update 优化项目中的一些存在null的问题与一些性能问题小优化

2026-04-11 21:13:16 +08:00 · 2026-03-31 18:52:37 +08:00
parent 26464c0051
commit d11990bfd8
21 changed files with 137 additions and 91 deletions
--- a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/StringUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/StringUtils.java
@@ -23,6 +23,8 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils {

    public static final String SLASH = "/";

+    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
+
    @Deprecated
    private StringUtils() {
    }
@@ -233,8 +235,7 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils {
     * @param url     需要匹配的url
     */
    public static boolean isMatch(String pattern, String url) {
-        AntPathMatcher matcher = new AntPathMatcher();
-        return matcher.match(pattern, url);
+        return ANT_PATH_MATCHER.match(pattern, url);
    }

    /**
--- a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/sql/SqlUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/sql/SqlUtil.java
@@ -1,5 +1,6 @@
 package org.dromara.common.core.utils.sql;

+import cn.hutool.core.exceptions.UtilException;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import org.dromara.common.core.utils.StringUtils;
@@ -15,7 +16,7 @@ public class SqlUtil {
    /**
     * 定义常用的 sql关键字
     */
-    public static String SQL_REGEX = "\u000B|and |extractvalue|updatexml|sleep|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |union |like |+|/*|user()";
+    public static final String SQL_REGEX = "\u000B|%0A|and |extractvalue|updatexml|sleep|information_schema|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |union |like |+|/*|user()";

    /**
     * 仅支持字母、数字、下划线、空格、逗号、小数点（支持多个字段排序）
@@ -46,10 +47,11 @@ public class SqlUtil {
        if (StringUtils.isEmpty(value)) {
            return;
        }
+        String normalizedValue = value.replaceAll("\\p{Z}|\\s", "");
        String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
        for (String sqlKeyword : sqlKeywords) {
-            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) {
-                throw new IllegalArgumentException("参数存在SQL注入风险");
+            if (StringUtils.indexOf(normalizedValue, sqlKeyword) > -1) {
+                throw new UtilException("请求参数包含敏感关键词'" + sqlKeyword + "'，可能存在安全风险");
            }
        }
    }