From 073797c9785a8dac1b36a2f2a0b2ff3015aa3290 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=BB=84=E6=B5=B7?= <10402852@qq.com>
Date: Mon, 30 Dec 2024 09:16:43 +0800
Subject: [PATCH] 'commit'

---
 .../Controller/DataEaseController.java        |  13 +++
 .../dsideal/base/Util/SqlInjectionUtils.java  | 106 ++++++++++++++++++
 2 files changed, 119 insertions(+)
 create mode 100644 src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java

diff --git a/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java b/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java
index b2b9cce1..ed2e2e5a 100644
--- a/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java
+++ b/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java
@@ -12,6 +12,7 @@ import com.dsideal.base.Interceptor.IsNumericInterface;
 import com.dsideal.base.Res.Model.ResourceModel;
 import com.dsideal.base.Util.CommonUtil;
 import com.dsideal.base.Util.CookieUtil;
+import com.dsideal.base.Util.SqlInjectionUtils;
 import com.jfinal.aop.Before;
 import com.jfinal.core.Controller;
 import com.jfinal.ext.interceptor.GET;
@@ -325,6 +326,10 @@ public class DataEaseController extends Controller {
         if (StrKit.isBlank(keyword)) keyword = "";
         if (pageNumber == 0) pageNumber = 1;
         if (pageSize == 0) pageSize = 20;
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
         //登录的人员
         int identity_id = Integer.parseInt(CookieUtil.getValue(getRequest(), "identity_id"));
         String person_id = CookieUtil.getValue(getRequest(), "person_id");
@@ -396,6 +401,10 @@ public class DataEaseController extends Controller {
         if (StrKit.isBlank(keyword)) keyword = "";
         if (pageNumber == 0) pageNumber = 1;
         if (pageSize == 0) pageSize = 20;
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
         //登录的人员
         int identity_id = Integer.parseInt(CookieUtil.getValue(getRequest(), "identity_id"));
         String person_id = CookieUtil.getValue(getRequest(), "person_id");
@@ -522,6 +531,10 @@ public class DataEaseController extends Controller {
         if (pageNumber == 0) pageNumber = 1;
         if (pageSize == 0) pageSize = 20;
         if (StrKit.isBlank(keyword)) keyword = "";
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
         Page<Record> list = dm.getDataSetContentByProvince(id, keyword, pageNumber, pageSize);
         renderJson(CommonUtil.renderJsonForLayUI(list));
     }
diff --git a/src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java b/src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java
new file mode 100644
index 00000000..44918c3a
--- /dev/null
+++ b/src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java
@@ -0,0 +1,106 @@
+package com.dsideal.base.Util;
+
+public class SqlInjectionUtils {
+
+    // SQL注入风险的关键字
+    private static final String[] SQL_INJECTION_KEYWORDS = {
+            "SELECT", "INSERT", "UPDATE", "DELETE", "DROP", "TRUNCATE",
+            "EXEC", "EXECUTE", "UNION", "CREATE", "ALTER", "GRANT",
+            "--", "/*", "*/", ";", "@@", "@",
+            "CHAR", "DECLARE", "CAST", "CONVERT",
+            "WAITFOR", "DELAY"
+    };
+
+    // SQL注入特殊字符
+    private static final String[] SQL_INJECTION_CHARS = {
+            "'", "\"", "\\", "%", "_", "^", "[", "]"
+    };
+
+    /**
+     * 检查输入是否存在SQL注入风险
+     * @param input 待检查的字符串
+     * @return 检查结果，true表示存在风险
+     */
+    public static boolean hasSqlInjectionRisk(String input) {
+        if (input == null || input.trim().isEmpty()) {
+            return false;
+        }
+
+        // 转换为大写，便于检查关键字
+        String upperInput = input.toUpperCase();
+
+        // 检查SQL关键字
+        for (String keyword : SQL_INJECTION_KEYWORDS) {
+            if (upperInput.contains(keyword)) {
+                return true;
+            }
+        }
+
+        // 检查特殊字符
+        for (String specialChar : SQL_INJECTION_CHARS) {
+            if (input.contains(specialChar)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * 清理可能存在SQL注入风险的字符串
+     * @param input 待清理的字符串
+     * @return 清理后的字符串
+     */
+    public static String cleanSqlInjection(String input) {
+        if (input == null) {
+            return null;
+        }
+
+        String result = input;
+
+        // 替换SQL关键字
+        for (String keyword : SQL_INJECTION_KEYWORDS) {
+            result = result.replaceAll("(?i)" + keyword, "");
+        }
+
+        // 替换特殊字符
+        for (String specialChar : SQL_INJECTION_CHARS) {
+            result = result.replace(specialChar, "");
+        }
+
+        return result;
+    }
+
+    /**
+     * 转义SQL特殊字符
+     * @param input 待转义的字符串
+     * @return 转义后的字符串
+     */
+    public static String escapeSql(String input) {
+        if (input == null) {
+            return null;
+        }
+
+        return input.replace("'", "''")
+                .replace("\\", "\\\\")
+                .replace("%", "\\%")
+                .replace("_", "\\_");
+    }
+
+    /**
+     * 验证并清理输入
+     * @param input 输入字符串
+     * @param throwException 是否抛出异常
+     * @return 清理后的字符串
+     */
+    public static String validateAndClean(String input, boolean throwException)
+            throws IllegalArgumentException {
+        if (hasSqlInjectionRisk(input)) {
+            if (throwException) {
+                throw new IllegalArgumentException("检测到SQL注入风险: " + input);
+            }
+            return cleanSqlInjection(input);
+        }
+        return input;
+    }
+}
\ No newline at end of file