Commit c6771e8de06da7132117725d77749f9130c1ec3c
1 parent
6204c644
1.
Showing
2 changed files
with
24 additions
and
1 deletions
src/main/java/com/bsth/controller/realcontrol/AdminUtilsController.java
| @@ -6,6 +6,7 @@ import java.text.SimpleDateFormat; | @@ -6,6 +6,7 @@ import java.text.SimpleDateFormat; | ||
| 6 | import java.util.*; | 6 | import java.util.*; |
| 7 | 7 | ||
| 8 | import com.bsth.data.BasicData; | 8 | import com.bsth.data.BasicData; |
| 9 | +import com.bsth.filter.SQLInjectFilter; | ||
| 9 | import com.bsth.service.schedule.utils.SpringUtils; | 10 | import com.bsth.service.schedule.utils.SpringUtils; |
| 10 | import com.bsth.util.MailUtils; | 11 | import com.bsth.util.MailUtils; |
| 11 | import com.fasterxml.jackson.core.JsonProcessingException; | 12 | import com.fasterxml.jackson.core.JsonProcessingException; |
| @@ -306,4 +307,17 @@ public class AdminUtilsController { | @@ -306,4 +307,17 @@ public class AdminUtilsController { | ||
| 306 | 307 | ||
| 307 | return "error"; | 308 | return "error"; |
| 308 | } | 309 | } |
| 310 | + | ||
| 311 | + @RequestMapping("/setInjectStr") | ||
| 312 | + public String setInjectStr(@RequestParam String injectStr) { | ||
| 313 | + Map<String, Object> result = new HashMap<>(); | ||
| 314 | + try { | ||
| 315 | + SQLInjectFilter.setInjStr(injectStr); | ||
| 316 | + return "success"; | ||
| 317 | + } catch (Exception e) { | ||
| 318 | + e.printStackTrace(); | ||
| 319 | + } | ||
| 320 | + | ||
| 321 | + return "error"; | ||
| 322 | + } | ||
| 309 | } | 323 | } |
| 310 | \ No newline at end of file | 324 | \ No newline at end of file |
src/main/java/com/bsth/filter/SQLInjectFilter.java
| @@ -12,6 +12,8 @@ import java.util.Enumeration; | @@ -12,6 +12,8 @@ import java.util.Enumeration; | ||
| 12 | @Component | 12 | @Component |
| 13 | public class SQLInjectFilter extends BaseFilter{ | 13 | public class SQLInjectFilter extends BaseFilter{ |
| 14 | 14 | ||
| 15 | + private static String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|+"; | ||
| 16 | + | ||
| 15 | @Override | 17 | @Override |
| 16 | public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) | 18 | public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) |
| 17 | throws IOException, ServletException { | 19 | throws IOException, ServletException { |
| @@ -33,7 +35,6 @@ public class SQLInjectFilter extends BaseFilter{ | @@ -33,7 +35,6 @@ public class SQLInjectFilter extends BaseFilter{ | ||
| 33 | } | 35 | } |
| 34 | 36 | ||
| 35 | private static boolean isSqlInject(String injectStr) { | 37 | private static boolean isSqlInject(String injectStr) { |
| 36 | - String injStr = "'|and|exec|create|insert|select|delete|update|count|*|%|chr|mid|master|truncate|drop|char|declare|or|+"; | ||
| 37 | String injStrArr[] = injStr.split("\\|"); | 38 | String injStrArr[] = injStr.split("\\|"); |
| 38 | injectStr = injectStr.toLowerCase(); | 39 | injectStr = injectStr.toLowerCase(); |
| 39 | for (int i = 0; i < injStrArr.length; i++) { | 40 | for (int i = 0; i < injStrArr.length; i++) { |
| @@ -43,4 +44,12 @@ public class SQLInjectFilter extends BaseFilter{ | @@ -43,4 +44,12 @@ public class SQLInjectFilter extends BaseFilter{ | ||
| 43 | } | 44 | } |
| 44 | return false; | 45 | return false; |
| 45 | } | 46 | } |
| 47 | + | ||
| 48 | + public static String getInjStr() { | ||
| 49 | + return injStr; | ||
| 50 | + } | ||
| 51 | + | ||
| 52 | + public static void setInjStr(String injStr) { | ||
| 53 | + SQLInjectFilter.injStr = injStr; | ||
| 54 | + } | ||
| 46 | } | 55 | } |