mirror of
https://github.com/chillzhuang/blade-tool
synced 2024-11-15 15:09:30 +08:00
⚡ SqlKeyword类增加特殊字符清除逻辑
This commit is contained in:
parent
5622c81a11
commit
de41acdd51
@ -138,11 +138,13 @@ public class SqlKeyword {
|
|||||||
*/
|
*/
|
||||||
@SneakyThrows(SQLException.class)
|
@SneakyThrows(SQLException.class)
|
||||||
public static String filter(String param) {
|
public static String filter(String param) {
|
||||||
if (param == null) {
|
// 清除特殊字符
|
||||||
|
String cleaned = StringUtil.cleanIdentifier(param);
|
||||||
|
if (cleaned == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
// 将校验到的sql关键词替换为空字符串
|
// 将校验到的sql关键词替换为空字符串
|
||||||
String sql = param.replaceAll(SQL_REGEX, StringPool.EMPTY);
|
String sql = cleaned.replaceAll(SQL_REGEX, StringPool.EMPTY);
|
||||||
// 二次校验,避免双写绕过等情况出现
|
// 二次校验,避免双写绕过等情况出现
|
||||||
if (match(sql)) {
|
if (match(sql)) {
|
||||||
throw new SQLException(SQL_INJECTION_MESSAGE);
|
throw new SQLException(SQL_INJECTION_MESSAGE);
|
||||||
|
Loading…
Reference in New Issue
Block a user