From 35fac6cc0cd8a1fb944d7696d6f51c0f64df9a35 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期二, 08 十一月 2022 18:47:19 +0800
Subject: [PATCH] update 优化 oss 上传下载 使用流直接操作 减少读取字节码的内存消耗

---
 ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java |   93 ++++++++++++++++++++++++++++------------------
 1 files changed, 57 insertions(+), 36 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
index b8aeaa1..7891496 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
@@ -1,36 +1,57 @@
-package com.ruoyi.common.utils.sql;
-
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * sql鎿嶄綔宸ュ叿绫�
- * 
- * @author ruoyi
- */
-public class SqlUtil
-{
-    /**
-     * 浠呮敮鎸佸瓧姣嶃�佹暟瀛椼�佷笅鍒掔嚎銆佺┖鏍笺�侀�楀彿锛堟敮鎸佸涓瓧娈垫帓搴忥級
-     */
-    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,]+";
-
-    /**
-     * 妫�鏌ュ瓧绗︼紝闃叉娉ㄥ叆缁曡繃
-     */
-    public static String escapeOrderBySql(String value)
-    {
-        if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value))
-        {
-            return StringUtils.EMPTY;
-        }
-        return value;
-    }
-
-    /**
-     * 楠岃瘉 order by 璇硶鏄惁绗﹀悎瑙勮寖
-     */
-    public static boolean isValidOrderBySql(String value)
-    {
-        return value.matches(SQL_PATTERN);
-    }
-}
+package com.ruoyi.common.utils.sql;
+
+import com.ruoyi.common.exception.UtilException;
+import com.ruoyi.common.utils.StringUtils;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+
+/**
+ * sql鎿嶄綔宸ュ叿绫�
+ *
+ * @author ruoyi
+ */
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public class SqlUtil {
+
+    /**
+     * 瀹氫箟甯哥敤鐨� sql鍏抽敭瀛�
+     */
+    public static final String SQL_REGEX = "select |insert |delete |update |drop |count |exec |chr |mid |master |truncate |char |and |declare ";
+
+    /**
+     * 浠呮敮鎸佸瓧姣嶃�佹暟瀛椼�佷笅鍒掔嚎銆佺┖鏍笺�侀�楀彿銆佸皬鏁扮偣锛堟敮鎸佸涓瓧娈垫帓搴忥級
+     */
+    public static final String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";
+
+    /**
+     * 妫�鏌ュ瓧绗︼紝闃叉娉ㄥ叆缁曡繃
+     */
+    public static String escapeOrderBySql(String value) {
+        if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) {
+            throw new UtilException("鍙傛暟涓嶇鍚堣鑼冿紝涓嶈兘杩涜鏌ヨ");
+        }
+        return value;
+    }
+
+    /**
+     * 楠岃瘉 order by 璇硶鏄惁绗﹀悎瑙勮寖
+     */
+    public static boolean isValidOrderBySql(String value) {
+        return value.matches(SQL_PATTERN);
+    }
+
+    /**
+     * SQL鍏抽敭瀛楁鏌�
+     */
+    public static void filterKeyword(String value) {
+        if (StringUtils.isEmpty(value)) {
+            return;
+        }
+        String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
+        for (String sqlKeyword : sqlKeywords) {
+            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) {
+                throw new UtilException("鍙傛暟瀛樺湪SQL娉ㄥ叆椋庨櫓");
+            }
+        }
+    }
+}

--
Gitblit v1.9.3