From 927a58249ba0840bb6b41d11409a87c84e8f4527 Mon Sep 17 00:00:00 2001
From: qyx <565485304@qq.com>
Date: Mon, 19 Jun 2023 15:40:05 +0800
Subject: [PATCH] =?UTF-8?q?[Bug=E4=BF=AE=E5=A4=8D](master):=20=E5=8A=A0?=
 =?UTF-8?q?=E4=B8=8ASQL=E9=98=B2=E6=AD=A2=E6=B3=A8=E5=85=A5=E8=84=9A?=
 =?UTF-8?q?=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

加上SQL防止注入脚本
---
 .../com/baiyee/adcallback/api/filter/SqlFilter.java | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
index 0252712..13f81eb 100644
--- a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
+++ b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
@@ -1,5 +1,6 @@
 package com.baiyee.adcallback.api.filter;
 
+import cn.hutool.core.util.StrUtil;
 import org.springframework.context.annotation.Configuration;
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
@@ -51,7 +52,17 @@ public class SqlFilter implements Filter{
                         "information_schema.columns|table_schema|union|where|order|by|" +
                         "'\\*|\\;|\\-|\\--|\\+|\\,|\\//|\\/|\\%|\\#";
         //使用正则表达式进行匹配
-        return s.matches(badStr);
+        String[] split = badStr.split("\\|");
+
+        if (split.length > 0){
+            for (String s1 : split) {
+                if (StrUtil.contains(s, s1)) {
+                    return Boolean.TRUE;
+                }
+            }
+        }
+        return Boolean.FALSE;
+//        return s.matches(badStr);
     }
 
     @Override