!197 SQL 注入验证工具类 代码修改写法

Merge pull request !197 from 叁金/3.0

mybatis-plus-boot-starter/src/main/java/com/baomidou/mybatisplus/autoconfigure/SpringBootVFS.java

@@ -16,6 +16,7 @@
 package com.baomidou.mybatisplus.autoconfigure;
 
 
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import org.apache.ibatis.io.VFS;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
@@ -49,7 +50,7 @@ public class SpringBootVFS extends VFS {
     private static String preserveSubpackageName(final String baseUrlString, final Resource resource,
                                                  final String rootPath) {
         try {
-            return rootPath + (rootPath.endsWith("/") ? "" : "/")
+            return rootPath + (rootPath.endsWith(StringPool.SLASH) ? StringPool.EMPTY : StringPool.SLASH)
                 + resource.getURL().toString().substring(baseUrlString.length());
         } catch (IOException e) {
             throw new UncheckedIOException(e);
@@ -59,7 +60,7 @@ public class SpringBootVFS extends VFS {
     @Override
     protected List<String> list(URL url, String path) throws IOException {
         String urlString = url.toString();
-        String baseUrlString = urlString.endsWith("/") ? urlString : urlString.concat("/");
+        String baseUrlString = urlString.endsWith(StringPool.SLASH) ? urlString : urlString.concat(StringPool.SLASH);
         Resource[] resources = resourceResolver.getResources(baseUrlString + "**/*.class");
         return Stream.of(resources).map(resource -> preserveSubpackageName(baseUrlString, resource, path))
             .collect(Collectors.toList());

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/MybatisConfiguration.java

@@ -19,6 +19,7 @@ import com.baomidou.mybatisplus.core.mapper.Mapper;
 import com.baomidou.mybatisplus.core.metadata.TableInfoHelper;
 import com.baomidou.mybatisplus.core.toolkit.GlobalConfigUtils;
 import com.baomidou.mybatisplus.core.toolkit.ReflectionKit;
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import lombok.Getter;
 import lombok.Setter;
 import org.apache.ibatis.binding.MapperRegistry;
@@ -156,7 +157,7 @@ public class MybatisConfiguration extends Configuration {
             mapperRegistryCache.remove(mapperType);
 
             // 清空 Mapper 方法 mappedStatement 缓存信息
-            final String typeKey = type.getName() + ".";
+            final String typeKey = type.getName() + StringPool.DOT;
             Set<String> mapperSet = mappedStatements.entrySet().stream().filter(t -> t.getKey().startsWith(typeKey))
                 .map(t -> t.getKey()).collect(Collectors.toSet());
             if (null != mapperSet && !mapperSet.isEmpty()) {
@@ -422,10 +423,10 @@ public class MybatisConfiguration extends Configuration {
         public V put(String key, V value) {
             if (containsKey(key)) {
                 throw new IllegalArgumentException(name + " already contains value for " + key
-                    + (conflictMessageProducer == null ? "" : conflictMessageProducer.apply(super.get(key), value)));
+                    + (conflictMessageProducer == null ? StringPool.EMPTY : conflictMessageProducer.apply(super.get(key), value)));
             }
             if (useGeneratedShortKey) {
-                if (key.contains(".")) {
+                if (key.contains(StringPool.DOT)) {
                     final String shortKey = getShortName(key);
                     if (super.get(shortKey) == null) {
                         super.put(shortKey, value);

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/MybatisMapperAnnotationBuilder.java

@@ -18,6 +18,7 @@ package com.baomidou.mybatisplus.core;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.plugins.InterceptorIgnoreHelper;
 import com.baomidou.mybatisplus.core.toolkit.GlobalConfigUtils;
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import lombok.Getter;
 import org.apache.ibatis.annotations.*;
 import org.apache.ibatis.annotations.ResultMap;
@@ -80,7 +81,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
 
     public MybatisMapperAnnotationBuilder(Configuration configuration, Class<?> type) {
         super(configuration, type);
-        String resource = type.getName().replace('.', '/') + ".java (best guess)";
+        String resource = type.getName().replace(StringPool.DOT, StringPool.SLASH) + ".java (best guess)";
         this.assistant = new MapperBuilderAssistant(configuration, resource);
         this.configuration = configuration;
         this.type = type;
@@ -156,9 +157,9 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
         // to prevent loading again a resource twice
         // this flag is set at XMLMapperBuilder#bindMapperForNamespace
         if (!configuration.isResourceLoaded("namespace:" + type.getName())) {
-            String xmlResource = type.getName().replace('.', '/') + ".xml";
+            String xmlResource = type.getName().replace(StringPool.DOT, StringPool.SLASH) + ".xml";
             // #1347
-            InputStream inputStream = type.getResourceAsStream("/" + xmlResource);
+            InputStream inputStream = type.getResourceAsStream(StringPool.SLASH + xmlResource);
             if (inputStream == null) {
                 // Search XML mapper that is not in the module but in the classpath.
                 try {
@@ -229,17 +230,17 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
     private String generateResultMapName(Method method) {
         Results results = method.getAnnotation(Results.class);
         if (results != null && !results.id().isEmpty()) {
-            return type.getName() + "." + results.id();
+            return type.getName() + StringPool.DOT + results.id();
         }
         StringBuilder suffix = new StringBuilder();
         for (Class<?> c : method.getParameterTypes()) {
-            suffix.append("-");
+            suffix.append(StringPool.DASH);
             suffix.append(c.getSimpleName());
         }
         if (suffix.length() < 1) {
             suffix.append("-void");
         }
-        return type.getName() + "." + method.getName() + suffix;
+        return type.getName() + StringPool.DOT + method.getName() + suffix;
     }
 
     private void applyResultMap(String resultMapId, Class<?> returnType, Arg[] args, Result[] results, TypeDiscriminator discriminator) {
@@ -255,7 +256,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
     private void createDiscriminatorResultMaps(String resultMapId, Class<?> resultType, TypeDiscriminator discriminator) {
         if (discriminator != null) {
             for (Case c : discriminator.cases()) {
-                String caseResultMapId = resultMapId + "-" + c.value();
+                String caseResultMapId = resultMapId + StringPool.DASH + c.value();
                 List<ResultMapping> resultMappings = new ArrayList<>();
                 // issue #136
                 applyConstructorArgs(c.constructArgs(), resultType, resultMappings);
@@ -278,7 +279,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
             Map<String, String> discriminatorMap = new HashMap<>();
             for (Case c : cases) {
                 String value = c.value();
-                String caseResultMapId = resultMapId + "-" + value;
+                String caseResultMapId = resultMapId + StringPool.DASH + value;
                 discriminatorMap.put(value, caseResultMapId);
             }
             return assistant.buildDiscriminator(resultType, column, javaType, jdbcType, typeHandler, discriminatorMap);
@@ -294,7 +295,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
             final SqlSource sqlSource = buildSqlSource(statementAnnotation.getAnnotation(), parameterTypeClass, languageDriver, method);
             final SqlCommandType sqlCommandType = statementAnnotation.getSqlCommandType();
             final Options options = getAnnotationWrapper(method, false, Options.class).map(x -> (Options) x.getAnnotation()).orElse(null);
-            final String mappedStatementId = type.getName() + "." + method.getName();
+            final String mappedStatementId = type.getName() + StringPool.DOT + method.getName();
 
             final KeyGenerator keyGenerator;
             String keyProperty = null;
@@ -342,7 +343,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
             if (isSelect) {
                 ResultMap resultMapAnnotation = method.getAnnotation(ResultMap.class);
                 if (resultMapAnnotation != null) {
-                    resultMapId = String.join(",", resultMapAnnotation.value());
+                    resultMapId = String.join(StringPool.COMMA, resultMapAnnotation.value());
                 } else {
                     resultMapId = generateResultMapName(method);
                 }
@@ -510,8 +511,8 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
         if (resultMapId.length() < 1) {
             resultMapId = result.many().resultMap();
         }
-        if (!resultMapId.contains(".")) {
-            resultMapId = type.getName() + "." + resultMapId;
+        if (!resultMapId.contains(StringPool.DOT)) {
+            resultMapId = type.getName() + StringPool.DOT + resultMapId;
         }
         return resultMapId;
     }
@@ -528,8 +529,8 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
         if (nestedSelect.length() < 1) {
             nestedSelect = result.many().select();
         }
-        if (!nestedSelect.contains(".")) {
-            nestedSelect = type.getName() + "." + nestedSelect;
+        if (!nestedSelect.contains(StringPool.DOT)) {
+            nestedSelect = type.getName() + StringPool.DOT + nestedSelect;
         }
         return nestedSelect;
     }
@@ -653,14 +654,14 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
             .collect(Collectors.toMap(AnnotationWrapper::getDatabaseId, x -> x, (existing, duplicate) -> {
                 throw new BuilderException(String.format("Detected conflicting annotations '%s' and '%s' on '%s'.",
                     existing.getAnnotation(), duplicate.getAnnotation(),
-                    method.getDeclaringClass().getName() + "." + method.getName()));
+                    method.getDeclaringClass().getName() + StringPool.DOT + method.getName()));
             }));
         AnnotationWrapper annotationWrapper = null;
         if (databaseId != null) {
             annotationWrapper = statementAnnotations.get(databaseId);
         }
         if (annotationWrapper == null) {
-            annotationWrapper = statementAnnotations.get("");
+            annotationWrapper = statementAnnotations.get(StringPool.EMPTY);
         }
         if (errorIfNoMatch && annotationWrapper == null && !statementAnnotations.isEmpty()) {
             // Annotations exist, but there is no matching one for the specified databaseId
@@ -711,7 +712,7 @@ public class MybatisMapperAnnotationBuilder extends MapperAnnotationBuilder {
                 } else if (annotation instanceof SelectKey) {
                     databaseId = ((SelectKey) annotation).databaseId();
                 } else {
-                    databaseId = "";
+                    databaseId = StringPool.EMPTY;
                 }
             }
         }

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/MybatisXMLConfigBuilder.java

@@ -15,6 +15,7 @@
  */
 package com.baomidou.mybatisplus.core;
 
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import org.apache.ibatis.builder.BaseBuilder;
 import org.apache.ibatis.builder.BuilderException;
 import org.apache.ibatis.builder.xml.XMLConfigBuilder;
@@ -142,7 +143,7 @@ public class MybatisXMLConfigBuilder extends BaseBuilder {
     private void loadCustomVfs(Properties props) throws ClassNotFoundException {
         String value = props.getProperty("vfsImpl");
         if (value != null) {
-            String[] clazzes = value.split(",");
+            String[] clazzes = value.split(StringPool.COMMA);
             for (String clazz : clazzes) {
                 if (!clazz.isEmpty()) {
                     @SuppressWarnings("unchecked")

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/plugins/InterceptorIgnoreHelper.java

@@ -147,10 +147,10 @@ public abstract class InterceptorIgnoreHelper {
         if (StringUtils.isBlank(value)) {
             return null;
         }
-        if ("1".equals(value) || "true".equals(value) || "on".equals(value)) {
+        if (StringPool.ONE.equals(value) || StringPool.TRUE.equals(value) || StringPool.ON.equals(value)) {
             return true;
         }
-        if ("0".equals(value) || "false".equals(value) || "off".equals(value)) {
+        if (StringPool.ZERO.equals(value) || StringPool.FALSE.equals(value) || StringPool.OFF.equals(value)) {
             return false;
         }
         throw ExceptionUtils.mpe("unsupported value \"%s\" by `@InterceptorIgnore#%s` on top of \"%s\"", value, node, name);

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/ClassUtils.java

@@ -43,8 +43,6 @@ public final class ClassUtils {
         }
     }
 
-    private static final char PACKAGE_SEPARATOR = '.';
-
     /**
      * 代理 class 的名称
      */
@@ -210,8 +208,8 @@ public final class ClassUtils {
      */
     public static String getPackageName(String fqClassName) {
         Assert.notNull(fqClassName, "Class name must not be null");
-        int lastDotIndex = fqClassName.lastIndexOf(PACKAGE_SEPARATOR);
-        return (lastDotIndex != -1 ? fqClassName.substring(0, lastDotIndex) : "");
+        int lastDotIndex = fqClassName.lastIndexOf(StringPool.DOT);
+        return (lastDotIndex != -1 ? fqClassName.substring(0, lastDotIndex) : StringPool.EMPTY);
     }
 
     /**

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/ObjectUtils.java

@@ -17,6 +17,7 @@ package com.baomidou.mybatisplus.core.toolkit;
 
 import java.lang.reflect.Array;
 import java.util.Collection;
+import java.util.Iterator;
 import java.util.Map;
 
 /**
@@ -73,6 +74,12 @@ public class ObjectUtils {
         if (obj instanceof Map) {
             return ((Map<?, ?>) obj).isEmpty();
         }
+        if (obj instanceof Iterable) {
+            return !((Iterable<?>) obj).iterator().hasNext();
+        }
+        if (obj instanceof Iterator) {
+            return !((Iterator<?>) obj).hasNext();
+        }
         // else
         return false;
     }

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/StringUtils.java

@@ -34,10 +34,6 @@ import static java.util.stream.Collectors.joining;
  */
 public final class StringUtils {
 
-    /**
-     * 空字符
-     */
-    public static final String EMPTY = StringPool.EMPTY;
     /**
      * 字符串 is
      */
@@ -154,7 +150,7 @@ public final class StringUtils {
      */
     public static String camelToUnderline(String param) {
         if (isBlank(param)) {
-            return EMPTY;
+            return StringPool.EMPTY;
         }
         int len = param.length();
         StringBuilder sb = new StringBuilder(len);
@@ -176,7 +172,7 @@ public final class StringUtils {
      */
     public static String underlineToCamel(String param) {
         if (isBlank(param)) {
-            return EMPTY;
+            return StringPool.EMPTY;
         }
         String temp = param.toLowerCase();
         int len = temp.length();
@@ -202,7 +198,7 @@ public final class StringUtils {
      */
     public static String firstToLowerCase(String param) {
         if (isBlank(param)) {
-            return EMPTY;
+            return StringPool.EMPTY;
         }
         return param.substring(0, 1).toLowerCase() + param.substring(1);
     }
@@ -313,7 +309,7 @@ public final class StringUtils {
      */
     public static String concatCapitalize(String concatStr, final String str) {
         if (isBlank(concatStr)) {
-            concatStr = EMPTY;
+            concatStr = StringPool.EMPTY;
         }
         if (str == null || str.length() == 0) {
             return str;
@@ -500,10 +496,10 @@ public final class StringUtils {
             if (lastOneIsNotUnderscore && (isUpperCaseAndPreviousIsLowerCase || previousIsWhitespace)) {
                 buf.append(StringPool.UNDERSCORE);
             } else if ((Character.isDigit(previousChar) && Character.isLetter(c))) {
-                buf.append('_');
+                buf.append(UNDERLINE);
             }
             if ((shouldReplace(c)) && (lastOneIsNotUnderscore)) {
-                buf.append('_');
+                buf.append(UNDERLINE);
             } else if (!Character.isWhitespace(c) && (isNotUnderscore || lastOneIsNotUnderscore)) {
                 buf.append(Character.toUpperCase(c));
             }
@@ -529,9 +525,9 @@ public final class StringUtils {
                 buf.append(StringPool.DASH);
             }
             if ('_' == c) {
-                buf.append('-');
+                buf.append(StringPool.DASH);
             } else if ('.' == c) {
-                buf.append('-');
+                buf.append(StringPool.DASH);
             } else if (!Character.isWhitespace(c)) {
                 buf.append(Character.toLowerCase(c));
             }

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/TableNameParser.java

@@ -31,15 +31,13 @@ import java.util.regex.Pattern;
  * @since 2019-04-22
  */
 public final class TableNameParser {
-    private static final String TOKEN_GROUP_START = "(";
-    private static final String TOKEN_COMMA = ",";
+
     private static final String TOKEN_SET = "set";
     private static final String TOKEN_OF = "of";
     private static final String TOKEN_DUAL = "dual";
     private static final String TOKEN_DELETE = "delete";
     private static final String TOKEN_CREATE = "create";
     private static final String TOKEN_INDEX = "index";
-    private static final String TOKEN_ALL = "*";
 
     private static final String KEYWORD_JOIN = "join";
     private static final String KEYWORD_INTO = "into";
@@ -50,7 +48,7 @@ public final class TableNameParser {
     private static final String KEYWORD_DUPLICATE = "duplicate";
 
     private static final List<String> concerned = Arrays.asList(KEYWORD_TABLE, KEYWORD_INTO, KEYWORD_JOIN, KEYWORD_USING, KEYWORD_UPDATE);
-    private static final List<String> ignored = Arrays.asList(TOKEN_GROUP_START, TOKEN_SET, TOKEN_OF, TOKEN_DUAL);
+    private static final List<String> ignored = Arrays.asList(StringPool.LEFT_BRACKET, TOKEN_SET, TOKEN_OF, TOKEN_DUAL);
 
     /**
      * 该表达式会匹配 SQL 中不是 SQL TOKEN 的部分，比如换行符，注释信息，结尾的 {@code ;} 等。
@@ -154,7 +152,7 @@ public final class TableNameParser {
         if (TOKEN_DELETE.equalsIgnoreCase(current)) {
             if (hasMoreTokens(tokens, index++)) {
                 String next = tokens.get(index).getValue();
-                return !KEYWORD_FROM.equalsIgnoreCase(next) && !TOKEN_ALL.equals(next);
+                return !KEYWORD_FROM.equalsIgnoreCase(next) && !StringPool.ASTERISK.equals(next);
             }
         }
         return false;
@@ -214,7 +212,7 @@ public final class TableNameParser {
     }
 
     private static void processNonAliasedMultiTables(List<SqlToken> tokens, int index, String nextToken, TableNameVisitor visitor) {
-        while (nextToken.equals(TOKEN_COMMA)) {
+        while (nextToken.equals(StringPool.COMMA)) {
             visitNameToken(tokens.get(index++), visitor);
             if (hasMoreTokens(tokens, index)) {
                 nextToken = tokens.get(index++).getValue();
@@ -231,7 +229,7 @@ public final class TableNameParser {
         }
 
         if (shouldProcessMultipleTables(nextNextToken)) {
-            while (hasMoreTokens(tokens, index) && nextNextToken.equals(TOKEN_COMMA)) {
+            while (hasMoreTokens(tokens, index) && nextNextToken.equals(StringPool.COMMA)) {
                 if (hasMoreTokens(tokens, index)) {
                     current = tokens.get(index++);
                 }
@@ -247,7 +245,7 @@ public final class TableNameParser {
     }
 
     private static boolean shouldProcessMultipleTables(final String nextToken) {
-        return nextToken != null && nextToken.equals(TOKEN_COMMA);
+        return nextToken != null && nextToken.equals(StringPool.COMMA);
     }
 
     private static boolean hasMoreTokens(List<SqlToken> tokens, int index) {

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtils.java

@@ -25,11 +25,15 @@ import java.util.regex.Pattern;
  * @since 2021-08-15
  */
 public class SqlInjectionUtils {
-    // SQL语法检查正则：符合两个关键字（有先后顺序）才算匹配
-    private static final Pattern sqlSyntaxPattern = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)" +
+    /**
+     * SQL语法检查正则：符合两个关键字（有先后顺序）才算匹配
+     */
+    private static final Pattern SQL_SYNTAX_PATTERN = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)" +
         ".+(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)", Pattern.CASE_INSENSITIVE);
-    // 使用'、;或注释截断SQL检查正则
-    private static final Pattern sqlCommentPattern = Pattern.compile("'.*(or|union|--|#|/*|;)", Pattern.CASE_INSENSITIVE);
+    /**
+     * 使用'、;或注释截断SQL检查正则
+     */
+    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("'.*(or|union|--|#|/*|;)", Pattern.CASE_INSENSITIVE);
 
     /**
      * 检查参数是否存在 SQL 注入
@@ -39,14 +43,7 @@ public class SqlInjectionUtils {
      */
     public static boolean check(String value) {
         Objects.requireNonNull(value);
-        // 处理是否包含SQL注释字符
-        if (sqlCommentPattern.matcher(value).find()) {
-            return true;
-        }
-        // 检查是否包含SQL注入敏感字符
-        if (sqlSyntaxPattern.matcher(value).find()) {
-            return true;
-        }
-        return false;
+        // 处理是否包含SQL注释字符 || 检查是否包含SQL注入敏感字符
+        return SQL_COMMENT_PATTERN.matcher(value).find() || SQL_SYNTAX_PATTERN.matcher(value).find();
     }
 }

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/support/ReflectLambdaMeta.java

@@ -3,6 +3,7 @@ package com.baomidou.mybatisplus.core.toolkit.support;
 import com.baomidou.mybatisplus.core.exceptions.MybatisPlusException;
 import com.baomidou.mybatisplus.core.toolkit.ClassUtils;
 import com.baomidou.mybatisplus.core.toolkit.ReflectionKit;
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import lombok.extern.slf4j.Slf4j;
 
 import java.lang.invoke.SerializedLambda;
@@ -42,7 +43,7 @@ public class ReflectLambdaMeta implements LambdaMeta {
     @Override
     public Class<?> getInstantiatedClass() {
         String instantiatedMethodType = lambda.getInstantiatedMethodType();
-        String instantiatedType = instantiatedMethodType.substring(2, instantiatedMethodType.indexOf(';')).replace('/', '.');
+        String instantiatedType = instantiatedMethodType.substring(2, instantiatedMethodType.indexOf(StringPool.SEMICOLON)).replace(StringPool.SLASH, StringPool.DOT);
         return ClassUtils.toClassConfident(instantiatedType, getCapturingClassClassLoader());
     }
 

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/support/ShadowLambdaMeta.java

@@ -1,6 +1,7 @@
 package com.baomidou.mybatisplus.core.toolkit.support;
 
 import com.baomidou.mybatisplus.core.toolkit.ClassUtils;
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 
 /**
  * 基于 {@link SerializedLambda} 创建的元信息
@@ -22,7 +23,7 @@ public class ShadowLambdaMeta implements LambdaMeta {
     @Override
     public Class<?> getInstantiatedClass() {
         String instantiatedMethodType = lambda.getInstantiatedMethodType();
-        String instantiatedType = instantiatedMethodType.substring(2, instantiatedMethodType.indexOf(';')).replace('/', '.');
+        String instantiatedType = instantiatedMethodType.substring(2, instantiatedMethodType.indexOf(StringPool.SEMICOLON)).replace(StringPool.SLASH, StringPool.DOT);
         return ClassUtils.toClassConfident(instantiatedType, lambda.getCapturingClass().getClassLoader());
     }
 

mybatis-plus-extension/src/main/java/com/baomidou/mybatisplus/extension/plugins/inner/BlockAttackInnerInterceptor.java

@@ -20,6 +20,7 @@ import com.baomidou.mybatisplus.core.metadata.TableInfoHelper;
 import com.baomidou.mybatisplus.core.plugins.InterceptorIgnoreHelper;
 import com.baomidou.mybatisplus.core.toolkit.Assert;
 import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
+import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.extension.parser.JsqlParserSupport;
 import net.sf.jsqlparser.expression.BinaryExpression;
@@ -127,12 +128,12 @@ public class BlockAttackInnerInterceptor extends JsqlParserSupport implements In
      */
     private String getTableLogicField(String tableName) {
         if (StringUtils.isBlank(tableName)) {
-            return StringUtils.EMPTY;
+            return StringPool.EMPTY;
         }
 
         TableInfo tableInfo = TableInfoHelper.getTableInfo(tableName);
         if (tableInfo == null || !tableInfo.isWithLogicDelete() || tableInfo.getLogicDeleteFieldInfo() == null) {
-            return StringUtils.EMPTY;
+            return StringPool.EMPTY;
         }
         return tableInfo.getLogicDeleteFieldInfo().getColumn();
     }