利用Aop对排序字段,排序方式及搜索内容进行过滤,防止sql注入_利用aop对前端传过来的多个字段进行排序-优快云博客

本文链接：https://blog.youkuaiyun.com/qq_44447372/article/details/125264898

根据公司现场传回的bug,在查询列表的时候,排序字段及排序方式可能会存在sql注入的风险,所以下面会使用AOP防止sql注入


/**
 * 对控制层page参数切面
 */
@Aspect
@Component
public class CustomPageAspect {

   /**
     * 特殊字符转换
     * @param searchContent
     * @return
     */
    private String resetVal(String searchContent) {
        if (StringUtils.isBlank(searchContent)){
            return searchContent;
        }
        return specialCharEscape(searchContent);
    }


    /**
     * 对特殊字符 进行转义
     * @param searchContent 需要转义的字符串
     * @return string
     */
    private String specialCharEscape(String searchContent) {
        return specialCharEscape(searchContent,"%_\\'\"");
    }

    public static String specialCharEscape(String text, String specialChar){
        StringBuilder stringBuilder = new StringBuilder(text);
        int length = stringBuilder.length();
        for (int i = 0; i < length; i++) {
            char c = stringBuilder.charAt(i);
            if (specialChar.contains(Character.toString(c))){
                stringBuilder.insert(i, "\\");
                i += 1;
                length += 1;
            }
        }
        return stringBuilder.toString();
    }
    protected  boolean matchField(String field){
        Pattern compile = Pattern.compile(REGEXG);
        Matcher matcher = compile.matcher(field);
        return matcher.find();
    }

    /**
     * 仅包含字母数字下划线
     */
    private static final String REGEXG = "^\\W+$";

    /**
     * 定义切面.拦截*Controller下的入参还有PageInfo的方法
     */
    @Pointcut("execution(* com.nieyp.web.*Controller.*(com.ausware.lang.entity.PageInfo,..))")
    private void pointcut(){}

    @Around("pointcut()")
    protected Object around(ProceedingJoinPoint pjp) throws Throwable{
        Object[] args = pjp.getArgs();
        Optional<Object> first = Arrays.stream(args).filter(arg -> arg.getClass().isAssignableFrom(PageInfo.class)).findFirst();
        if (first.isEmpty()){
            return pjp.proceed();
        }
        Method method = ((MethodSignature) pjp.getSignature()).getMethod();
        Class<?> returnType = method.getReturnType();
        //转为pageinfo对象
        PageInfo<?> pageInfo = (PageInfo<?>) first.get();
        boolean b1 = matchField(pageInfo.getSearchField());
        boolean b2 = matchField(pageInfo.getSearchField());
        boolean[] bools = {b1,b2};
        if (!BooleanUtils.and(bools)){
            System.out.println("存在sql注入的危险");
            Object obj = returnType.getDeclaredConstructor().newInstance();
            return obj;
        }
        if (StringUtils.isNoneBlank(pageInfo.getSearchContent())){
            String before = pageInfo.getSearchContent();
            //进行转义
            pageInfo.setSearchContent(resetVal(pageInfo.getSearchContent()));
        }
        //限制并重写:orderType(ASC DESC)
        if (StringUtils.isNoneBlank(pageInfo.getOrderType()) && (!StringUtils.equalsAnyIgnoreCase(pageInfo.getOrderType(), "asc", "desc"))){
            pageInfo.setOrderType("asc".toUpperCase());
        }
        return pjp.proceed();

    }

}