Server防SQL注入：校验@Schema

TommyLemon · TommyLemon · commit db0a2d020fe5 · 2018-05-13T18:00:54.000+08:00
diff --git a/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java b/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
@@ -177,6 +177,12 @@ public String getSchema() {
 	}
 	@Override
 	public AbstractSQLConfig setSchema(String schema) {
+		if (schema != null) {
+			String s = schema.startsWith("`") && schema.endsWith("`") ? schema.substring(1, schema.length() - 1) : schema;
+			if (StringUtil.isName(s) == false) {
+				throw new IllegalArgumentException("@schema:value 中value必须是1个单词！");
+			}
+		}
 		this.schema = schema;
 		return this;
 	}
@@ -203,7 +209,7 @@ public String getTablePath() {
 		return getSchema() + "." + getSQLTable();
 	}
 	@Override
-	public AbstractSQLConfig setTable(String table) {
+	public AbstractSQLConfig setTable(String table) { //Table已经在Parser中校验，所以这里不用防SQL注入
 		this.table = table;
 		return this;
 	}

Original file line number	Diff line number	Diff line change
`@@ -177,6 +177,12 @@ public String getSchema() {`
`177`	`177`	`}`
`178`	`178`	`@Override`
`179`	`179`	`public AbstractSQLConfig setSchema(String schema) {`
	`180`	`+ if (schema != null) {`
	`181`	+ String s = schema.startsWith("`") && schema.endsWith("`") ? schema.substring(1, schema.length() - 1) : schema;
	`182`	`+ if (StringUtil.isName(s) == false) {`
	`183`	`+ throw new IllegalArgumentException("@schema:value 中value必须是1个单词！");`
	`184`	`+ }`
	`185`	`+ }`
`180`	`186`	`this.schema = schema;`
`181`	`187`	`return this;`
`182`	`188`	`}`
`@@ -203,7 +209,7 @@ public String getTablePath() {`
`203`	`209`	`return getSchema() + "." + getSQLTable();`
`204`	`210`	`}`
`205`	`211`	`@Override`
`206`		`- public AbstractSQLConfig setTable(String table) {`
	`212`	`+ public AbstractSQLConfig setTable(String table) { //Table已经在Parser中校验，所以这里不用防SQL注入`
`207`	`213`	`this.table = table;`
`208`	`214`	`return this;`
`209`	`215`	`}`