Xxl-Job 存在SQL注入风险问题

[wautumnli]

当前使用xxl-job v2.3.0版本, 在XxlJobInfoMapper.xml中

    <update id="update" parameterType="com.xxl.job.admin.core.model.XxlJobInfo" >
        UPDATE xxl_job_info
        SET
            job_group = #{jobGroup},
            job_desc = #{jobDesc},
            update_time = #{updateTime},
            author = #{author},
            alarm_email = #{alarmEmail},
            schedule_type = #{scheduleType},
            schedule_conf = #{scheduleConf},
            misfire_strategy = #{misfireStrategy},
            executor_route_strategy = #{executorRouteStrategy},
            executor_handler = #{executorHandler},
            executor_param = #{executorParam},
            executor_block_strategy = #{executorBlockStrategy},
            executor_timeout = ${executorTimeout},
            executor_fail_retry_count = ${executorFailRetryCount},
            glue_type = #{glueType},
            glue_source = #{glueSource},
            glue_remark = #{glueRemark},
            glue_updatetime = #{glueUpdatetime},
            child_jobid = #{childJobId},
            trigger_status = #{triggerStatus},
            trigger_last_time = #{triggerLastTime},
            trigger_next_time = #{triggerNextTime}
        WHERE id = #{id}
    </update>

其中存在${}拼接

            executor_timeout = ${executorTimeout},
            executor_fail_retry_count = ${executorFailRetryCount},

希望能修改为占位符 #{}

[superjock1988]

当前使用xxl-job v2.3.0版本, 在XxlJobInfoMapper.xml中

  <update id="update" parameterType="com.xxl.job.admin.core.model.XxlJobInfo" >
      UPDATE xxl_job_info
      SET
          job_group = #{jobGroup},
          job_desc = #{jobDesc},
          update_time = #{updateTime},
          author = #{author},
          alarm_email = #{alarmEmail},
          schedule_type = #{scheduleType},
          schedule_conf = #{scheduleConf},
          misfire_strategy = #{misfireStrategy},
          executor_route_strategy = #{executorRouteStrategy},
          executor_handler = #{executorHandler},
          executor_param = #{executorParam},
          executor_block_strategy = #{executorBlockStrategy},
          executor_timeout = ${executorTimeout},
          executor_fail_retry_count = ${executorFailRetryCount},
          glue_type = #{glueType},
          glue_source = #{glueSource},
          glue_remark = #{glueRemark},
          glue_updatetime = #{glueUpdatetime},
          child_jobid = #{childJobId},
          trigger_status = #{triggerStatus},
          trigger_last_time = #{triggerLastTime},
          trigger_next_time = #{triggerNextTime}
      WHERE id = #{id}
  </update>

其中存在${}拼接

          executor_timeout = ${executorTimeout},
          executor_fail_retry_count = ${executorFailRetryCount},

希望能修改为占位符 #{}

如何去复现和修复该问题呢