mirror of
https://github.com/chillzhuang/blade-tool
synced 2024-11-15 06:59:29 +08:00
⚡ SqlKeyword类增加特殊字符清除逻辑
This commit is contained in:
parent
5622c81a11
commit
de41acdd51
@ -138,11 +138,13 @@ public class SqlKeyword {
|
||||
*/
|
||||
@SneakyThrows(SQLException.class)
|
||||
public static String filter(String param) {
|
||||
if (param == null) {
|
||||
// 清除特殊字符
|
||||
String cleaned = StringUtil.cleanIdentifier(param);
|
||||
if (cleaned == null) {
|
||||
return null;
|
||||
}
|
||||
// 将校验到的sql关键词替换为空字符串
|
||||
String sql = param.replaceAll(SQL_REGEX, StringPool.EMPTY);
|
||||
String sql = cleaned.replaceAll(SQL_REGEX, StringPool.EMPTY);
|
||||
// 二次校验,避免双写绕过等情况出现
|
||||
if (match(sql)) {
|
||||
throw new SQLException(SQL_INJECTION_MESSAGE);
|
||||
|
Loading…
Reference in New Issue
Block a user