diff --git a/pig-common/pig-common-core/pom.xml b/pig-common/pig-common-core/pom.xml
index b58dd8679d5440d4dfe3b818976be4f9abced54f..9a873ce5c89b8169cd44a5dd49f14e6867a02bfc 100755
--- a/pig-common/pig-common-core/pom.xml
+++ b/pig-common/pig-common-core/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-core
diff --git a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
index 0972289105ae6a6522669914fe0407e4a444d70a..35bdb591819cb28a90a28ca33a349aa5afd5bc47 100644
--- a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
+++ b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java
@@ -1,17 +1,19 @@
/*
- * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * * Copyright (c) 2019-2020, 冷冷 (wangiegie@gmail.com).
+ * *
+ * * Licensed under the GNU Lesser General Public License 3.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * https://www.gnu.org/licenses/lgpl.html
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
*/
package com.pig4cloud.pig.common.core.mybatis;
@@ -27,7 +29,11 @@ import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import javax.servlet.http.HttpServletRequest;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.function.Predicate;
import java.util.stream.Collectors;
/**
@@ -39,6 +45,9 @@ import java.util.stream.Collectors;
@Slf4j
public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver {
+ private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare",
+ "alter", "drop", "sleep" };
+
/**
* 判断Controller是否包含page 参数
* @param parameter 参数
@@ -69,7 +78,7 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
String current = request.getParameter("current");
String size = request.getParameter("size");
- Page> page = new Page<>();
+ Page page = new Page();
if (StrUtil.isNotBlank(current)) {
page.setCurrent(Long.parseLong(current));
}
@@ -79,32 +88,28 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver
}
List orderItemList = new ArrayList<>();
- Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(Objects::isNull)
- .map(this::clear).map(OrderItem::asc).collect(Collectors.toList())));
- Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(Objects::isNull)
- .map(this::clear).map(OrderItem::desc).collect(Collectors.toList())));
+ Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll(
+ Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList())));
+ Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll(
+ Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList())));
page.addOrder(orderItemList);
return page;
}
/**
- * 参数清理
- * @param param 参数
- * @return String
+ * 判断用户输入里面有没有关键字
+ * @return Predicate
*/
- private String clear(String param) {
- if (StrUtil.isBlank(param)) {
- return StrUtil.trim(param);
- }
- StringBuilder builder = new StringBuilder();
- for (int i = 0; i < param.length(); i++) {
- char c = param.charAt(i);
- if (Character.isJavaIdentifierPart(c)) {
- builder.append(c);
+ private Predicate sqlInjectPredicate() {
+ return sql -> {
+ for (String keyword : KEYWORDS) {
+ if (StrUtil.containsIgnoreCase(sql, keyword)) {
+ return false;
+ }
}
- }
- return builder.toString();
+ return true;
+ };
}
}
diff --git a/pig-common/pig-common-datasource/pom.xml b/pig-common/pig-common-datasource/pom.xml
index 0b2a18251f6467eb2711fff2a999306da56cdc22..9968ddd6731ec8303905403c4e777c94456aeb1a 100644
--- a/pig-common/pig-common-datasource/pom.xml
+++ b/pig-common/pig-common-datasource/pom.xml
@@ -21,7 +21,7 @@
pig-common
com.pig4cloud
- 2.10.0
+ 2.10.1
4.0.0
diff --git a/pig-common/pig-common-job/pom.xml b/pig-common/pig-common-job/pom.xml
index 94dbfd2abdd5bdf3ffcc10aeae0f83fc1b9d72ac..7764fa0ccefd14830c3a9b9b0f8a4e153ead07b7 100755
--- a/pig-common/pig-common-job/pom.xml
+++ b/pig-common/pig-common-job/pom.xml
@@ -23,7 +23,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-job
diff --git a/pig-common/pig-common-log/pom.xml b/pig-common/pig-common-log/pom.xml
index 1e348458e244ab521a55ee39192247a3804dea60..f9f137d95ccef42172bf31ae7301b396efa24f5c 100755
--- a/pig-common/pig-common-log/pom.xml
+++ b/pig-common/pig-common-log/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-log
@@ -35,13 +35,13 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
com.pig4cloud
pig-upms-api
- 2.10.0
+ 2.10.1
diff --git a/pig-common/pig-common-mybatis/pom.xml b/pig-common/pig-common-mybatis/pom.xml
index 63d669633cbd3312ddb7f534b33f88a2e961a162..1e13fd3b60f7c830976ec72c5f57c96d26fa5b0b 100755
--- a/pig-common/pig-common-mybatis/pom.xml
+++ b/pig-common/pig-common-mybatis/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-mybatis
diff --git a/pig-common/pig-common-security/pom.xml b/pig-common/pig-common-security/pom.xml
index a5f9c7aaf8d1ba5f75d3179ecc4b16de8e5a22e6..e6400cc3d00b8e09c79f05625c9eacace7b7b09f 100755
--- a/pig-common/pig-common-security/pom.xml
+++ b/pig-common/pig-common-security/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-security
@@ -35,7 +35,7 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
@@ -50,7 +50,7 @@
com.pig4cloud
pig-upms-api
- 2.10.0
+ 2.10.1
diff --git a/pig-common/pig-common-sentinel/pom.xml b/pig-common/pig-common-sentinel/pom.xml
index fe4393bc7f193af65491f91a9bd8e5c4ccfb9778..ff8fec86487c77134396c4674207c6eb47fa9468 100755
--- a/pig-common/pig-common-sentinel/pom.xml
+++ b/pig-common/pig-common-sentinel/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
4.0.0
@@ -32,7 +32,7 @@
com.pig4cloud
pig-common-core
- 2.10.0
+ 2.10.1
com.alibaba.cloud
diff --git a/pig-common/pig-common-swagger/pom.xml b/pig-common/pig-common-swagger/pom.xml
index 6d4e900bb68f23dab726511320550a575fb4e8b8..211cee31acdbd96eeaaefa728a7d38cd1762d771 100644
--- a/pig-common/pig-common-swagger/pom.xml
+++ b/pig-common/pig-common-swagger/pom.xml
@@ -24,7 +24,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-swagger
diff --git a/pig-common/pig-common-test/pom.xml b/pig-common/pig-common-test/pom.xml
index 180603a687e13fc23b9db369608baabf4383b72c..e37cb34742c1fda96c8440494a3f404db95a3e1e 100755
--- a/pig-common/pig-common-test/pom.xml
+++ b/pig-common/pig-common-test/pom.xml
@@ -6,7 +6,7 @@
com.pig4cloud
pig-common
- 2.10.0
+ 2.10.1
pig-common-test
@@ -18,7 +18,7 @@
com.pig4cloud
pig-common-security
- 2.10.0
+ 2.10.1
org.springframework.security
diff --git a/pig-common/pom.xml b/pig-common/pom.xml
index 87911d11445e3a314e1cfceeda52848a00e046ee..254c44bfd0422736baa76149df7a50578e36b140 100755
--- a/pig-common/pom.xml
+++ b/pig-common/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-common
diff --git a/pig-gateway/pom.xml b/pig-gateway/pom.xml
index 987f1b7c139acbef6d4c8a33019cc6f7f245bddb..6a9167e2d7750418310fdbcd07755e61404a2146 100755
--- a/pig-gateway/pom.xml
+++ b/pig-gateway/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-gateway
diff --git a/pig-register/pom.xml b/pig-register/pom.xml
index d72cac312eb6fea120d1983b8fc63b77f70590bc..80892c3a494eaa6f509be701a3bdf6dfe37925f1 100755
--- a/pig-register/pom.xml
+++ b/pig-register/pom.xml
@@ -18,7 +18,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-register
diff --git a/pig-upms/pig-upms-api/pom.xml b/pig-upms/pig-upms-api/pom.xml
index 87e7944ed96576302e39ef14b97c04a5845061a3..130ec0f2733e7071afaf81d38d0fd172194869b4 100755
--- a/pig-upms/pig-upms-api/pom.xml
+++ b/pig-upms/pig-upms-api/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-upms
- 2.10.0
+ 2.10.1
pig-upms-api
diff --git a/pig-upms/pig-upms-biz/pom.xml b/pig-upms/pig-upms-biz/pom.xml
index 97d5dda5ec17a5fa7f899eeafbb89a173e1b52d1..cd694fb1aa2bc7cde581be4e89aa6e8a319b051f 100644
--- a/pig-upms/pig-upms-biz/pom.xml
+++ b/pig-upms/pig-upms-biz/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-upms
- 2.10.0
+ 2.10.1
pig-upms-biz
diff --git a/pig-upms/pom.xml b/pig-upms/pom.xml
index 9727cddaaaddd583bd03e8af8530d83bfc488dd7..69c2abb6c8598e89f6c79b4b473acafa3048ac1f 100755
--- a/pig-upms/pom.xml
+++ b/pig-upms/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-upms
diff --git a/pig-visual/pig-codegen/pom.xml b/pig-visual/pig-codegen/pom.xml
index c558f364a11b467c59737499b46a4d95ce52ce32..56d0725125c9d3807088ee2602bb7588c9a8066c 100755
--- a/pig-visual/pig-codegen/pom.xml
+++ b/pig-visual/pig-codegen/pom.xml
@@ -22,7 +22,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-codegen
diff --git a/pig-visual/pig-monitor/pom.xml b/pig-visual/pig-monitor/pom.xml
index c2e5e7564d1a4f7aec56b5cd0b9d8015b90a6f73..dd22fa6641c13fd25f1501342ab4c73263ec9ce2 100755
--- a/pig-visual/pig-monitor/pom.xml
+++ b/pig-visual/pig-monitor/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-monitor
diff --git a/pig-visual/pig-sentinel-dashboard/pom.xml b/pig-visual/pig-sentinel-dashboard/pom.xml
index 5ba035d878132c516c0c9f1deb636c2b21db5301..82d43a3f252faa19e1e7e43936592e04bad8b86a 100755
--- a/pig-visual/pig-sentinel-dashboard/pom.xml
+++ b/pig-visual/pig-sentinel-dashboard/pom.xml
@@ -6,7 +6,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-sentinel-dashboard
diff --git a/pig-visual/pig-xxl-job-admin/pom.xml b/pig-visual/pig-xxl-job-admin/pom.xml
index ab44cdfe30775ea7ec7937a2a18268ef512040d2..5f39e154ff191456506fc75c0a305936dfcf6ee6 100644
--- a/pig-visual/pig-xxl-job-admin/pom.xml
+++ b/pig-visual/pig-xxl-job-admin/pom.xml
@@ -4,7 +4,7 @@
com.pig4cloud
pig-visual
- 2.10.0
+ 2.10.1
pig-xxl-job-admin
diff --git a/pig-visual/pom.xml b/pig-visual/pom.xml
index 98a8dedc1ac2280d3f525f99b3e1a7ffaf6c2791..ba6d11ee2d83b29727f6603c6ad00198b47d4132 100755
--- a/pig-visual/pom.xml
+++ b/pig-visual/pom.xml
@@ -21,7 +21,7 @@
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
pig-visual
diff --git a/pom.xml b/pom.xml
index c9e95063e65eadb04f2cb27250fc67553822190a..41909424bd16c6911d23351951b8ee5d909ae577 100755
--- a/pom.xml
+++ b/pom.xml
@@ -23,25 +23,25 @@
com.pig4cloud
pig-cloud-dependencies-parent
- 2.10.0
+ 2.10.1
com.pig4cloud
pig
- 2.10.0
+ 2.10.1
${project.artifactId}
pom
https://www.pig4cloud.com
- 2.3.4.RELEASE
+ 2.3.5.RELEASE
Hoxton.SR8
2.2.3.RELEASE
UTF-8
1.8
1.8
2.3.0
- 5.4.4
+ 5.4.7
3.4.0
3.2.0
2.2.0