BY-Team
/
ad-callback
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Bug修复](master): 加上SQL防止注入脚本

Browse Source 
加上SQL防止注入脚本
土豆兄弟 1 year ago
parent 42addf2c4e
commit 927a58249b
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File

13
src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.baiyee.adcallback.api.filter; package com.baiyee.adcallback.api.filter;
import cn.hutool.core.util.StrUtil;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
@ -51,7 +52,17 @@ public class SqlFilter implements Filter{
"information_schema.columns|table_schema|union|where|order|by|" + "information_schema.columns|table_schema|union|where|order|by|" +
"'\\*|\\;|\\-|\\--|\\+|\\,|\\//|\\/|\\%|\\#"; "'\\*|\\;|\\-|\\--|\\+|\\,|\\//|\\/|\\%|\\#";
//使用正则表达式进行匹配 //使用正则表达式进行匹配
return s.matches(badStr); String[] split = badStr.split("\\|");
if (split.length > 0){
for (String s1 : split) {
if (StrUtil.contains(s, s1)) {
return Boolean.TRUE;
}
}
}
return Boolean.FALSE;
// return s.matches(badStr);
} }
@Override @Override

Write Preview
Loading…
Cancel
Save