From bcd55a614473df47ef5f089a03cae49017cbb6e8 Mon Sep 17 00:00:00 2001
From: cp1996 <1102213590@qq.com>
Date: Fri, 10 Apr 2026 20:07:00 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=90=AF=E7=94=A8=20MyBatis-Plus=20Blo?=
=?UTF-8?q?ckAttackInnerInterceptor=20=E9=98=B2=E5=85=A8=E8=A1=A8=E6=9B=B4?=
=?UTF-8?q?=E6=96=B0/=E5=88=A0=E9=99=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
拦截无 WHERE 条件的 UPDATE / DELETE 语句,避免因业务 bug 或
SQL 注入导致整表数据被误清空。
由于 mybatis-plus 3.5.9 起将 jsqlparser 相关能力从 core 包
拆出到独立的 mybatis-plus-jsqlparser 模块,BlockAttackInnerInterceptor
依赖 SQL 解析,需要显式引入该依赖。
改动:
- pom.xml (根):dependencyManagement 加入 mybatis-plus-jsqlparser
- opsli-base-support/opsli-core/pom.xml:引入 mybatis-plus-jsqlparser
- MyBatisPlusConfig.java:import BlockAttackInnerInterceptor,
取消原有注释并启用拦截器
---
opsli-base-support/opsli-core/pom.xml | 6 ++++++
.../opsli/core/autoconfigure/conf/MyBatisPlusConfig.java | 6 ++++--
pom.xml | 7 +++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/opsli-base-support/opsli-core/pom.xml b/opsli-base-support/opsli-core/pom.xml
index 53d2ae18..91dd1cc5 100644
--- a/opsli-base-support/opsli-core/pom.xml
+++ b/opsli-base-support/opsli-core/pom.xml
@@ -111,6 +111,12 @@
mybatis-plus-spring-boot3-starter
+
+
+ com.baomidou
+ mybatis-plus-jsqlparser
+
+
com.github.pagehelper
pagehelper-spring-boot-starter
diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/MyBatisPlusConfig.java b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/MyBatisPlusConfig.java
index 3b6c9491..19f9cdd1 100644
--- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/MyBatisPlusConfig.java
+++ b/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/MyBatisPlusConfig.java
@@ -16,6 +16,7 @@
package org.opsli.core.autoconfigure.conf;
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.BlockAttackInnerInterceptor;
import com.baomidou.mybatisplus.extension.plugins.inner.OptimisticLockerInnerInterceptor;
import lombok.extern.slf4j.Slf4j;
import org.apache.ibatis.session.SqlSessionFactory;
@@ -49,8 +50,9 @@ public class MyBatisPlusConfig {
// 乐观锁
mybatisPlusInterceptor.addInnerInterceptor(new OptimisticLockerInnerInterceptor());
- // 防止全表更新与删除插件
- //mybatisPlusInterceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
+ // 防止全表更新与删除插件 - 安全加固
+ // 拦截无 WHERE 条件的 UPDATE/DELETE,避免因业务 bug 或 SQL 注入导致整表数据被清空
+ mybatisPlusInterceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
return mybatisPlusInterceptor;
}
diff --git a/pom.xml b/pom.xml
index 41e2498d..77f11573 100644
--- a/pom.xml
+++ b/pom.xml
@@ -148,6 +148,13 @@
${mybatis-plus.version}
+
+
+ com.baomidou
+ mybatis-plus-jsqlparser
+ ${mybatis-plus.version}
+
+
com.github.pagehelper
pagehelper-spring-boot-starter