From 097efd407e27cff75dd6cbc7b8a2008bddb84808 Mon Sep 17 00:00:00 2001
From: Cason <1125193113@qq.com>
Date: Sun, 16 Jul 2023 21:19:01 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9Sql=E6=B3=A8=E5=85=A5?=
 =?UTF-8?q?=E6=A3=80=E6=B5=8B=E7=9A=84=E6=AD=A3=E5=88=99=E5=8C=B9=E9=85=8D?=
 =?UTF-8?q?=E8=A1=A8=E8=BE=BE=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../plugin/mybatisplus/engine/utils/SqlInjectionUtilSq.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stream-plugin/stream-plugin-mybatis-plus/src/main/java/org/dromara/streamquery/stream/plugin/mybatisplus/engine/utils/SqlInjectionUtilSq.java b/stream-plugin/stream-plugin-mybatis-plus/src/main/java/org/dromara/streamquery/stream/plugin/mybatisplus/engine/utils/SqlInjectionUtilSq.java
index 5bf794d2..d423194f 100644
--- a/stream-plugin/stream-plugin-mybatis-plus/src/main/java/org/dromara/streamquery/stream/plugin/mybatisplus/engine/utils/SqlInjectionUtilSq.java
+++ b/stream-plugin/stream-plugin-mybatis-plus/src/main/java/org/dromara/streamquery/stream/plugin/mybatisplus/engine/utils/SqlInjectionUtilSq.java
@@ -29,7 +29,7 @@ public class SqlInjectionUtilSq {
           "(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)",
           Pattern.CASE_INSENSITIVE);
   private static final Pattern SQL_COMMENT_PATTERN =
-      Pattern.compile("(or|union|--|#|/*|;)", Pattern.CASE_INSENSITIVE);
+          Pattern.compile("(['\"]?.*(\\bor\\b|\\bunion\\b|--|#|\\/\\*|;))", Pattern.CASE_INSENSITIVE);
 
   public SqlInjectionUtilSq() {}
 
-- 
Gitee