Merge pull request #716 from uyong/master

修复sql注入检验不正确问题 #707

Author: abel533

src/main/java/com/github/pagehelper/util/SqlSafeUtil.java

@@ -36,7 +36,7 @@ public class SqlSafeUtil {
      * 参考: mybatis-plus-core/src/main/java/com/baomidou/mybatisplus/core/toolkit/sql/SqlInjectionUtils.java
      */
     private static final Pattern SQL_SYNTAX_PATTERN  = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)" +
-            ".+(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)", Pattern.CASE_INSENSITIVE);
+            "\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)", Pattern.CASE_INSENSITIVE);
     /**
      * 使用'、;或注释截断SQL检查正则
      * <p>

src/test/java/com/github/pagehelper/util/SqlSafeUtilTest.java

@@ -0,0 +1,35 @@
+package com.github.pagehelper.util;
+
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class SqlSafeUtilTest {
+
+	@Test
+	public void check() {
+		assertSql(true, "insert into xx");
+		// 无空格
+		assertSql(false, "insertxxinto xx");
+		assertSql(false, "insert_into");
+		assertSql(true, "SELECT aa FROM user");
+		// 无空格
+		assertSql(true, "SELECT*FROM user");
+		// 左空格
+		assertSql(true, "SELECT *FROM user");
+		// 右空格
+		assertSql(true, "SELECT* FROM user");
+		// 左tab
+		assertSql(true, "SELECT                 *FROM user");
+		// 右tab
+		assertSql(true, "SELECT*        FROM user");
+		assertSql(false, "SELECT*FROMuser");
+
+		// 验证 issue #707 问题
+		assertSql(false, "databaseType desc,orderNum desc");
+	}
+
+	private void assertSql(boolean injection, String sql) {
+		assertEquals(injection, SqlSafeUtil.check(sql));
+	}
+}