diff --git a/pig-common/pig-common-core/pom.xml b/pig-common/pig-common-core/pom.xml
index b58dd867..9a873ce5 100755
--- a/pig-common/pig-common-core/pom.xml
+++ b/pig-common/pig-common-core/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-core
diff --git a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
index 4d124870..35bdb591 100644
--- a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
+++ b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
@@ -1,17 +1,19 @@
/*
- * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * * Copyright (c) 2019-2020, 冷冷 (wangiegie@gmail.com).
+ * *
+ * * Licensed under the GNU Lesser General Public License 3.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * https://www.gnu.org/licenses/lgpl.html
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
package com.pig4cloud.pig.common.core.mybatis;
@@ -27,7 +29,11 @@ import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import javax.servlet.http.HttpServletRequest;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.function.Predicate;
import java.util.stream.Collectors;
/**
@@ -39,6 +45,9 @@ import java.util.stream.Collectors;
@Slf4j
public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
+ private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare",
+ "alter", "drop", "sleep" };
+
/**
* 判断Controller是否包含page 参数
* @param parameter 参数
@@ -69,7 +78,7 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
String current = request.getParameter("current");
String size = request.getParameter("size");
- Page page = new Page<>();
+ Page page = new Page();
if (StrUtil.isNotBlank(current)) {
page.setCurrent(Long.parseLong(current));
}
@@ -79,32 +88,28 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
}
List orderItemList = new ArrayList<>();
- Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(StrUtil::isNotBlank)
- .map(this::clear).map(OrderItem::asc).collect(Collectors.toList())));
- Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(StrUtil::isNotBlank)
- .map(this::clear).map(OrderItem::desc).collect(Collectors.toList())));
+ Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll(
+ Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList())));
+ Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll(
+ Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList())));
page.addOrder(orderItemList);
return page;
}
/**
- * 参数清理
- * @param param 参数
- * @return String
+ * 判断用户输入里面有没有关键字
+ * @return Predicate
*/
- private String clear(String param) {
- if (StrUtil.isBlank(param)) {
- return StrUtil.trim(param);
- }
- StringBuilder builder = new StringBuilder();
- for (int i = 0; i < param.length(); i++) {
- char c = param.charAt(i);
- if (Character.isJavaIdentifierPart(c)) {
- builder.append(c);
+ private Predicate sqlInjectPredicate() {
+ return sql -> {
+ for (String keyword : KEYWORDS) {
+ if (StrUtil.containsIgnoreCase(sql, keyword)) {
+ return false;
+ }
}
- }
- return builder.toString();
+ return true;
+ };
}
}
diff --git a/pig-common/pig-common-datasource/pom.xml b/pig-common/pig-common-datasource/pom.xml
index 0b2a1825..9968ddd6 100644
--- a/pig-common/pig-common-datasource/pom.xml
+++ b/pig-common/pig-common-datasource/pom.xml
@@ -21,7 +21,7 @@
pig-common
com.pig4cloud
- 2.10.0
+ 2.10.1
4.0.0
diff --git a/pig-common/pig-common-job/pom.xml b/pig-common/pig-common-job/pom.xml
index 94dbfd2a..7764fa0c 100755
--- a/pig-common/pig-common-job/pom.xml
+++ b/pig-common/pig-common-job/pom.xml
@@ -23,7 +23,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-job
diff --git a/pig-common/pig-common-log/pom.xml b/pig-common/pig-common-log/pom.xml
index 1e348458..f9f137d9 100755
--- a/pig-common/pig-common-log/pom.xml
+++ b/pig-common/pig-common-log/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-log
@@ -35,13 +35,13 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
com.pig4cloud
pig-upms-api
- 2.10.0
+ 2.10.1
diff --git a/pig-common/pig-common-mybatis/pom.xml b/pig-common/pig-common-mybatis/pom.xml
index 63d66963..1e13fd3b 100755
--- a/pig-common/pig-common-mybatis/pom.xml
+++ b/pig-common/pig-common-mybatis/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-mybatis
diff --git a/pig-common/pig-common-security/pom.xml b/pig-common/pig-common-security/pom.xml
index a5f9c7aa..e6400cc3 100755
--- a/pig-common/pig-common-security/pom.xml
+++ b/pig-common/pig-common-security/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-security
@@ -35,7 +35,7 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
@@ -50,7 +50,7 @@
com.pig4cloud
pig-upms-api
- 2.10.0
+ 2.10.1
diff --git a/pig-common/pig-common-sentinel/pom.xml b/pig-common/pig-common-sentinel/pom.xml
index fe4393bc..ff8fec86 100755
--- a/pig-common/pig-common-sentinel/pom.xml
+++ b/pig-common/pig-common-sentinel/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
4.0.0
@@ -32,7 +32,7 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
com.alibaba.cloud
diff --git a/pig-common/pig-common-swagger/pom.xml b/pig-common/pig-common-swagger/pom.xml
index 6d4e900b..211cee31 100644
--- a/pig-common/pig-common-swagger/pom.xml
+++ b/pig-common/pig-common-swagger/pom.xml
@@ -24,7 +24,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-swagger
diff --git a/pig-common/pig-common-test/pom.xml b/pig-common/pig-common-test/pom.xml
index 180603a6..e37cb347 100755
--- a/pig-common/pig-common-test/pom.xml
+++ b/pig-common/pig-common-test/pom.xml
@@ -6,7 +6,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-test
@@ -18,7 +18,7 @@
com.pig4cloud
pig-common-security
- 2.10.0
+ 2.10.1
org.springframework.security
diff --git a/pig-common/pom.xml b/pig-common/pom.xml
index 87911d11..254c44bf 100755
--- a/pig-common/pom.xml
+++ b/pig-common/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-common
diff --git a/pig-gateway/pom.xml b/pig-gateway/pom.xml
index 987f1b7c..6a9167e2 100755
--- a/pig-gateway/pom.xml
+++ b/pig-gateway/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-gateway
diff --git a/pig-register/pom.xml b/pig-register/pom.xml
index d72cac31..80892c3a 100755
--- a/pig-register/pom.xml
+++ b/pig-register/pom.xml
@@ -18,7 +18,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-register
diff --git a/pig-upms/pig-upms-api/pom.xml b/pig-upms/pig-upms-api/pom.xml
index 87e7944e..130ec0f2 100755
--- a/pig-upms/pig-upms-api/pom.xml
+++ b/pig-upms/pig-upms-api/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-upms
- 2.10.0
+ 2.10.1
pig-upms-api
diff --git a/pig-upms/pig-upms-biz/pom.xml b/pig-upms/pig-upms-biz/pom.xml
index 97d5dda5..cd694fb1 100644
--- a/pig-upms/pig-upms-biz/pom.xml
+++ b/pig-upms/pig-upms-biz/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-upms
- 2.10.0
+ 2.10.1
pig-upms-biz
diff --git a/pig-upms/pom.xml b/pig-upms/pom.xml
index 9727cdda..69c2abb6 100755
--- a/pig-upms/pom.xml
+++ b/pig-upms/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-upms
diff --git a/pig-visual/pig-codegen/pom.xml b/pig-visual/pig-codegen/pom.xml
index c558f364..56d07251 100755
--- a/pig-visual/pig-codegen/pom.xml
+++ b/pig-visual/pig-codegen/pom.xml
@@ -22,7 +22,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-codegen
diff --git a/pig-visual/pig-monitor/pom.xml b/pig-visual/pig-monitor/pom.xml
index c2e5e756..dd22fa66 100755
--- a/pig-visual/pig-monitor/pom.xml
+++ b/pig-visual/pig-monitor/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-monitor
diff --git a/pig-visual/pig-sentinel-dashboard/pom.xml b/pig-visual/pig-sentinel-dashboard/pom.xml
index 5ba035d8..82d43a3f 100755
--- a/pig-visual/pig-sentinel-dashboard/pom.xml
+++ b/pig-visual/pig-sentinel-dashboard/pom.xml
@@ -6,7 +6,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-sentinel-dashboard
diff --git a/pig-visual/pig-xxl-job-admin/pom.xml b/pig-visual/pig-xxl-job-admin/pom.xml
index ab44cdfe..5f39e154 100644
--- a/pig-visual/pig-xxl-job-admin/pom.xml
+++ b/pig-visual/pig-xxl-job-admin/pom.xml
@@ -4,7 +4,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-xxl-job-admin
diff --git a/pig-visual/pom.xml b/pig-visual/pom.xml
index 98a8dedc..ba6d11ee 100755
--- a/pig-visual/pom.xml
+++ b/pig-visual/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-visual
diff --git a/pom.xml b/pom.xml
index 27bff990..a29dd4f5 100755
--- a/pom.xml
+++ b/pom.xml
@@ -28,20 +28,20 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
${project.artifactId}
pom
https://www.pig4cloud.com
- 2.3.4.RELEASE
+ 2.3.5.RELEASE
Hoxton.SR8
2.2.3.RELEASE
UTF-8
1.8
1.8
2.3.0
- 5.4.6
+ 5.4.7
3.4.0
3.2.0
2.2.0