|
|
@ -92,10 +92,10 @@ public class BasicZuulFilter extends ZuulFilter {
|
|
|
request = ctx.getRequest();
|
|
|
url = request.getRequestURI();
|
|
|
|
|
|
//防止SQL注入过滤器
|
|
|
if(doSqlFilter(request)){
|
|
|
return this.forbidden(ctx, ResultStatus.ERROR_PARA, "Illegal parameter");
|
|
|
}
|
|
|
// //防止SQL注入过滤器
|
|
|
// if(doSqlFilter(request)){
|
|
|
// return this.forbidden(ctx, ResultStatus.ERROR_PARA, "Illegal parameter");
|
|
|
// }
|
|
|
|
|
|
//文件类型过滤器
|
|
|
if(doFileFilter(request)){
|
|
|
@ -444,7 +444,7 @@ public class BasicZuulFilter extends ZuulFilter {
|
|
|
String badStr = "and|exec|execute|insert|select|delete|update|drop|chr|mid|master|truncate|" +
|
|
|
"declare|sitename|net user|xp_cmdshell|or|exec|execute|create|" +
|
|
|
"table|from|grant|use|group_concat|column_name|" +
|
|
|
"information_schema.columns|table_schema|union|where|select|update|order|by|like|" ;//过滤掉的sql关键字,可以手动添加
|
|
|
"information_schema.columns|table_schema|union|where|order|like|" ;//过滤掉的sql关键字,可以手动添加
|
|
|
String[] badStrs = badStr.split("\\|");
|
|
|
for (int i = 0; i < badStrs.length; i++) {
|
|
|
if (str.indexOf(badStrs[i]) >= 0) {
|
wangzhinan