fix sql bug

Readme.md

@@ -55,7 +55,6 @@
 
 
 
-## esapi 介绍
+## 安全控制库 esapi
-
 此jar包为一个比较全面的安全库,控制较为全面,业务较为复杂的可自行扩展  
 基本使用例子:com.taoyuanx.securitydemo.EsapiTest  

pom.xml

@@ -34,7 +34,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-aop</artifactId>
         </dependency>
-        <!--      boot 官方推荐模板引擎-->
         <dependency>
               <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
@@ -64,11 +63,7 @@
             <artifactId>commons-codec</artifactId>
             <version>1.10</version>
         </dependency>
-<!--<dependency>
+
-    <groupId>org.bouncycastle</groupId>
-    <artifactId>bcprov-jdk15on</artifactId>
-    <version>1.64</version>
-</dependency>-->
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -97,48 +92,8 @@
             <version>2.2.0.0</version>
         </dependency>
     </dependencies>
-     <profiles>
-        <!--
-        dev 开发环境
-        test 测试环境
-        prod 生产环境
-        -->
-         <profile>
-          <id>dev</id>
-          <activation>
-            <activeByDefault>true</activeByDefault>
-          </activation>
-          <properties>
-            <profiles.active>dev</profiles.active>
-          </properties>
-
-        </profile>
-
-        <profile>
-          <id>test</id>
-          <properties>
-            <profiles.active>test</profiles.active>
-          </properties>
-        </profile>
-
-        <profile>
-          <id>prod</id>
-          <properties>
-            <profiles.active>prod</profiles.active>
-          </properties>
-        </profile>
-      </profiles>
     <build>
-    <finalName>${project.artifactId}-${project.version}-${profiles.active}</finalName>
+    <finalName>${project.artifactId}-${project.version}</finalName>
-    <resources>
-      <resource>
-        <directory>src/main/resources</directory>
-          <filtering>true</filtering>
-      </resource>
-      <resource>
-        <directory>${project.basedir}/profiles/${profiles.active}</directory>
-      </resource>
-    </resources>
         <plugins>
               <plugin>
                   <groupId>org.springframework.boot</groupId>

profiles/dev/application-dev.properties

@@ -1,5 +0,0 @@
-server.port=9999
-
-
-logging.path=d://logs
-

profiles/prod/application-prod.properties

@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs

profiles/test/application-test.properties

@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs

src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java

@@ -46,7 +46,7 @@ public class RequestParamFilterUtil {
     /**
      * sql注入风险检测
      */
-    private static List<String> SQL_KEY_WORDS = Splitter.on(",").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
+    private static List<String> SQL_KEY_WORDS = Splitter.on("|").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
     public static boolean isSqlInject(String... params) {
         if (null == params) {
             return false;

src/main/resources/application.properties

@@ -1,4 +1,7 @@
-spring.profiles.active=@profiles.active@
+server.port=9999
+
+logging.path=d://logs
+
 
 spring.redis.database=0
 spring.redis.host=172.16.0.32
@@ -39,4 +42,3 @@ spring.thymeleaf.suffix=.html
 logging.level.org.springframework=INFO
 
 
-logging.path=./logs

src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java

@@ -42,7 +42,7 @@ public class BoomFilterTest {
                 count++;
             }
         }
-        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 2));
+        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 4));
 
     }
 
@@ -51,22 +51,12 @@ public class BoomFilterTest {
 
     @Test
     public void testEl() {
-        String el = "${m}";
+        String el = "#m";
         ExpressionParser parser = new SpelExpressionParser();
         EvaluationContext context = new StandardEvaluationContext();
         context.setVariable("m", "1234");
         Expression expression = parser.parseExpression(el);
-
-
         System.out.println(expression.getValue(context, String.class));
 
-        // 定义变量
-      /*  String name = "Tom";
-        EvaluationContext context = new StandardEvaluationContext();  // 表达式的上下文,
-        context.setVariable("myName", name);                        // 为了让表达式可以访问该对象, 先把对象放到上下文中
-        ExpressionParser parser = new SpelExpressionParser();
-        System.out.println( parser.parseExpression("#myName").getValue(context, String.class));;   // Tom , 使用变量
-
-*/
     }
 }

src/test/java/com/taoyuanx/securitydemo/EsapiTest.java

@@ -62,8 +62,6 @@ public class EsapiTest {
         System.out.println(ESAPI.validator().isValidInput(
                 "email", "12345", "Email",
                 200, false));
-
-
         System.out.println(ESAPI.validator().isValidInput(
                 "email", "192.168.10.1", "IPAddress",
                 200, false));