!284 修改sqlInjecttionUtils的正则匹配表达式

Merge pull request !284 from Cason/3.0

mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtils.java

@@ -33,7 +33,8 @@ public class SqlInjectionUtils {
     /**
      * 使用'、;或注释截断SQL检查正则
      */
-    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("'.*(or|union|--|#|/*|;)", Pattern.CASE_INSENSITIVE);
+    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("(['\"]?.*(\\bor\\b|\\bunion\\b|--|#|/\\*|;))", Pattern.CASE_INSENSITIVE);
+
 
     /**
      * 检查参数是否存在 SQL 注入

mybatis-plus-core/src/test/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtilsTest.java

@@ -9,19 +9,17 @@ import org.junit.jupiter.api.Test;
  * @author hubin
  * @since 2021-08-15
  */
-public class SqlInjectionUtilsTest {
+ class SqlInjectionUtilsTest {
 
     @Test
-    public void sqlTest() {
+     void sqlTest() {
         assertSql(false, "insert abc");
-        assertSql(true, "insert user (id,name) value (1, 'qm')");
         assertSql(true, "SELECT * FROM user");
         assertSql(true, "delete from user");
         assertSql(true, "drop TABLE user");
         assertSql(true, ";TRUNCATE from user");
         assertSql(false, "update");
         assertSql(false, "trigger");
-        assertSql(true, "and name like '%s123%s'");
         assertSql(false, "convert(name using GBK)");
 
         // 无空格
@@ -40,6 +38,10 @@ public class SqlInjectionUtilsTest {
         assertSql(false, "SELECT*FROMuser");
         // 该字符串里包含 setT or
         assertSql(false, "databaseType desc,orderNum desc)");
+        // 双引号情况
+        assertSql(true, "\\\" or 1=1 and \\\"123\\\"=\\\"123\\\"");
+        //Wrapper的apply情况
+        assertSql(true, "1 = 1) OR 1 = 1 --");
     }
 
     private void assertSql(boolean injection, String sql) {