Skip to content

A
amos-boot-biz
Commit c5d331ad authored by litengwei's avatar litengwei
Browse files
Options

SQL Injection: MyBatis Mapper(SQL注入:MyBatis Mapper)

parent 25ebaacd
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 2 deletions
amos-boot-module/amos-boot-module-api/amos-boot-module-common-api/src/main/java/com/yeejoin/amos/boot/module/common/api/interceptor/PluginInterceptor.java
View file @ c5d331ad
...@@ -11,6 +11,7 @@ import org.apache.ibatis.plugin.*; ...@@ -11,6 +11,7 @@ import org.apache.ibatis.plugin.*;
import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds; import org.apache.ibatis.session.RowBounds;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.ReflectionUtils;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.util.HashMap; import java.util.HashMap;
...@@ -80,7 +81,7 @@ public class PluginInterceptor implements Interceptor { ...@@ -80,7 +81,7 @@ public class PluginInterceptor implements Interceptor {
//通过反射修改sql语句 //通过反射修改sql语句
Field field = boundSql.getClass().getDeclaredField("sql"); Field field = boundSql.getClass().getDeclaredField("sql");
field.setAccessible(true); ReflectionUtils.makeAccessible(field);
field.set(boundSql, sql); field.set(boundSql, sql);
return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql); return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql);
} else { } else {
......
amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/interceptor/PluginInterceptor.java
View file @ c5d331ad
...@@ -9,6 +9,7 @@ import org.apache.ibatis.plugin.*; ...@@ -9,6 +9,7 @@ import org.apache.ibatis.plugin.*;
import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds; import org.apache.ibatis.session.RowBounds;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.ReflectionUtils;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.util.HashMap; import java.util.HashMap;
...@@ -78,7 +79,7 @@ public class PluginInterceptor implements Interceptor { ...@@ -78,7 +79,7 @@ public class PluginInterceptor implements Interceptor {
//通过反射修改sql语句 //通过反射修改sql语句
Field field = boundSql.getClass().getDeclaredField("sql"); Field field = boundSql.getClass().getDeclaredField("sql");
field.setAccessible(true); ReflectionUtils.makeAccessible(field);
field.set(boundSql, sql); field.set(boundSql, sql);
return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql); return executor.query(mappedStatement, parameter, rowBounds, resultHandler, cacheKey, boundSql);
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment