entry.getKey();
-// if (!this.checkWhiteList(tableName, queryFields)) {
-// return false;
-// }
-// }
+ Select select = null;
+
+ try {
+ select = (Select) CCJSqlParserUtil.parse(sql, (parser) -> {
+ parser.withSquareBracketQuotation(true);
+ });
+ } catch (JSQLParserException var10) {
+ JSQLParserException jsqlParserException = var10;
+ jsqlParserException.printStackTrace();
+ }
+
+ String tableName = ((Table)((PlainSelect)select.getSelectBody()).getFromItem()).getName();
+
+ List