From 6fa3bfe05184e9bcaadf00becee1d30f4abb9b1d Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 五月 2021 17:38:27 +0800
Subject: [PATCH] 修复两处存在SQL注入漏洞问题
---
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
index c11a477..18500ab 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@@ -16,6 +16,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
+import org.springframework.validation.BindingResult;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.HandlerMapping;
import com.alibaba.fastjson.JSON;
@@ -196,7 +197,7 @@
{
for (int i = 0; i < paramsArray.length; i++)
{
- if (!isFilterObject(paramsArray[i]))
+ if (StringUtils.isNotNull(paramsArray[i]) && !isFilterObject(paramsArray[i]))
{
Object jsonObj = JSON.toJSON(paramsArray[i]);
params += jsonObj.toString() + " ";
@@ -212,6 +213,7 @@
* @param o 对象信息。
* @return 如果是需要过滤的对象,则返回true;否则返回false。
*/
+ @SuppressWarnings("rawtypes")
public boolean isFilterObject(final Object o)
{
Class<?> clazz = o.getClass();
@@ -230,12 +232,13 @@
else if (Map.class.isAssignableFrom(clazz))
{
Map map = (Map) o;
- for (Iterator iter = map.entrySet().iterator(); iter.hasNext(); )
+ for (Iterator iter = map.entrySet().iterator(); iter.hasNext();)
{
Map.Entry entry = (Map.Entry) iter.next();
return entry.getValue() instanceof MultipartFile;
}
}
- return o instanceof MultipartFile || o instanceof HttpServletRequest || o instanceof HttpServletResponse;
+ return o instanceof MultipartFile || o instanceof HttpServletRequest || o instanceof HttpServletResponse
+ || o instanceof BindingResult;
}
}
--
Gitblit v1.9.2