github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【issues/4393】解决使用参数tableName=sys_user t&复测,漏洞仍然存在

pull/5216/merge
zhangdaiscott 2023-08-14 10:01:49 +08:00
parent 05181754bb
commit 0bc7e0967d
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
View File

@ -1,6 +1,5 @@
package org.jeecg.modules.system.security;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.security.AbstractQueryBlackListHandler;
@ -52,9 +51,14 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
*/
private String getTableName(String str) {
String[] arr = str.split("\\s+(?i)where\\s+");
// sys_user , (sys_user), sys_user%20, %60sys_user%60 issues/4393
String tableName = arr[0];
//【20230814】解决使用参数tableName=sys_user t&复测,漏洞仍然存在
if (tableName.contains(" ")) {
tableName = tableName.substring(0, tableName.indexOf(" "));
}
//【issues/4393】 sys_user , (sys_user), sys_user%20, %60sys_user%60
String reg = "\\s+|\\(|\\)|`";
return arr[0].replaceAll(reg, "");
return tableName.replaceAll(reg, "");
}
}