From 2ed1199d48f7207f4a012c04f61e13ac1a8d5154 Mon Sep 17 00:00:00 2001
From: chenjiahe <763432473@qq.com>
Date: 星期四, 16 六月 2022 10:27:44 +0800
Subject: [PATCH] 新增请求安全工具

---
 src/main/java/com/hx/mybatis/aes/springbean/SqlUtils.java |   37 +++++++++++++++++++++++--------------
 1 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/main/java/com/hx/mybatis/aes/springbean/SqlUtils.java b/src/main/java/com/hx/mybatis/aes/springbean/SqlUtils.java
index f872b42..8d978db 100644
--- a/src/main/java/com/hx/mybatis/aes/springbean/SqlUtils.java
+++ b/src/main/java/com/hx/mybatis/aes/springbean/SqlUtils.java
@@ -2,7 +2,6 @@
 
 import com.alibaba.druid.sql.SQLUtils;
 import com.alibaba.druid.sql.ast.SQLExpr;
-import com.alibaba.druid.sql.ast.SQLObject;
 import com.alibaba.druid.sql.ast.SQLStatement;
 import com.alibaba.druid.sql.ast.statement.*;
 import com.alibaba.druid.sql.dialect.mysql.ast.statement.MySqlDeleteStatement;
@@ -18,7 +17,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -41,6 +39,25 @@
 
         MySqlStatementParser parser = new MySqlStatementParser(sql);
         SQLSelectStatement sqlStatement = (SQLSelectStatement) parser.parseSelect();
+
+        SQLSelect sqlSelect = sqlStatement.getSelect();
+        if (sqlSelect.getQuery() instanceof SQLSelectQueryBlock) {
+            // 闈瀠nion鐨勬煡璇㈣鍙�
+            return selectSqlRoutine( sqlStatement,aesKeysTable);
+        } else if (sqlSelect.getQuery() instanceof SQLUnionQuery) {
+            // union鐨勬煡璇㈣鍙�
+            return selectSqlUnion( sql, sqlStatement, aesKeysTable);
+        }else {
+            return selectSqlRoutine( sqlStatement,aesKeysTable);
+        }
+    }
+
+    /**鏌ヨ鍔犲瘑鏁版嵁澶勭悊锛屽彧瀵规煡璇㈠仛澶勭悊锛宻elect杩斿洖涓嶅仛澶勭悊锛圲nion鐗规畩璇彞锛�
+     * @param sql sql璇彞
+     * @param aesKeysTable aes绉橀挜
+     * @return
+     */
+    public static String selectSqlUnion(String sql,SQLSelectStatement sqlStatement,Map<String,Map<String,String>> aesKeysTable){
 
         //鑾峰彇琛ㄥ拰鍒悕
         ExportTableAliasVisitor visitorTable = new ExportTableAliasVisitor();
@@ -82,19 +99,12 @@
     }
 
 
-    /**鏌ヨ鍔犲瘑鏁版嵁澶勭悊锛屽彧瀵规煡璇㈠仛澶勭悊锛宻elect杩斿洖涓嶅仛澶勭悊锛堝浠斤級
-     * @param sql sql璇彞
+    /**鏌ヨ鍔犲瘑鏁版嵁澶勭悊锛屽彧瀵规煡璇㈠仛澶勭悊锛宻elect杩斿洖涓嶅仛澶勭悊锛堝父瑙勮鍙ワ級
+     * @param sqlStatement sql璇彞
      * @param aesKeysTable aes绉橀挜
      * @return
      */
-    public static String selectSqlDemo(String sql,Map<String,Map<String,String>> aesKeysTable){
-
-        MySqlStatementParser parser = new MySqlStatementParser(sql);
-        SQLSelectStatement sqlStatement = (SQLSelectStatement) parser.parseSelect();
-        //鑾峰彇鏍煎紡鍖栫殑slq璇彞
-        sql = sqlStatement.toString();
-
-
+    public static String selectSqlRoutine(SQLSelectStatement sqlStatement,Map<String,Map<String,String>> aesKeysTable){
 
         //瑙f瀽select鏌ヨ
         //SQLSelect sqlSelect = sqlStatement.getSelect()
@@ -107,7 +117,6 @@
             b = false;
             logger.error("瑙f瀽sql鎶ラ敊锛�"+e.getMessage());
         }
-
         if(!b){
             return "err";
         }
@@ -186,7 +195,7 @@
         }
 
         //澶勭悊where闇�瑕佸姞瀵嗗緱瀛楁
-        sql = sqlWhere.toString();
+        String sql = sqlWhere.toString();
         if(!StringUtils.isEmpty(sql)){
             Map<String,String> aesKeys = null;
             String aeskey = null;

--
Gitblit v1.8.0