Browse Source

常用类添加二级缓存、高级筛选sql添加校验防止sql注入

master
songguoqiang 5 months ago
parent
commit
0041ac0099
  1. 1
      win-framework/win-common/src/main/java/com/win/framework/common/exception/enums/GlobalErrorCodeConstants.java
  2. 27
      win-framework/win-common/src/main/java/com/win/framework/common/util/sql/ValidSql.java
  3. 3
      win-framework/win-spring-boot-starter-mybatis/src/main/java/com/win/framework/mybatis/core/util/QueryWrapperUtils.java
  4. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/DeptMapper.java
  5. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/PostMapper.java
  6. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/UserPostMapper.java
  7. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/MenuMapper.java
  8. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/RoleMapper.java
  9. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/RoleMenuMapper.java
  10. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/UserRoleMapper.java
  11. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/tenant/TenantMapper.java
  12. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/tenant/TenantPackageMapper.java
  13. 2
      win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/user/AdminUserMapper.java

1
win-framework/win-common/src/main/java/com/win/framework/common/exception/enums/GlobalErrorCodeConstants.java

@ -35,6 +35,7 @@ public interface GlobalErrorCodeConstants {
ErrorCode REPEATED_REQUESTS = new ErrorCode(900, "重复请求,请稍后重试"); // 重复请求 ErrorCode REPEATED_REQUESTS = new ErrorCode(900, "重复请求,请稍后重试"); // 重复请求
ErrorCode DEMO_DENY = new ErrorCode(901, "演示模式,禁止写操作"); ErrorCode DEMO_DENY = new ErrorCode(901, "演示模式,禁止写操作");
ErrorCode SQL_INJECTION = new ErrorCode(901, "参数存在非法字符,请确认:{}");
ErrorCode UNKNOWN = new ErrorCode(999, "未知错误"); ErrorCode UNKNOWN = new ErrorCode(999, "未知错误");

27
win-framework/win-common/src/main/java/com/win/framework/common/util/sql/ValidSql.java

@ -0,0 +1,27 @@
package com.win.framework.common.util.sql;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import static com.win.framework.common.exception.enums.GlobalErrorCodeConstants.SQL_INJECTION;
import static com.win.framework.common.exception.util.ServiceExceptionUtil.exception;
public class ValidSql {
static String reg = "\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|mid|truncate|char|or)\\b|([*;+'%])";
static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);//表示忽略大小写
/**
* 参数校验
*
* @param str ep: "or 1=1"
*/
public static boolean isSqlValid(String str) {
Matcher matcher = sqlPattern.matcher(str);
if (matcher.find()) {
throw exception(SQL_INJECTION, matcher.group());
}
return true;
}
}

3
win-framework/win-spring-boot-starter-mybatis/src/main/java/com/win/framework/mybatis/core/util/QueryWrapperUtils.java

@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.google.common.base.CaseFormat; import com.google.common.base.CaseFormat;
import com.win.framework.common.pojo.CustomConditions; import com.win.framework.common.pojo.CustomConditions;
import com.win.framework.common.util.collection.CollectionUtils; import com.win.framework.common.util.collection.CollectionUtils;
import com.win.framework.common.util.sql.ValidSql;
import java.time.Instant; import java.time.Instant;
import java.time.LocalDateTime; import java.time.LocalDateTime;
@ -32,6 +33,8 @@ public class QueryWrapperUtils {
continue; continue;
} }
column = CaseFormat.LOWER_CAMEL.to(CaseFormat.LOWER_UNDERSCORE, column); column = CaseFormat.LOWER_CAMEL.to(CaseFormat.LOWER_UNDERSCORE, column);
//校验sql是否包含关键字
ValidSql.isSqlValid(column);
switch (condition.getAction()) { switch (condition.getAction()) {
case "==" : case "==" :
queryWrapper.eq(column, condition.getValue()); queryWrapper.eq(column, condition.getValue());

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/DeptMapper.java

@ -9,6 +9,7 @@ import com.win.module.system.controller.dept.vo.dept.DeptListReqVO;
import com.win.module.system.controller.dept.vo.dept.DeptPageReqVO; import com.win.module.system.controller.dept.vo.dept.DeptPageReqVO;
import com.win.module.system.dal.dataobject.dept.DeptDO; import com.win.module.system.dal.dataobject.dept.DeptDO;
import com.win.module.system.dal.dataobject.permission.RoleDO; import com.win.module.system.dal.dataobject.permission.RoleDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
@ -17,6 +18,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface DeptMapper extends BaseMapperX<DeptDO> { public interface DeptMapper extends BaseMapperX<DeptDO> {
default List<DeptDO> selectList(DeptListReqVO reqVO) { default List<DeptDO> selectList(DeptListReqVO reqVO) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/PostMapper.java

@ -6,12 +6,14 @@ import com.win.framework.mybatis.core.query.LambdaQueryWrapperX;
import com.win.module.system.controller.dept.vo.post.PostExportReqVO; import com.win.module.system.controller.dept.vo.post.PostExportReqVO;
import com.win.module.system.controller.dept.vo.post.PostPageReqVO; import com.win.module.system.controller.dept.vo.post.PostPageReqVO;
import com.win.module.system.dal.dataobject.dept.PostDO; import com.win.module.system.dal.dataobject.dept.PostDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface PostMapper extends BaseMapperX<PostDO> { public interface PostMapper extends BaseMapperX<PostDO> {
default List<PostDO> selectList(Collection<Long> ids, Collection<Integer> statuses) { default List<PostDO> selectList(Collection<Long> ids, Collection<Integer> statuses) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/dept/UserPostMapper.java

@ -4,12 +4,14 @@ import com.win.framework.mybatis.core.mapper.BaseMapperX;
import com.win.framework.mybatis.core.query.LambdaQueryWrapperX; import com.win.framework.mybatis.core.query.LambdaQueryWrapperX;
import com.win.module.system.dal.dataobject.dept.UserPostDO; import com.win.module.system.dal.dataobject.dept.UserPostDO;
import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface UserPostMapper extends BaseMapperX<UserPostDO> { public interface UserPostMapper extends BaseMapperX<UserPostDO> {
default List<UserPostDO> selectListByUserId(Long userId) { default List<UserPostDO> selectListByUserId(Long userId) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/MenuMapper.java

@ -4,11 +4,13 @@ import com.win.framework.mybatis.core.mapper.BaseMapperX;
import com.win.framework.mybatis.core.query.LambdaQueryWrapperX; import com.win.framework.mybatis.core.query.LambdaQueryWrapperX;
import com.win.module.system.controller.permission.vo.menu.MenuListReqVO; import com.win.module.system.controller.permission.vo.menu.MenuListReqVO;
import com.win.module.system.dal.dataobject.permission.MenuDO; import com.win.module.system.dal.dataobject.permission.MenuDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface MenuMapper extends BaseMapperX<MenuDO> { public interface MenuMapper extends BaseMapperX<MenuDO> {
default MenuDO selectByParentIdAndName(Long parentId, String name) { default MenuDO selectByParentIdAndName(Long parentId, String name) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/RoleMapper.java

@ -9,6 +9,7 @@ import com.win.framework.mybatis.core.util.QueryWrapperUtils;
import com.win.module.system.controller.permission.vo.role.RoleExportReqVO; import com.win.module.system.controller.permission.vo.role.RoleExportReqVO;
import com.win.module.system.controller.permission.vo.role.RolePageReqVO; import com.win.module.system.controller.permission.vo.role.RolePageReqVO;
import com.win.module.system.dal.dataobject.permission.RoleDO; import com.win.module.system.dal.dataobject.permission.RoleDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
@ -16,6 +17,7 @@ import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface RoleMapper extends BaseMapperX<RoleDO> { public interface RoleMapper extends BaseMapperX<RoleDO> {
default PageResult<RoleDO> selectPage(RolePageReqVO reqVO) { default PageResult<RoleDO> selectPage(RolePageReqVO reqVO) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/RoleMenuMapper.java

@ -3,12 +3,14 @@ package com.win.module.system.dal.mysql.permission;
import com.win.framework.mybatis.core.mapper.BaseMapperX; import com.win.framework.mybatis.core.mapper.BaseMapperX;
import com.win.module.system.dal.dataobject.permission.RoleMenuDO; import com.win.module.system.dal.dataobject.permission.RoleMenuDO;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface RoleMenuMapper extends BaseMapperX<RoleMenuDO> { public interface RoleMenuMapper extends BaseMapperX<RoleMenuDO> {
default List<RoleMenuDO> selectListByRoleId(Long roleId) { default List<RoleMenuDO> selectListByRoleId(Long roleId) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/permission/UserRoleMapper.java

@ -3,12 +3,14 @@ package com.win.module.system.dal.mysql.permission;
import com.win.framework.mybatis.core.mapper.BaseMapperX; import com.win.framework.mybatis.core.mapper.BaseMapperX;
import com.win.module.system.dal.dataobject.permission.UserRoleDO; import com.win.module.system.dal.dataobject.permission.UserRoleDO;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface UserRoleMapper extends BaseMapperX<UserRoleDO> { public interface UserRoleMapper extends BaseMapperX<UserRoleDO> {
default List<UserRoleDO> selectListByUserId(Long userId) { default List<UserRoleDO> selectListByUserId(Long userId) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/tenant/TenantMapper.java

@ -6,6 +6,7 @@ import com.win.framework.mybatis.core.query.LambdaQueryWrapperX;
import com.win.module.system.controller.tenant.vo.tenant.TenantExportReqVO; import com.win.module.system.controller.tenant.vo.tenant.TenantExportReqVO;
import com.win.module.system.controller.tenant.vo.tenant.TenantPageReqVO; import com.win.module.system.controller.tenant.vo.tenant.TenantPageReqVO;
import com.win.module.system.dal.dataobject.tenant.TenantDO; import com.win.module.system.dal.dataobject.tenant.TenantDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.List; import java.util.List;
@ -16,6 +17,7 @@ import java.util.List;
* @author 闻荫源码 * @author 闻荫源码
*/ */
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface TenantMapper extends BaseMapperX<TenantDO> { public interface TenantMapper extends BaseMapperX<TenantDO> {
default PageResult<TenantDO> selectPage(TenantPageReqVO reqVO) { default PageResult<TenantDO> selectPage(TenantPageReqVO reqVO) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/tenant/TenantPackageMapper.java

@ -5,6 +5,7 @@ import com.win.framework.mybatis.core.mapper.BaseMapperX;
import com.win.framework.mybatis.core.query.LambdaQueryWrapperX; import com.win.framework.mybatis.core.query.LambdaQueryWrapperX;
import com.win.module.system.controller.tenant.vo.packages.TenantPackagePageReqVO; import com.win.module.system.controller.tenant.vo.packages.TenantPackagePageReqVO;
import com.win.module.system.dal.dataobject.tenant.TenantPackageDO; import com.win.module.system.dal.dataobject.tenant.TenantPackageDO;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.List; import java.util.List;
@ -15,6 +16,7 @@ import java.util.List;
* @author 闻荫源码 * @author 闻荫源码
*/ */
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface TenantPackageMapper extends BaseMapperX<TenantPackageDO> { public interface TenantPackageMapper extends BaseMapperX<TenantPackageDO> {
default PageResult<TenantPackageDO> selectPage(TenantPackagePageReqVO reqVO) { default PageResult<TenantPackageDO> selectPage(TenantPackagePageReqVO reqVO) {

2
win-module-system/win-module-system-biz/src/main/java/com/win/module/system/dal/mysql/user/AdminUserMapper.java

@ -7,12 +7,14 @@ import com.win.module.system.controller.user.vo.user.UserExportReqVO;
import com.win.module.system.controller.user.vo.user.UserPageReqVO; import com.win.module.system.controller.user.vo.user.UserPageReqVO;
import com.win.module.system.dal.dataobject.user.AdminUserDO; import com.win.module.system.dal.dataobject.user.AdminUserDO;
import com.win.module.system.dal.dataobject.user.AdminUserDOExpand; import com.win.module.system.dal.dataobject.user.AdminUserDOExpand;
import org.apache.ibatis.annotations.CacheNamespace;
import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Mapper;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
@Mapper @Mapper
@CacheNamespace(flushInterval = 60000, size = 4096)
public interface AdminUserMapper extends BaseMapperX<AdminUserDO> { public interface AdminUserMapper extends BaseMapperX<AdminUserDO> {
default AdminUserDO selectByUsername(String username) { default AdminUserDO selectByUsername(String username) {

Loading…
Cancel
Save