2 年之前 · f697750b07
--- a/mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtils.java
+++ b/mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtils.java
@@ -29,11 +29,11 @@ public class SqlInjectionUtils {
 
				      * SQL语法检查正则：符合两个关键字（有先后顺序）才算匹配
			
 
				      */
			
 
				     private static final Pattern SQL_SYNTAX_PATTERN = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)" +
			
 
				-        "\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)", Pattern.CASE_INSENSITIVE);
			
 
				+        "\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)|(and|or)\\s+.*(like|=|>|<|in|between|is|not|exists)", Pattern.CASE_INSENSITIVE);
			
 
				     /**
			
 
				      * 使用'、;或注释截断SQL检查正则
			
 
				      */
			
 
				-    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("(['\"]?.*(\\bor\\b|\\bunion\\b|--|#|/\\*|;))", Pattern.CASE_INSENSITIVE);
			
 
				+    private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("'.*(or|union|--|#|/\\*|;)", Pattern.CASE_INSENSITIVE);
			
 
				 
			
 
				 
			
 
				     /**
			
--- a/mybatis-plus-core/src/test/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtilsTest.java
+++ b/mybatis-plus-core/src/test/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtilsTest.java
@@ -43,6 +43,18 @@ import org.junit.jupiter.api.Test;
 
				         assertSql(true, "\\\" or 1=1 and \\\"123\\\"=\\\"123\\\"");
			
 
				         //Wrapper的apply情况
			
 
				         assertSql(true, "1 = 1) OR 1 = 1 --");
			
 
				+
			
 
				+        // https://github.com/baomidou/mybatis-plus/pull/5438/files
			
 
				+        assertSql(false, "insert");
			
 
				+        assertSql(false, "union");
			
 
				+        assertSql(false, "or");
			
 
				+        assertSql(false, "delete");
			
 
				+        assertSql(false, "drop");
			
 
				+        assertSql(true, "AND age not in (1,2,3)");
			
 
				+        assertSql(true, "and age <> 1");
			
 
				+        assertSql(false,"ORDER BY field(status,'SUCCESS','FAILED','CLOSED')");
			
 
				+        assertSql(true,"ORDER BY id,'SUCCESS',''-- FAILED','CLOSED'");
			
 
				+        assertSql(true, "or 1 = 1");
			
 
				     }
			
 
				 
			
 
				     private void assertSql(boolean injection, String sql) {