|
|
@@ -1,5 +1,6 @@
|
|
|
package com.ygtx.framework.config;
|
|
|
|
|
|
+import com.ygtx.common.utils.sql.SqlUtil;
|
|
|
import org.springframework.stereotype.Component;
|
|
|
import org.springframework.web.filter.OncePerRequestFilter;
|
|
|
|
|
|
@@ -19,20 +20,12 @@ public class SqlInjectionFilter extends OncePerRequestFilter {
|
|
|
FilterChain filterChain)
|
|
|
throws ServletException, IOException {
|
|
|
|
|
|
- String[] sqlKeywords = {"select", "insert", "update", "delete",
|
|
|
- "union", "case", "when", "sleep", "benchmark"};
|
|
|
-
|
|
|
// 检查请求参数
|
|
|
Map<String, String[]> params = request.getParameterMap();
|
|
|
for (String[] values : params.values()) {
|
|
|
for (String value : values) {
|
|
|
String lowerValue = value.toLowerCase();
|
|
|
- for (String keyword : sqlKeywords) {
|
|
|
- if (lowerValue.contains(keyword + " ") ||
|
|
|
- lowerValue.contains("(" + keyword)) {
|
|
|
- throw new RuntimeException("参数异常");
|
|
|
- }
|
|
|
- }
|
|
|
+ SqlUtil.filterKeyword(lowerValue);
|
|
|
}
|
|
|
}
|
|
|
|
wuhb