[Bug][dao] potential horizontal unauthorized access

[vanilla111]

Description

In the file dolphinscheduler-dao/src/main/resources/org/apache/dolphinscheduler/dao/mapper/ProcessInstanceMapper.xml, there is a method called queryLastRunningProcess, the SQL statement in it on line 12 may cause horizontal unauthorized access.

If the caller does not notice this problem, and it provides a startTime or endTime which is null, then it is possible for him to query other user process instances.

1. <select id="queryLastRunningProcess" resultType="org.apache.dolphinscheduler.dao.entity.ProcessInstance">
2.     select *
3.     from t_ds_process_instance
4.     where 1=1
5.     <if test="states !=null and states.length != 0">
6.         and state in
7.         <foreach collection="states" item="i" index="index" open="(" separator="," close=")">
8.             #{i}
9.         </foreach>
10.    </if>
11.    <if test="startTime!=null and endTime != null ">
12.        and process_definition_id=#{processDefinitionId}
13.        and (schedule_time <![CDATA[ >= ]]> #{startTime} and schedule_time <![CDATA[ <= ]]> #{endTime}
14.              or start_time <![CDATA[ >= ]]> #{startTime} and start_time <![CDATA[ <= ]]> #{endTime})
15.    </if>
16.    order by start_time desc limit 1
17.</select>

[xingchun-chen]

@lenboo move out "and process_definition_id=#{processDefinitionId}"