更新

sagframe · Nov 23, 2023 · 7ff51e2 · 7ff51e2
1 parent 5ae4f23
commit 7ff51e2
Show file tree

Hide file tree

Showing 10 changed files with 221 additions and 128 deletions.
diff --git a/trunk/sqltoy-orm/pom.xml b/trunk/sqltoy-orm/pom.xml
@@ -3,22 +3,22 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.sagframe</groupId>
-	<version>5.2.81</version>
+	<version>5.2.82</version>
 	<name>sagacity-sqltoy</name>
 	<description>sagacity-sqltoy</description>
 	<artifactId>sagacity-sqltoy</artifactId>
 	<url>https://github.com/sagframe/sagacity-sqltoy</url>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<spring-framework.version>5.3.30</spring-framework.version>
-		<spring-data-redis.version>2.7.17</spring-data-redis.version>
-		<spring-data-mongo.version>3.4.17</spring-data-mongo.version>
+		<spring-framework.version>5.3.31</spring-framework.version>
+		<spring-data-redis.version>2.7.18</spring-data-redis.version>
+		<spring-data-mongo.version>3.4.18</spring-data-mongo.version>
 		<ojdbc.version>21.11.0.0</ojdbc.version>
 		<ehcache.version>3.10.8</ehcache.version>
 		<httpclient.version>4.5.14</httpclient.version>
 		<httpclient-httpmime.version>4.5.14</httpclient-httpmime.version>
 		<httpclient-core.version>4.4.16</httpclient-core.version>
-		<elastic-rest-client.version>8.11.0</elastic-rest-client.version>
+		<elastic-rest-client.version>8.11.1</elastic-rest-client.version>
 		<fastjson.version>2.0.42</fastjson.version>
 		<mongo.version>3.12.14</mongo.version>
 		<junit-jupiter.version>5.10.1</junit-jupiter.version>

diff --git a/trunk/sqltoy-orm/src/main/java/org/sagacity/sqltoy/SqlToyContext.java b/trunk/sqltoy-orm/src/main/java/org/sagacity/sqltoy/SqlToyContext.java
@@ -20,6 +20,7 @@
 import org.sagacity.sqltoy.integration.AppContext;
 import org.sagacity.sqltoy.integration.ConnectionFactory;
 import org.sagacity.sqltoy.integration.impl.SpringConnectionFactory;
+import org.sagacity.sqltoy.model.IgnoreKeyCaseMap;
 import org.sagacity.sqltoy.model.OverTimeSql;
 import org.sagacity.sqltoy.model.QueryExecutor;
 import org.sagacity.sqltoy.plugins.FilterHandler;
@@ -342,6 +343,11 @@ public TranslateManager getTranslateManager() {
 	 */
 	private List<SqlInterceptor> sqlInterceptors;
 
+	/**
+	 * 方言映射
+	 */
+	private IgnoreKeyCaseMap<String, String> dialectMap;
+
 	/**
 	 * 拆分merge into 为updateAll 和 saveAllIgnoreExist 两步操作(1、seata分布式事务不支持merge)
 	 */
@@ -391,6 +397,10 @@ public void initialize() throws Exception {
 		}
 		// 初始化方言对应的类别代码，避免线程安全
 		DataSourceUtils.initialize();
+		// 设置方言映射(默认OSCAR==>gaussdb)
+		if (dialectMap != null && !dialectMap.isEmpty()) {
+			DataSourceUtils.dialectMap = dialectMap;
+		}
 		// 初始化默认dataSource
 		initDefaultDataSource();
 		// 设置workerId和dataCenterId,为使用snowflake主键ID产生算法服务
@@ -747,6 +757,10 @@ public void setDialect(String dialect) {
 			this.dialect = Dialect.TDENGINE;
 		} else if (tmp.startsWith(Dialect.ES)) {
 			this.dialect = Dialect.ES;
+		} else if (tmp.startsWith(Dialect.H2)) {
+			this.dialect = Dialect.H2;
+		} else if (tmp.startsWith(Dialect.OSCAR)) {
+			this.dialect = Dialect.OSCAR;
 		} else {
 			this.dialect = dialect;
 		}
@@ -1219,4 +1233,12 @@ public void setAutoDDL(Boolean autoDDL) {
 		this.autoDDL = autoDDL;
 	}
 
+	/**
+	 * @param dialectMap the dialectMap to set
+	 */
+	public void setDialectMap(Map<String, String> dialectMap) {
+		if (dialectMap != null && !dialectMap.isEmpty()) {
+			this.dialectMap = new IgnoreKeyCaseMap<String, String>(dialectMap);
+		}
+	}
 }
diff --git a/trunk/sqltoy-orm/src/main/java/org/sagacity/sqltoy/config/SqlConfigParseUtils.java b/trunk/sqltoy-orm/src/main/java/org/sagacity/sqltoy/config/SqlConfigParseUtils.java
@@ -26,7 +26,6 @@
 import org.sagacity.sqltoy.utils.CollectionUtil;
 import org.sagacity.sqltoy.utils.DataSourceUtils;
 import org.sagacity.sqltoy.utils.MacroIfLogic;
-import org.sagacity.sqltoy.utils.NumberUtil;
 import org.sagacity.sqltoy.utils.ReservedWordsUtil;
 import org.sagacity.sqltoy.utils.SqlUtil;
 import org.sagacity.sqltoy.utils.StringUtil;
@@ -863,14 +862,10 @@ else if (null != paramsValue[parameterMarkCnt - 1]) {
 				// 逗号分隔的条件参数
 				else if (paramsValue[parameterMarkCnt - 1] instanceof String) {
 					argValue = (String) paramsValue[parameterMarkCnt - 1];
-					// 剔除空白
-					String argTrim = argValue.replaceAll("\\s+", "");
-					// update 2023-11-21 增强单个字符串的处理
-					// 1、用逗号进行切割，校验是'xxx','xxxx1'形式或122,233数字形式
-					// 2、'abc'
-					// 3、1111
-					if ((argTrim.indexOf(",") > 0 && !argTrim.endsWith(",") && SqlUtil.validateInArg(argTrim))
-							|| (argTrim.startsWith("'") && argTrim.endsWith("'")) || NumberUtil.isNumber(argTrim)) {
+					// update 2023-11-21 增强field in (?) 参数值是单个字符串的处理(针对组装参数拼接场景)，避免sql注入
+					// 1、用逗号进行切割，校验是'xxx','xxxx1'或"a","b" 或 122,233 三种形式
+					// 2、无逗号分割：'abc'或"abc"或123 三种形式
+					if (SqlUtil.validateInArg(argValue)) {
 						partSql = argValue;
 						paramValueList.remove(parameterMarkCnt - 1 + incrementIndex);
 						incrementIndex--;