防止sql注入%

2025-07-10 10:25:29 +08:00 · 2025-07-10 10:25:29 +08:00 · 6427e0dd57
parent 2608079db1
commit 6427e0dd57
2 changed files with 42 additions and 0 deletions
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/NoPercent.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/NoPercent.java
@ -0,0 +1,22 @@
+package com.bonus.common.security.annotation;
+
+import com.bonus.common.security.utils.NoPercentValidator;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.*;
+
+/**
+ * 校验字符串不能包含 % 字符
+ */
+@Documented
+@Constraint(validatedBy = NoPercentValidator.class) // 指定校验逻辑类
+@Target({ElementType.FIELD, ElementType.PARAMETER}) // 可以用在字段或方法参数上
+@Retention(RetentionPolicy.RUNTIME) // 运行时生效
+public @interface NoPercent {
+    String message() default "不能包含 % 字符"; // 默认错误消息
+
+    Class<?>[] groups() default {}; // 校验分组
+
+    Class<? extends Payload>[] payload() default {};
+}
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/NoPercentValidator.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/NoPercentValidator.java
@ -0,0 +1,20 @@
+package com.bonus.common.security.utils;
+
+import com.bonus.common.security.annotation.NoPercent;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+/**
+ * 校验字符串是否包含 % 的实现类
+ */
+public class NoPercentValidator implements ConstraintValidator<NoPercent, String> {
+
+    @Override
+    public boolean isValid(String value, ConstraintValidatorContext context) {
+        if (value == null) {
+            return true; // 如果允许 null，返回 true；否则改为 false
+        }
+        return !value.contains("%"); // 如果不包含 % 则校验通过
+    }
+}