| | |
|---|
| | | |
|---|
| | | import java.util.ArrayList; |
|---|
| | | import java.util.List; |
|---|
| | | import java.util.Map; |
|---|
| | | import java.util.regex.Matcher; |
|---|
| | | import java.util.regex.Pattern; |
|---|
| | | |
|---|
| | |
|---|
| | | @Override |
|---|
| | | @Java110Transactional |
|---|
| | | public void doCmd(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) throws CmdException { |
|---|
| | | Map<String,String> headers = cmdDataFlowContext.getReqHeaders(); |
|---|
| | | |
|---|
| | | reqJson.put("storeId",headers.get("store-id")); |
|---|
| | | |
|---|
| | | OaWorkflowFormDto oaWorkflowFormDto = new OaWorkflowFormDto(); |
|---|
| | | oaWorkflowFormDto.setFlowId(reqJson.get("flowId").toString()); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | List<String> columns = new ArrayList<>(); |
|---|
| | | List<String> values = new ArrayList<>(); |
|---|
| | | for (String key : reqJson.keySet()) { |
|---|
| | | if ("flowId".equals(key) || "id".equals(key)) { |
|---|
| | | if ("flowId".equals(key) || "id".equals(key) || "storeId".equals(key)) { |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | columns.add(key + "=" + reqJson.getString(key)); |
|---|
| | | columns.add(key + "='" + reqJson.getString(key)+"'"); |
|---|
| | | |
|---|
| | | //简单校验 |
|---|
| | | validateColumns(columns); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public static boolean containsSqlInjection(Object obj) { |
|---|
| | | Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)\\b|(\\*|;|\\+|'|%)"); |
|---|
| | | Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)"); |
|---|
| | | Matcher matcher = pattern.matcher(obj.toString().toLowerCase()); |
|---|
| | | return matcher.find(); |
|---|
| | | } |
|---|
