mirror of https://gitee.com/xiaonuobase/snowy
【更新】page接口增加sql校验,解决字段sort排序时可能存在的sql注入问题
xuyuxiang
parent
6db3a696f0
commit
49e0c9e443
|
|
@ -146,7 +146,7 @@ public class AuthThirdServiceImpl extends ServiceImpl<AuthThirdMapper, AuthThird
|
|||
|
||||
@Override
|
||||
public Page<AuthThirdUser> page(AuthThirdUserPageParam authThirdUserPageParam) {
|
||||
QueryWrapper<AuthThirdUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<AuthThirdUser> queryWrapper = new QueryWrapper<AuthThirdUser>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(authThirdUserPageParam.getCategory())) {
|
||||
queryWrapper.lambda().eq(AuthThirdUser::getCategory, authThirdUserPageParam.getCategory());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ public class BizDictServiceImpl extends ServiceImpl<BizDictMapper, BizDict> impl
|
|||
|
||||
@Override
|
||||
public Page<BizDict> page(BizDictPageParam bizDictPageParam) {
|
||||
QueryWrapper<BizDict> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<BizDict> queryWrapper = new QueryWrapper<BizDict>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(BizDict::getId, BizDict::getParentId, BizDict::getCategory, BizDict::getDictLabel,
|
||||
BizDict::getDictValue, BizDict::getSortCode).eq(BizDict::getCategory, BizDictCategoryEnum.BIZ.getValue());
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ public class BizOrgServiceImpl extends ServiceImpl<BizOrgMapper, BizOrg> impleme
|
|||
|
||||
@Override
|
||||
public Page<BizOrg> page(BizOrgPageParam bizOrgPageParam) {
|
||||
QueryWrapper<BizOrg> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<BizOrg> queryWrapper = new QueryWrapper<BizOrg>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(BizOrg::getId, BizOrg::getParentId, BizOrg::getName,
|
||||
BizOrg::getCategory, BizOrg::getSortCode);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ public class BizPositionServiceImpl extends ServiceImpl<BizPositionMapper, BizPo
|
|||
|
||||
@Override
|
||||
public Page<BizPosition> page(BizPositionPageParam bizPositionPageParam) {
|
||||
QueryWrapper<BizPosition> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<BizPosition> queryWrapper = new QueryWrapper<BizPosition>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(BizPosition::getId, BizPosition::getOrgId, BizPosition::getName,
|
||||
BizPosition::getCategory, BizPosition::getSortCode);
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ public class BizUserServiceImpl extends ServiceImpl<BizUserMapper, BizUser> impl
|
|||
|
||||
@Override
|
||||
public Page<BizUser> page(BizUserPageParam bizUserPageParam) {
|
||||
QueryWrapper<BizUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<BizUser> queryWrapper = new QueryWrapper<BizUser>().checkSqlInjection();
|
||||
if (ObjectUtil.isNotEmpty(bizUserPageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().and(q -> q.like(BizUser::getAccount, bizUserPageParam.getSearchKey())
|
||||
.or().like(BizUser::getName, bizUserPageParam.getSearchKey()));
|
||||
|
|
@ -399,7 +399,7 @@ public class BizUserServiceImpl extends ServiceImpl<BizUserMapper, BizUser> impl
|
|||
public void exportUser(BizUserExportParam bizUserExportParam, HttpServletResponse response) throws IOException {
|
||||
File tempFile = null;
|
||||
try {
|
||||
QueryWrapper<BizUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<BizUser> queryWrapper = new QueryWrapper<BizUser>().checkSqlInjection();
|
||||
// 排除超管
|
||||
queryWrapper.lambda().ne(BizUser::getAccount, BizBuildInEnum.BUILD_IN_USER_ACCOUNT.getValue());
|
||||
// 校验数据范围
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ public class ClientUserServiceImpl extends ServiceImpl<ClientUserMapper, ClientU
|
|||
|
||||
@Override
|
||||
public Page<ClientUser> page(ClientUserPageParam clientUserPageParam) {
|
||||
QueryWrapper<ClientUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<ClientUser> queryWrapper = new QueryWrapper<ClientUser>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(clientUserPageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().and(q -> q.like(ClientUser::getName, clientUserPageParam.getSearchKey())
|
||||
.or().like(ClientUser::getAccount, clientUserPageParam.getSearchKey()));
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ public class DevConfigServiceImpl extends ServiceImpl<DevConfigMapper, DevConfig
|
|||
|
||||
@Override
|
||||
public Page<DevConfig> page(DevConfigPageParam devConfigPageParam) {
|
||||
QueryWrapper<DevConfig> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevConfig> queryWrapper = new QueryWrapper<DevConfig>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(DevConfig::getId, DevConfig::getConfigKey, DevConfig::getConfigValue,
|
||||
DevConfig::getCategory, DevConfig::getRemark, DevConfig::getSortCode);
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ public class DevDictServiceImpl extends ServiceImpl<DevDictMapper, DevDict> impl
|
|||
|
||||
@Override
|
||||
public Page<DevDict> page(DevDictPageParam devDictPageParam) {
|
||||
QueryWrapper<DevDict> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevDict> queryWrapper = new QueryWrapper<DevDict>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(DevDict::getId, DevDict::getParentId, DevDict::getCategory, DevDict::getDictLabel,
|
||||
DevDict::getDictValue, DevDict::getSortCode);
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ public class DevEmailServiceImpl extends ServiceImpl<DevEmailMapper, DevEmail> i
|
|||
|
||||
@Override
|
||||
public Page<DevEmail> page(DevEmailPageParam devEmailPageParam) {
|
||||
QueryWrapper<DevEmail> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevEmail> queryWrapper = new QueryWrapper<DevEmail>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(devEmailPageParam.getEngine())) {
|
||||
queryWrapper.lambda().eq(DevEmail::getEngine, devEmailPageParam.getEngine());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ public class DevFileServiceImpl extends ServiceImpl<DevFileMapper, DevFile> impl
|
|||
|
||||
@Override
|
||||
public Page<DevFile> page(DevFilePageParam devFilePageParam) {
|
||||
QueryWrapper<DevFile> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevFile> queryWrapper = new QueryWrapper<DevFile>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(devFilePageParam.getEngine())) {
|
||||
queryWrapper.lambda().eq(DevFile::getEngine, devFilePageParam.getEngine());
|
||||
}
|
||||
|
|
@ -88,7 +88,7 @@ public class DevFileServiceImpl extends ServiceImpl<DevFileMapper, DevFile> impl
|
|||
|
||||
@Override
|
||||
public List<DevFile> list(DevFileListParam devFileListParam) {
|
||||
QueryWrapper<DevFile> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevFile> queryWrapper = new QueryWrapper<DevFile>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(devFileListParam.getEngine())) {
|
||||
queryWrapper.lambda().eq(DevFile::getEngine, devFileListParam.getEngine());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ public class DevJobServiceImpl extends ServiceImpl<DevJobMapper, DevJob> impleme
|
|||
|
||||
@Override
|
||||
public Page<DevJob> page(DevJobPageParam devJobPageParam) {
|
||||
QueryWrapper<DevJob> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevJob> queryWrapper = new QueryWrapper<DevJob>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(DevJob::getId, DevJob::getName, DevJob::getCategory,
|
||||
DevJob::getActionClass, DevJob::getCronExpression, DevJob::getJobStatus, DevJob::getSortCode);
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public class DevLogServiceImpl extends ServiceImpl<DevLogMapper, DevLog> impleme
|
|||
|
||||
@Override
|
||||
public Page<DevLog> page(DevLogPageParam devLogPageParam) {
|
||||
QueryWrapper<DevLog> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevLog> queryWrapper = new QueryWrapper<DevLog>().checkSqlInjection();
|
||||
// page查询中排除较大的字段(提升查询速度)
|
||||
queryWrapper.select(DevLog.class, info ->
|
||||
!info.getColumn().equalsIgnoreCase("param_json")
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ public class DevMessageServiceImpl extends ServiceImpl<DevMessageMapper, DevMess
|
|||
|
||||
@Override
|
||||
public Page<DevMessage> page(DevMessagePageParam devMessagePageParam) {
|
||||
QueryWrapper<DevMessage> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevMessage> queryWrapper = new QueryWrapper<DevMessage>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(devMessagePageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().like(DevMessage::getSubject, devMessagePageParam.getSearchKey());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ public class DevSmsServiceImpl extends ServiceImpl<DevSmsMapper, DevSms> impleme
|
|||
|
||||
@Override
|
||||
public Page<DevSms> page(DevSmsPageParam devSmsPageParam) {
|
||||
QueryWrapper<DevSms> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<DevSms> queryWrapper = new QueryWrapper<DevSms>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(devSmsPageParam.getEngine())) {
|
||||
queryWrapper.lambda().eq(DevSms::getEngine, devSmsPageParam.getEngine());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ public class GenBasicServiceImpl extends ServiceImpl<GenBasicMapper, GenBasic> i
|
|||
|
||||
@Override
|
||||
public Page<GenBasic> page(GenBasicPageParam genBasicPageParam) {
|
||||
QueryWrapper<GenBasic> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<GenBasic> queryWrapper = new QueryWrapper<GenBasic>().checkSqlInjection();
|
||||
|
||||
if(ObjectUtil.isAllNotEmpty(genBasicPageParam.getSortField(), genBasicPageParam.getSortOrder())) {
|
||||
CommonSortOrderEnum.validate(genBasicPageParam.getSortOrder());
|
||||
|
|
@ -186,7 +186,7 @@ public class GenBasicServiceImpl extends ServiceImpl<GenBasicMapper, GenBasic> i
|
|||
GenBasic genBasic = this.queryEntity(genBasicEditParam.getId());
|
||||
if (!genBasic.getDbTable().equals(genBasicEditParam.getDbTable())) {
|
||||
// 删除配置表内该表的字段
|
||||
QueryWrapper<GenConfig> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<GenConfig> queryWrapper = new QueryWrapper<GenConfig>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(GenConfig::getBasicId, genBasic.getId());
|
||||
genConfigService.remove(queryWrapper);
|
||||
// 新增新表的数据字段
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class GenConfigServiceImpl extends ServiceImpl<GenConfigMapper, GenConfig
|
|||
|
||||
@Override
|
||||
public List<GenConfig> list(GenConfigListParam genConfigListParam) {
|
||||
QueryWrapper<GenConfig> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<GenConfig> queryWrapper = new QueryWrapper<GenConfig>().checkSqlInjection();
|
||||
|
||||
queryWrapper.lambda().eq(GenConfig::getBasicId, genConfigListParam.getBasicId());
|
||||
if(ObjectUtil.isAllNotEmpty(genConfigListParam.getSortField(), genConfigListParam.getSortOrder())) {
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ public class ${className}ServiceImpl extends ServiceImpl<${className}Mapper, ${c
|
|||
|
||||
@Override
|
||||
public Page<${className}> page(${className}PageParam ${classNameFirstLower}PageParam) {
|
||||
QueryWrapper<${className}> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<${className}> queryWrapper = new QueryWrapper<${className}>().checkSqlInjection();
|
||||
<% for(var i = 0; i < configList.~size; i++) { %>
|
||||
<% if(configList[i].needPage) { %>
|
||||
<% if(configList[i].effectType == 'datepicker') { %>
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ public class MobileButtonServiceImpl extends ServiceImpl<MobileButtonMapper, Mob
|
|||
|
||||
@Override
|
||||
public Page<MobileButton> page(MobileButtonPageParam mobileButtonPageParam) {
|
||||
QueryWrapper<MobileButton> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<MobileButton> queryWrapper = new QueryWrapper<MobileButton>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(MobileButton::getCategory, MobileResourceCategoryEnum.BUTTON.getValue());
|
||||
if(ObjectUtil.isNotEmpty(mobileButtonPageParam.getParentId())) {
|
||||
queryWrapper.lambda().eq(MobileButton::getParentId, mobileButtonPageParam.getParentId());
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ public class MobileModuleServiceImpl extends ServiceImpl<MobileModuleMapper, Mob
|
|||
|
||||
@Override
|
||||
public Page<MobileModule> page(MobileModulePageParam mobileModulePageParam) {
|
||||
QueryWrapper<MobileModule> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<MobileModule> queryWrapper = new QueryWrapper<MobileModule>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(MobileModule::getCategory, MobileResourceCategoryEnum.MODULE.getValue());
|
||||
if(ObjectUtil.isNotEmpty(mobileModulePageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().like(MobileModule::getTitle, mobileModulePageParam.getSearchKey());
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ public class SysOrgServiceImpl extends ServiceImpl<SysOrgMapper, SysOrg> impleme
|
|||
|
||||
@Override
|
||||
public Page<SysOrg> page(SysOrgPageParam sysOrgPageParam) {
|
||||
QueryWrapper<SysOrg> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysOrg> queryWrapper = new QueryWrapper<SysOrg>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(SysOrg::getId, SysOrg::getParentId, SysOrg::getName,
|
||||
SysOrg::getCategory, SysOrg::getSortCode);
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ public class SysPositionServiceImpl extends ServiceImpl<SysPositionMapper, SysPo
|
|||
|
||||
@Override
|
||||
public Page<SysPosition> page(SysPositionPageParam sysPositionPageParam) {
|
||||
QueryWrapper<SysPosition> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysPosition> queryWrapper = new QueryWrapper<SysPosition>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(SysPosition::getId, SysPosition::getOrgId, SysPosition::getName,
|
||||
SysPosition::getCategory, SysPosition::getSortCode);
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ public class SysButtonServiceImpl extends ServiceImpl<SysButtonMapper, SysButton
|
|||
|
||||
@Override
|
||||
public Page<SysButton> page(SysButtonPageParam sysButtonPageParam) {
|
||||
QueryWrapper<SysButton> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysButton> queryWrapper = new QueryWrapper<SysButton>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(SysButton::getCategory, SysResourceCategoryEnum.BUTTON.getValue());
|
||||
if(ObjectUtil.isNotEmpty(sysButtonPageParam.getParentId())) {
|
||||
queryWrapper.lambda().eq(SysButton::getParentId, sysButtonPageParam.getParentId());
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
|
|||
|
||||
@Override
|
||||
public Page<SysMenu> page(SysMenuPageParam sysMenuPageParam) {
|
||||
QueryWrapper<SysMenu> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysMenu> queryWrapper = new QueryWrapper<SysMenu>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(SysMenu::getCategory, SysResourceCategoryEnum.MENU.getValue());
|
||||
if(ObjectUtil.isNotEmpty(sysMenuPageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().like(SysMenu::getTitle, sysMenuPageParam.getSearchKey());
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public class SysModuleServiceImpl extends ServiceImpl<SysModuleMapper, SysModule
|
|||
|
||||
@Override
|
||||
public Page<SysModule> page(SysModulePageParam sysModulePageParam) {
|
||||
QueryWrapper<SysModule> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysModule> queryWrapper = new QueryWrapper<SysModule>().checkSqlInjection();
|
||||
queryWrapper.lambda().eq(SysModule::getCategory, SysResourceCategoryEnum.MODULE.getValue());
|
||||
if(ObjectUtil.isNotEmpty(sysModulePageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().like(SysModule::getTitle, sysModulePageParam.getSearchKey());
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
|
|||
|
||||
@Override
|
||||
public Page<SysRole> page(SysRolePageParam sysRolePageParam) {
|
||||
QueryWrapper<SysRole> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysRole> queryWrapper = new QueryWrapper<SysRole>().checkSqlInjection();
|
||||
// 查询部分字段
|
||||
queryWrapper.lambda().select(SysRole::getId, SysRole::getOrgId, SysRole::getName,
|
||||
SysRole::getCategory, SysRole::getSortCode);
|
||||
|
|
|
|||
|
|
@ -216,7 +216,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
|
|||
|
||||
@Override
|
||||
public Page<SysUser> page(SysUserPageParam sysUserPageParam) {
|
||||
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<SysUser>().checkSqlInjection();
|
||||
if (ObjectUtil.isNotEmpty(sysUserPageParam.getSearchKey())) {
|
||||
queryWrapper.lambda().and(q -> q.like(SysUser::getAccount, sysUserPageParam.getSearchKey()).or()
|
||||
.like(SysUser::getName, sysUserPageParam.getSearchKey()));
|
||||
|
|
@ -1168,7 +1168,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
|
|||
public void exportUser(SysUserExportParam sysUserExportParam, HttpServletResponse response) throws IOException {
|
||||
File tempFile = null;
|
||||
try {
|
||||
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<>();
|
||||
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<SysUser>().checkSqlInjection();
|
||||
if(ObjectUtil.isNotEmpty(sysUserExportParam.getUserIds())) {
|
||||
queryWrapper.lambda().in(SysUser::getId, StrUtil.split(sysUserExportParam.getUserIds(), StrUtil.COMMA));
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Reference in New Issue