fix sql bug

2020-12-23 17:48:40 +08:00
parent 7dcffbc93e
commit ed60374536
9 changed files with 10 additions and 75 deletions
--- a/Readme.md
+++ b/Readme.md
@@ -55,7 +55,6 @@



-## esapi 介绍
-
+## 安全控制库 esapi
 此jar包为一个比较全面的安全库,控制较为全面,业务较为复杂的可自行扩展  
 基本使用例子:com.taoyuanx.securitydemo.EsapiTest  
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,6 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-aop</artifactId>
        </dependency>
-        <!--      boot 官方推荐模板引擎-->
        <dependency>
              <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
@@ -64,11 +63,7 @@
            <artifactId>commons-codec</artifactId>
            <version>1.10</version>
        </dependency>
-<!--<dependency>
-    <groupId>org.bouncycastle</groupId>
-    <artifactId>bcprov-jdk15on</artifactId>
-    <version>1.64</version>
-</dependency>-->
+
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
@@ -97,48 +92,8 @@
            <version>2.2.0.0</version>
        </dependency>
    </dependencies>
-     <profiles>
-        <!--
-        dev 开发环境
-        test 测试环境
-        prod 生产环境
-        -->
-         <profile>
-          <id>dev</id>
-          <activation>
-            <activeByDefault>true</activeByDefault>
-          </activation>
-          <properties>
-            <profiles.active>dev</profiles.active>
-          </properties>
-
-        </profile>
-
-        <profile>
-          <id>test</id>
-          <properties>
-            <profiles.active>test</profiles.active>
-          </properties>
-        </profile>
-
-        <profile>
-          <id>prod</id>
-          <properties>
-            <profiles.active>prod</profiles.active>
-          </properties>
-        </profile>
-      </profiles>
    <build>
-    <finalName>${project.artifactId}-${project.version}-${profiles.active}</finalName>
-    <resources>
-      <resource>
-        <directory>src/main/resources</directory>
-          <filtering>true</filtering>
-      </resource>
-      <resource>
-        <directory>${project.basedir}/profiles/${profiles.active}</directory>
-      </resource>
-    </resources>
+    <finalName>${project.artifactId}-${project.version}</finalName>
        <plugins>
              <plugin>
                  <groupId>org.springframework.boot</groupId>
--- a/profiles/dev/application-dev.properties
+++ b/profiles/dev/application-dev.properties
@@ -1,5 +0,0 @@
-server.port=9999
-
-
-logging.path=d://logs
-
--- a/profiles/prod/application-prod.properties
+++ b/profiles/prod/application-prod.properties
@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs
--- a/profiles/test/application-test.properties
+++ b/profiles/test/application-test.properties
@@ -1,2 +0,0 @@
-server.port=8080
-logging.path=./logs
--- a/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java
+++ b/src/main/java/com/taoyuanx/securitydemo/utils/RequestParamFilterUtil.java
@@ -46,7 +46,7 @@ public class RequestParamFilterUtil {
    /**
     * sql注入风险检测
     */
-    private static List<String> SQL_KEY_WORDS = Splitter.on(",").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
+    private static List<String> SQL_KEY_WORDS = Splitter.on("|").splitToList("'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,");
    public static boolean isSqlInject(String... params) {
        if (null == params) {
            return false;
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,4 +1,7 @@
-spring.profiles.active=@profiles.active@
+server.port=9999
+
+logging.path=d://logs
+

 spring.redis.database=0
 spring.redis.host=172.16.0.32
@@ -39,4 +42,3 @@ spring.thymeleaf.suffix=.html
 logging.level.org.springframework=INFO


-logging.path=./logs
--- a/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java
+++ b/src/test/java/com/taoyuanx/securitydemo/BoomFilterTest.java
@@ -42,7 +42,7 @@ public class BoomFilterTest {
                count++;
            }
        }
-        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 2));
+        System.out.println("失败次数:" + count + "错误率:" + PercentUtil.percent(Double.valueOf(count), Double.valueOf(max), 4));

    }

@@ -51,22 +51,12 @@ public class BoomFilterTest {

    @Test
    public void testEl() {
-        String el = "${m}";
+        String el = "#m";
        ExpressionParser parser = new SpelExpressionParser();
        EvaluationContext context = new StandardEvaluationContext();
        context.setVariable("m", "1234");
        Expression expression = parser.parseExpression(el);
-
-
        System.out.println(expression.getValue(context, String.class));

-        // 定义变量
-      /*  String name = "Tom";
-        EvaluationContext context = new StandardEvaluationContext();  // 表达式的上下文,
-        context.setVariable("myName", name);                        // 为了让表达式可以访问该对象, 先把对象放到上下文中
-        ExpressionParser parser = new SpelExpressionParser();
-        System.out.println( parser.parseExpression("#myName").getValue(context, String.class));;   // Tom , 使用变量
-
-*/
    }
 }
--- a/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java
+++ b/src/test/java/com/taoyuanx/securitydemo/EsapiTest.java
@@ -62,8 +62,6 @@ public class EsapiTest {
        System.out.println(ESAPI.validator().isValidInput(
                "email", "12345", "Email",
                200, false));
-
-
        System.out.println(ESAPI.validator().isValidInput(
                "email", "192.168.10.1", "IPAddress",
                200, false));