diff --git a/README.md b/README.md index 510dc9d878545ac7a1be0c449777ed559bd21b9e..3798ff9a76193cf41b71b6e9acea1f955b151847 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,12 @@ | 依赖 | 版本 | | ---------------------- | ------------- | -| Spring Boot | 2.3.4.RELEASE | +| Spring Boot | 2.3.5.RELEASE | | Spring Cloud | Hoxton.SR8 | | Spring Cloud Alibaba | 2.2.3.RELEASE | | Spring Security OAuth2 | 2.3.6 | | Mybatis Plus | 3.4.0 | -| hutool | 5.4.4 | +| hutool | 5.4.7 | | Avue | 2.6.16 | ### 模块说明 @@ -99,7 +99,7 @@ mvn archetype:generate \ -Dpackage=com.pig4cloud.pig.demo \ -DarchetypeGroupId=com.pig4cloud.archetype \ -DarchetypeArtifactId=pig-gen \ - -DarchetypeVersion=2.10.0 \ + -DarchetypeVersion=2.10.1 \ -DarchetypeCatalog=local ``` diff --git a/pig-auth/pom.xml b/pig-auth/pom.xml index 9fe4c74e1718e0a727678ef5303910f2c2595458..21988f70278a4d6bd8d46e64292d24e7aacb8d2e 100755 --- a/pig-auth/pom.xml +++ b/pig-auth/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-auth @@ -44,19 +44,19 @@ com.pig4cloud pig-common-sentinel - 2.10.0 + 2.10.1 com.pig4cloud pig-upms-api - 2.10.0 + 2.10.1 com.pig4cloud pig-common-security - 2.10.0 + 2.10.1 diff --git a/pig-common/pig-common-core/pom.xml b/pig-common/pig-common-core/pom.xml index b58dd8679d5440d4dfe3b818976be4f9abced54f..9a873ce5c89b8169cd44a5dd49f14e6867a02bfc 100755 --- a/pig-common/pig-common-core/pom.xml +++ b/pig-common/pig-common-core/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-core diff --git a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java index 0972289105ae6a6522669914fe0407e4a444d70a..35bdb591819cb28a90a28ca33a349aa5afd5bc47 100644 --- a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java +++ b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/mybatis/SqlFilterArgumentResolver.java @@ -1,17 +1,19 @@ /* - * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * * Copyright (c) 2019-2020, 冷冷 (wangiegie@gmail.com). + * *

+ * * Licensed under the GNU Lesser General Public License 3.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * *

+ * * https://www.gnu.org/licenses/lgpl.html + * *

+ * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ package com.pig4cloud.pig.common.core.mybatis; @@ -27,7 +29,11 @@ import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.method.support.ModelAndViewContainer; import javax.servlet.http.HttpServletRequest; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Optional; +import java.util.function.Predicate; import java.util.stream.Collectors; /** @@ -39,6 +45,9 @@ import java.util.stream.Collectors; @Slf4j public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver { + private final static String[] KEYWORDS = { "master", "truncate", "insert", "select", "delete", "update", "declare", + "alter", "drop", "sleep" }; + /** * 判断Controller是否包含page 参数 * @param parameter 参数 @@ -69,7 +78,7 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver String current = request.getParameter("current"); String size = request.getParameter("size"); - Page page = new Page<>(); + Page page = new Page(); if (StrUtil.isNotBlank(current)) { page.setCurrent(Long.parseLong(current)); } @@ -79,32 +88,28 @@ public class SqlFilterArgumentResolver implements HandlerMethodArgumentResolver } List orderItemList = new ArrayList<>(); - Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(Objects::isNull) - .map(this::clear).map(OrderItem::asc).collect(Collectors.toList()))); - Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll(Arrays.stream(s).filter(Objects::isNull) - .map(this::clear).map(OrderItem::desc).collect(Collectors.toList()))); + Optional.ofNullable(ascs).ifPresent(s -> orderItemList.addAll( + Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::asc).collect(Collectors.toList()))); + Optional.ofNullable(descs).ifPresent(s -> orderItemList.addAll( + Arrays.stream(s).filter(sqlInjectPredicate()).map(OrderItem::desc).collect(Collectors.toList()))); page.addOrder(orderItemList); return page; } /** - * 参数清理 - * @param param 参数 - * @return String + * 判断用户输入里面有没有关键字 + * @return Predicate */ - private String clear(String param) { - if (StrUtil.isBlank(param)) { - return StrUtil.trim(param); - } - StringBuilder builder = new StringBuilder(); - for (int i = 0; i < param.length(); i++) { - char c = param.charAt(i); - if (Character.isJavaIdentifierPart(c)) { - builder.append(c); + private Predicate sqlInjectPredicate() { + return sql -> { + for (String keyword : KEYWORDS) { + if (StrUtil.containsIgnoreCase(sql, keyword)) { + return false; + } } - } - return builder.toString(); + return true; + }; } } diff --git a/pig-common/pig-common-datasource/pom.xml b/pig-common/pig-common-datasource/pom.xml index 0b2a18251f6467eb2711fff2a999306da56cdc22..9968ddd6731ec8303905403c4e777c94456aeb1a 100644 --- a/pig-common/pig-common-datasource/pom.xml +++ b/pig-common/pig-common-datasource/pom.xml @@ -21,7 +21,7 @@ pig-common com.pig4cloud - 2.10.0 + 2.10.1 4.0.0 diff --git a/pig-common/pig-common-job/pom.xml b/pig-common/pig-common-job/pom.xml index 94dbfd2abdd5bdf3ffcc10aeae0f83fc1b9d72ac..7764fa0ccefd14830c3a9b9b0f8a4e153ead07b7 100755 --- a/pig-common/pig-common-job/pom.xml +++ b/pig-common/pig-common-job/pom.xml @@ -23,7 +23,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-job diff --git a/pig-common/pig-common-log/pom.xml b/pig-common/pig-common-log/pom.xml index 1e348458e244ab521a55ee39192247a3804dea60..f9f137d95ccef42172bf31ae7301b396efa24f5c 100755 --- a/pig-common/pig-common-log/pom.xml +++ b/pig-common/pig-common-log/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-log @@ -35,13 +35,13 @@ com.pig4cloud pig-common-core - 2.10.0 + 2.10.1 com.pig4cloud pig-upms-api - 2.10.0 + 2.10.1 diff --git a/pig-common/pig-common-mybatis/pom.xml b/pig-common/pig-common-mybatis/pom.xml index 63d669633cbd3312ddb7f534b33f88a2e961a162..1e13fd3b60f7c830976ec72c5f57c96d26fa5b0b 100755 --- a/pig-common/pig-common-mybatis/pom.xml +++ b/pig-common/pig-common-mybatis/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-mybatis diff --git a/pig-common/pig-common-security/pom.xml b/pig-common/pig-common-security/pom.xml index a5f9c7aaf8d1ba5f75d3179ecc4b16de8e5a22e6..e6400cc3d00b8e09c79f05625c9eacace7b7b09f 100755 --- a/pig-common/pig-common-security/pom.xml +++ b/pig-common/pig-common-security/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-security @@ -35,7 +35,7 @@ com.pig4cloud pig-common-core - 2.10.0 + 2.10.1 @@ -50,7 +50,7 @@ com.pig4cloud pig-upms-api - 2.10.0 + 2.10.1 diff --git a/pig-common/pig-common-sentinel/pom.xml b/pig-common/pig-common-sentinel/pom.xml index fe4393bc7f193af65491f91a9bd8e5c4ccfb9778..ff8fec86487c77134396c4674207c6eb47fa9468 100755 --- a/pig-common/pig-common-sentinel/pom.xml +++ b/pig-common/pig-common-sentinel/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 4.0.0 @@ -32,7 +32,7 @@ com.pig4cloud pig-common-core - 2.10.0 + 2.10.1 com.alibaba.cloud diff --git a/pig-common/pig-common-swagger/pom.xml b/pig-common/pig-common-swagger/pom.xml index 6d4e900bb68f23dab726511320550a575fb4e8b8..211cee31acdbd96eeaaefa728a7d38cd1762d771 100644 --- a/pig-common/pig-common-swagger/pom.xml +++ b/pig-common/pig-common-swagger/pom.xml @@ -24,7 +24,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-swagger diff --git a/pig-common/pig-common-test/pom.xml b/pig-common/pig-common-test/pom.xml index 180603a687e13fc23b9db369608baabf4383b72c..e37cb34742c1fda96c8440494a3f404db95a3e1e 100755 --- a/pig-common/pig-common-test/pom.xml +++ b/pig-common/pig-common-test/pom.xml @@ -6,7 +6,7 @@ com.pig4cloud pig-common - 2.10.0 + 2.10.1 pig-common-test @@ -18,7 +18,7 @@ com.pig4cloud pig-common-security - 2.10.0 + 2.10.1 org.springframework.security diff --git a/pig-common/pom.xml b/pig-common/pom.xml index 87911d11445e3a314e1cfceeda52848a00e046ee..254c44bfd0422736baa76149df7a50578e36b140 100755 --- a/pig-common/pom.xml +++ b/pig-common/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-common diff --git a/pig-gateway/pom.xml b/pig-gateway/pom.xml index 987f1b7c139acbef6d4c8a33019cc6f7f245bddb..6a9167e2d7750418310fdbcd07755e61404a2146 100755 --- a/pig-gateway/pom.xml +++ b/pig-gateway/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-gateway diff --git a/pig-register/pom.xml b/pig-register/pom.xml index d72cac312eb6fea120d1983b8fc63b77f70590bc..80892c3a494eaa6f509be701a3bdf6dfe37925f1 100755 --- a/pig-register/pom.xml +++ b/pig-register/pom.xml @@ -18,7 +18,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-register diff --git a/pig-upms/pig-upms-api/pom.xml b/pig-upms/pig-upms-api/pom.xml index 87e7944ed96576302e39ef14b97c04a5845061a3..130ec0f2733e7071afaf81d38d0fd172194869b4 100755 --- a/pig-upms/pig-upms-api/pom.xml +++ b/pig-upms/pig-upms-api/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-upms - 2.10.0 + 2.10.1 pig-upms-api diff --git a/pig-upms/pig-upms-biz/pom.xml b/pig-upms/pig-upms-biz/pom.xml index 97d5dda5ec17a5fa7f899eeafbb89a173e1b52d1..cd694fb1aa2bc7cde581be4e89aa6e8a319b051f 100644 --- a/pig-upms/pig-upms-biz/pom.xml +++ b/pig-upms/pig-upms-biz/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-upms - 2.10.0 + 2.10.1 pig-upms-biz diff --git a/pig-upms/pom.xml b/pig-upms/pom.xml index 9727cddaaaddd583bd03e8af8530d83bfc488dd7..69c2abb6c8598e89f6c79b4b473acafa3048ac1f 100755 --- a/pig-upms/pom.xml +++ b/pig-upms/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-upms diff --git a/pig-visual/pig-codegen/pom.xml b/pig-visual/pig-codegen/pom.xml index c558f364a11b467c59737499b46a4d95ce52ce32..56d0725125c9d3807088ee2602bb7588c9a8066c 100755 --- a/pig-visual/pig-codegen/pom.xml +++ b/pig-visual/pig-codegen/pom.xml @@ -22,7 +22,7 @@ com.pig4cloud pig-visual - 2.10.0 + 2.10.1 pig-codegen diff --git a/pig-visual/pig-monitor/pom.xml b/pig-visual/pig-monitor/pom.xml index c2e5e7564d1a4f7aec56b5cd0b9d8015b90a6f73..dd22fa6641c13fd25f1501342ab4c73263ec9ce2 100755 --- a/pig-visual/pig-monitor/pom.xml +++ b/pig-visual/pig-monitor/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig-visual - 2.10.0 + 2.10.1 pig-monitor diff --git a/pig-visual/pig-sentinel-dashboard/pom.xml b/pig-visual/pig-sentinel-dashboard/pom.xml index 5ba035d878132c516c0c9f1deb636c2b21db5301..82d43a3f252faa19e1e7e43936592e04bad8b86a 100755 --- a/pig-visual/pig-sentinel-dashboard/pom.xml +++ b/pig-visual/pig-sentinel-dashboard/pom.xml @@ -6,7 +6,7 @@ com.pig4cloud pig-visual - 2.10.0 + 2.10.1 pig-sentinel-dashboard diff --git a/pig-visual/pig-xxl-job-admin/pom.xml b/pig-visual/pig-xxl-job-admin/pom.xml index ab44cdfe30775ea7ec7937a2a18268ef512040d2..5f39e154ff191456506fc75c0a305936dfcf6ee6 100644 --- a/pig-visual/pig-xxl-job-admin/pom.xml +++ b/pig-visual/pig-xxl-job-admin/pom.xml @@ -4,7 +4,7 @@ com.pig4cloud pig-visual - 2.10.0 + 2.10.1 pig-xxl-job-admin diff --git a/pig-visual/pom.xml b/pig-visual/pom.xml index 98a8dedc1ac2280d3f525f99b3e1a7ffaf6c2791..ba6d11ee2d83b29727f6603c6ad00198b47d4132 100755 --- a/pig-visual/pom.xml +++ b/pig-visual/pom.xml @@ -21,7 +21,7 @@ com.pig4cloud pig - 2.10.0 + 2.10.1 pig-visual diff --git a/pom.xml b/pom.xml index c9e95063e65eadb04f2cb27250fc67553822190a..41909424bd16c6911d23351951b8ee5d909ae577 100755 --- a/pom.xml +++ b/pom.xml @@ -23,25 +23,25 @@ com.pig4cloud pig-cloud-dependencies-parent - 2.10.0 + 2.10.1 com.pig4cloud pig - 2.10.0 + 2.10.1 ${project.artifactId} pom https://www.pig4cloud.com - 2.3.4.RELEASE + 2.3.5.RELEASE Hoxton.SR8 2.2.3.RELEASE UTF-8 1.8 1.8 2.3.0 - 5.4.4 + 5.4.7 3.4.0 3.2.0 2.2.0