/**
* 测试sql注入攻击-sql会睡眠5秒才返回
*/
@Test
public void test02() {
QueryWrapper<Result> queryWrapper = new QueryWrapper<>();
queryWrapper.select(Result.ID);
String param = "' and (select * from (select sleep(5)) a) ='";
String format = String.format(" %s REGEXP CONCAT('(',REPLACE('%s',',','|'),')') ",
Result.HIT_MIND_LABEL, param);
System.out.println(format);
queryWrapper.apply(format);
List<Result> list = resultService.list(queryWrapper);
System.out.println(JSON.toJSONString(list));
}
/**
* 防sql注入,如下不会出现sql注入
*/
@Test
public void test03() {
System.out.println(JSON.toJSONString(resultService.list().stream().map(Result::getHitMindLabel).toArray()));
QueryWrapper<Result> queryWrapper = new QueryWrapper<>();
queryWrapper.select(Result.ID);
//queryWrapper.eq(Result.COMPANY_ID, 279);
//String param=" '' and (select * from (select sleep(5)) a) = '' ";
String param = "333,444";
queryWrapper.apply(Result.LABLE+ " REGEXP CONCAT('(',REPLACE({0},',','|'),')') ", param);
List<Result> list = resultMapper.selectList(queryWrapper);
System.out.println(JSON.toJSONString(list));
}
错误的写法:
queryWrapper.apply(StringUtils.isNotEmpty(resultQueryDTO.getHitMindIds()),
String.format(" %s REGEXP CONCAT('(',REPLACE('%s',',','|'),')') ",
Result.HIT_MIND_LABEL, resultQueryDTO.getHitMindIds()));
正确的写法
queryWrapper.apply(StringUtils.isNotEmpty(resultQueryDTO.getHitMindIds()),
Result.HIT_MIND_LABEL + " REGEXP CONCAT('(',REPLACE({0},',','|'),')') ", resultQueryDTO.getHitMindIds());