From 524ad4e6ddc04f2f0cfacb33f42c2f022629bbbb Mon Sep 17 00:00:00 2001
From: abbfun <819589789@qq.com>
Date: Mon, 23 May 2022 15:36:18 +0800
Subject: [PATCH] fastjson 版本升级 fastjson <= 1.2.80 存在反序列化任意代码执行漏洞

---
 ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
index 71a7ae1..5243849 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java
@@ -50,9 +50,9 @@
             return;
         }
         String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
-        for (int i = 0; i < sqlKeywords.length; i++)
+        for (String sqlKeyword : sqlKeywords)
         {
-            if (StringUtils.indexOfIgnoreCase(value, sqlKeywords[i]) > -1)
+            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1)
             {
                 throw new UtilException("参数存在SQL注入风险");
             }

--
Gitblit v1.9.2