防全表更新与删除插件
title: 防全表更新与删除插件 date: 2021-12-14 19:13:02 permalink: /pages/f9a237/ article: false
# BlockAttackInnerInterceptor
针对 update 和 delete 语句 作用: 阻止恶意的全表更新删除
注入MybatisPlusInterceptor类,并配置BlockAttackInnerInterceptor拦截器
@Configuration
public class MybatisPlusConfig {
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
interceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
return interceptor;
}
}
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
测试示例(全表更新)
@SpringBootTest
public class QueryWrapperTest {
@Autowired
private UserService userService;
/**
+ SQL:UPDATE user SET name=?,email=?;
*/
@Test
public void test() {
User user = new User();
user.setId(999L);
user.setName("custom_name");
user.setEmail("xxx@mail.com");
// com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Prohibition of table update operation
userService.saveOrUpdate(user, null);
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
测试示例(部分更新)
@SpringBootTest
public class QueryWrapperTest {
@Autowired
private UserService userService;
/**
+ SQL:UPDATE user SET name=?, email=? WHERE id = ?;
*/
@Test
public void test() {
LambdaUpdateWrapper<User> wrapper = new LambdaUpdateWrapper<>();
wrapper.eq(User::getId, 1);
User user = new User();
user.setId(10L);
user.setName("custom_name");
user.setEmail("xxx@mail.com");
userService.saveOrUpdate(user, wrapper);
}}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
帮助我们改善此页面! (opens new window)
上次更新: 2022/11/03, 10:57:42