From ed603745365d9a5019e3b631d207e5f0fd0a368e Mon Sep 17 00:00:00 2001
From: dushitaoyuan <dushitaoyuan>
Date: Wed, 23 Dec 2020 17:48:40 +0800
Subject: [PATCH] fix sql bug

---
 Readme.md                                     |  3 +-
 pom.xml                                       | 49 +------------------
 profiles/dev/application-dev.properties       |  5 --
 profiles/prod/application-prod.properties     |  2 -
 profiles/test/application-test.properties     |  2 -
 .../utils/RequestParamFilterUtil.java         |  2 +-
 src/main/resources/application.properties     |  6 ++-
 .../taoyuanx/securitydemo/BoomFilterTest.java | 14 +-----
 .../com/taoyuanx/securitydemo/EsapiTest.java  |  2 -
 9 files changed, 10 insertions(+), 75 deletions(-)
 delete mode 100644 profiles/dev/application-dev.properties
 delete mode 100644 profiles/prod/application-prod.properties
 delete mode 100644 profiles/test/application-test.properties

diff --git a/Readme.md b/Readme.md
index ca82d6d..5a51773 100644
--- a/Readme.md
+++ b/Readme.md
@@ -55,7 +55,6 @@
 
 
 
-## esapi 介绍
-
+## 安全控制库 esapi
 此jar包为一个比较全面的安全库,控制较为全面,业务较为复杂的可自行扩展  
 基本使用例子:com.taoyuanx.securitydemo.EsapiTest  
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 2157989..2606498 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-aop</artifactId>
         </dependency>
-        <!--      boot 官方推荐模板引擎-->
         <dependency>
               <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
@@ -64,11 +63,7 @@
             <artifactId>commons-codec</artifactId>
             <version>1.10</version>
         </dependency>
-<!--<dependency>
-    <groupId>org.bouncycastle</groupId>
-    <artifactId>bcprov-jdk15on</artifactId>
-    <version>1.64</version>
-</dependency>-->
+
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -97,48 +92,8 @@
             <version>2.2.0.0</version>
         </dependency>
     </dependencies>
-     <profiles>
-        <!--
-        dev 开发环境
-        test 测试环境
-        prod 生产环境
-        -->
-         <profile>
-          <id>dev</id>
-          <activation>
-            <activeByDefault>true</activeByDefault>
-          </activation>
-          <properties>
-            <profiles.active>dev</profiles.active>
-          </properties>
-
-        </profile>
-
-        <profile>
-          <id>test</id>
-          <properties>
-            <profiles.active>test</profiles.active>
-          </properties>
-        </profile>
-
-        <profile>
-          <id>prod</id>
-          <properties>
-            <profiles.active>prod</profiles.active>
-          </properties>
-        </profile>
-      </profiles>
     <build>
-    <finalName>${project.artifactId}-${project.version}-${profiles.active}</finalName>
-    <resources>
-      <resource>
-        <directory>src/main/resources</directory>
-          <filtering>true</filtering>
-      </resource>
-      <resource>
-        <directory>${project.basedir}/profiles/${profiles.active}</directory>
-      </resource>
-    </resources>
+    <finalName>${project.artifactId}-${project.version}</finalName>
         <plugins>
               <plugin>
                   <groupId>org.springframework.boot</groupId>
diff --git a/profiles/dev/application-dev.properties b/profiles/dev/application-dev.properties
deleted file mode 100644
index e84d003..0000000
--- a/profiles/dev/application-dev.properties
+++ /dev/null
@@ -1,5 +0,0 @@
-server.port=9999
-
-
-logging.path=d://logs
-
diff --git a/profiles/prod/application-prod.properties b/profiles/prod/application-prod.properties
deleted file mode 100644
index 92fa7a8..0000000
--- a/profiles/prod/application-prod.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs
\ No newline at end of file
diff --git a/profiles/test/application-test.properties b/profiles/test/application-test.properties
deleted file mode 100644
index 92fa7a8..0000000
--- a/profiles/test/application-test.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs
\ No newline at end of file
diff --git a/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java b/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java
index f94c418..a74d4e4 100644
--- a/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java
+++ b/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java
@@ -46,7 +46,7 @@ public class RequestParamFilterUtil {
     /**
      * sql注入风险检测
      */
-    private static List<String> SQL_KEY_WORDS = Splitter.on(",").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
+    private static List<String> SQL_KEY_WORDS = Splitter.on("|").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
     public static boolean isSqlInject(String... params) {
         if (null == params) {
             return false;
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index b4c82fa..7bec918 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,4 +1,7 @@
-spring.profiles.active=@profiles.active@
+server.port=9999
+
+logging.path=d://logs
+
 
 spring.redis.database=0
 spring.redis.host=172.16.0.32
@@ -39,4 +42,3 @@ spring.thymeleaf.suffix=.html
 logging.level.org.springframework=INFO
 
 
-logging.path=./logs
diff --git a/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java b/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java
index 767ad19..7fd0a8e 100644
--- a/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java
+++ b/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java
@@ -42,7 +42,7 @@ public class BoomFilterTest {
                 count++;
             }
         }
-        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 2));
+        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 4));
 
     }
 
@@ -51,22 +51,12 @@ public class BoomFilterTest {
 
     @Test
     public void testEl() {
-        String el = "${m}";
+        String el = "#m";
         ExpressionParser parser = new SpelExpressionParser();
         EvaluationContext context = new StandardEvaluationContext();
         context.setVariable("m", "1234");
         Expression expression = parser.parseExpression(el);
-
-
         System.out.println(expression.getValue(context, String.class));
 
-        // 定义变量
-      /*  String name = "Tom";
-        EvaluationContext context = new StandardEvaluationContext();  // 表达式的上下文,
-        context.setVariable("myName", name);                        // 为了让表达式可以访问该对象, 先把对象放到上下文中
-        ExpressionParser parser = new SpelExpressionParser();
-        System.out.println( parser.parseExpression("#myName").getValue(context, String.class));;   // Tom , 使用变量
-
-*/
     }
 }
diff --git a/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java b/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java
index bd903d2..00da7b3 100644
--- a/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java
+++ b/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java
@@ -62,8 +62,6 @@ public class EsapiTest {
         System.out.println(ESAPI.validator().isValidInput(
                 "email", "12345", "Email",
                 200, false));
-
-
         System.out.println(ESAPI.validator().isValidInput(
                 "email", "192.168.10.1", "IPAddress",
                 200, false));