mirror of
https://gitee.com/log4j/pig.git
synced 2024-12-31 08:14:18 +08:00
Merge branch 'dev'
This commit is contained in:
commit
9d09bb470a
@ -42,7 +42,7 @@
|
||||
|-----------------------------|------------|
|
||||
| Spring Boot | 2.7.18 |
|
||||
| Spring Cloud | 2021.0.8 |
|
||||
| Spring Cloud Alibaba | 2021.0.5.0 |
|
||||
| Spring Cloud Alibaba | 2021.0.6.0 |
|
||||
| Spring Authorization Server | 0.4.4 |
|
||||
| Mybatis Plus | 3.5.5 |
|
||||
| hutool | 5.8.22 |
|
||||
|
@ -34,7 +34,7 @@
|
||||
<oss.version>1.0.5</oss.version>
|
||||
<sms.version>2.0.2</sms.version>
|
||||
<jaxb.version>2.3.5</jaxb.version>
|
||||
<hutool.version>5.8.23</hutool.version>
|
||||
<hutool.version>5.8.26</hutool.version>
|
||||
<mica.version>2.7.4</mica.version>
|
||||
<sentinel.version>1.8.4</sentinel.version>
|
||||
<git.commit.plugin>4.9.9</git.commit.plugin>
|
||||
|
@ -20,6 +20,7 @@ package com.pig4cloud.pig.common.mybatis.resolver;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.baomidou.mybatisplus.core.metadata.OrderItem;
|
||||
import com.baomidou.mybatisplus.core.toolkit.sql.SqlInjectionUtils;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -45,9 +46,6 @@ import java.util.stream.Collectors;
|
||||
@Slf4j
|
||||
public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
|
||||
private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare",
|
||||
"alter", "drop", "sleep", "extractvalue", "concat" };
|
||||
|
||||
/**
|
||||
* 判断Controller是否包含page 参数
|
||||
* @param parameter 参数
|
||||
@ -90,21 +88,12 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
|
||||
List<OrderItem> orderItemList = new ArrayList<>();
|
||||
Optional.ofNullable(ascs)
|
||||
.ifPresent(s -> orderItemList.addAll(
|
||||
Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList())));
|
||||
Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::asc).collect(Collectors.toList())));
|
||||
Optional.ofNullable(descs)
|
||||
.ifPresent(s -> orderItemList.addAll(
|
||||
Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList())));
|
||||
Arrays.stream(s).filter(SqlInjectionUtils::check).map(OrderItem::desc).collect(Collectors.toList())));
|
||||
page.addOrder(orderItemList);
|
||||
|
||||
return page;
|
||||
}
|
||||
|
||||
/**
|
||||
* 判断用户输入里面有没有关键字
|
||||
* @return Predicate
|
||||
*/
|
||||
private Predicate<String> sqlInjectPredicate() {
|
||||
return sql -> Arrays.stream(KEYWORDS).noneMatch(keyword -> StrUtil.containsIgnoreCase(sql, keyword));
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -55,7 +55,7 @@ public class OssEndpoint {
|
||||
*/
|
||||
@SneakyThrows
|
||||
@PostMapping("/bucket/{bucketName}")
|
||||
public Bucket createBucker(@PathVariable String bucketName) {
|
||||
public Bucket createBucket(@PathVariable String bucketName) {
|
||||
|
||||
template.createBucket(bucketName);
|
||||
return template.getBucket(bucketName).get();
|
||||
|
4
pom.xml
4
pom.xml
@ -31,11 +31,11 @@
|
||||
<revision>3.7.4-JDK8</revision>
|
||||
<spring-boot.version>2.7.18</spring-boot.version>
|
||||
<spring-cloud.version>2021.0.8</spring-cloud.version>
|
||||
<spring-cloud-alibaba.version>2021.0.5.0</spring-cloud-alibaba.version>
|
||||
<spring-cloud-alibaba.version>2021.0.6.0</spring-cloud-alibaba.version>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<maven.compiler.source>1.8</maven.compiler.source>
|
||||
<maven.compiler.target>1.8</maven.compiler.target>
|
||||
<spring-boot-admin.version>2.7.10</spring-boot-admin.version>
|
||||
<spring-boot-admin.version>2.7.15</spring-boot-admin.version>
|
||||
<spring.authorization.version>0.4.5</spring.authorization.version>
|
||||
<captcha.version>2.2.3</captcha.version>
|
||||
<screw.version>0.0.1</screw.version>
|
||||
|
Loading…
Reference in New Issue
Block a user