✨ Introducing new features. #I9300D sql注入检测提供换 mybatis-plus 提供工具类

pig-common/pig-common-mybatis/src/main/java/com/pig4cloud/pig/common/mybatis/resolver/SqlFilterArgumentResolver.java

@@ -20,6 +20,7 @@ package com.pig4cloud.pig.common.mybatis.resolver;
 
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.metadata.OrderItem;
+import com.baomidou.mybatisplus.core.toolkit.sql.SqlInjectionUtils;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import javax.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
@@ -45,9 +46,6 @@ import java.util.stream.Collectors;
 @Slf4j
 public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
 
-	private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare",
-			"alter", "drop", "sleep", "extractvalue", "concat" };
-
 	/**
 	 * 判断Controller是否包含page 参数
 	 * @param parameter 参数
@@ -90,21 +88,12 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
 		List<OrderItem> orderItemList = new ArrayList<>();
 		Optional.ofNullable(ascs)
 			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList())));
+					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::asc).collect(Collectors.toList())));
 		Optional.ofNullable(descs)
 			.ifPresent(s -> orderItemList.addAll(
-					Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList())));
+					Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::desc).collect(Collectors.toList())));
 		page.addOrder(orderItemList);
 
 		return page;
 	}
-
-	/**
-	 * 判断用户输入里面有没有关键字
-	 * @return Predicate
-	 */
-	private Predicate<String> sqlInjectPredicate() {
-		return sql -> Arrays.stream(KEYWORDS).noneMatch(keyword -> StrUtil.containsIgnoreCase(sql, keyword));
-	}
-
 }