From 7031ba049c3699d82aca662673276b79d07d4ea0 Mon Sep 17 00:00:00 2001
From: lbw <wangiegie@163.com>
Date: Thu, 22 Feb 2024 19:27:22 +0800
Subject: [PATCH] =?UTF-8?q?:sparkles:=20Introducing=20new=20features.=20#I?=
 =?UTF-8?q?9300D=20sql=E6=B3=A8=E5=85=A5=E6=A3=80=E6=B5=8B=E6=8F=90?=
 =?UTF-8?q?=E4=BE=9B=E6=8D=A2=20mybatis-plus=20=E6=8F=90=E4=BE=9B=E5=B7=A5?=
 =?UTF-8?q?=E5=85=B7=E7=B1=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../resolver/SqlFilterArgumentResolver.java     | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java b/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java
index 3b9a9a20..88d870a9 100644
--- a/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java
+++ b/pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java
@@ -20,6 +20,7 @@ package com.pig4cloud.pig.common.mybatis.resolver;
 
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.metadata.OrderItem;
+import com.baomidou.mybatisplus.core.toolkit.sql.SqlInjectionUtils;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import javax.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
@@ -45,9 +46,6 @@ import java.util.stream.Collectors;
 @Slf4j
 public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
 
-	private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare",
-			"alter", "drop", "sleep", "extractvalue", "concat" };
-
 	/**
 	 * 判断Controller是否包含page 参数
 	 * @param parameter 参数
@@ -90,21 +88,12 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
 		List<OrderItem> orderItemList = new ArrayList<>();
 		Optional.ofNullable(ascs)
 			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList())));
+					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::asc).collect(Collectors.toList())));
 		Optional.ofNullable(descs)
 			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList())));
+					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::desc).collect(Collectors.toList())));
 		page.addOrder(orderItemList);
 
 		return page;
 	}
-
-	/**
-	 * 判断用户输入里面有没有关键字
-	 * @return Predicate
-	 */
-	private Predicate<String> sqlInjectPredicate() {
-		return sql -> Arrays.stream(KEYWORDS).noneMatch(keyword -> StrUtil.containsIgnoreCase(sql, keyword));
-	}
-
 }