From 716878f6a56c53af06bc56e7b4eb42c70dd4087b Mon Sep 17 00:00:00 2001
From: qyx <565485304@qq.com>
Date: Mon, 19 Jun 2023 16:12:28 +0800
Subject: [PATCH] =?UTF-8?q?[Bug=E4=BF=AE=E5=A4=8D](master):=20=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8Dfilter=E9=87=8C=E9=9D=A2=E5=8F=91=E7=8E=B0=E7=9A=84?=
 =?UTF-8?q?=E5=BC=82=E5=B8=B8=E4=B8=8D=E8=83=BD=E6=88=90=E5=8A=9F=E6=8D=95?=
 =?UTF-8?q?=E8=8E=B7=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

如题
---
 .../api/filter/ExceptionController.java       | 25 +++++++++++++++++++
 .../adcallback/api/filter/SqlFilter.java      |  8 ++++--
 .../api/handler/GlobalExceptionHandler.java   | 25 +++++++++++++++++++
 .../RequestIllegalArgumentException.java      | 11 ++++++++
 4 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java
 create mode 100644 src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java
 create mode 100644 src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java

diff --git a/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java b/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java
new file mode 100644
index 0000000..b14e7db
--- /dev/null
+++ b/src/main/java/com/baiyee/adcallback/api/filter/ExceptionController.java
@@ -0,0 +1,25 @@
+package com.baiyee.adcallback.api.filter;
+
+import com.baiyee.adcallback.api.handler.RequestIllegalArgumentException;
+import org.omg.CORBA.UserException;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+
+@RestController
+public class ExceptionController {
+
+    @RequestMapping(CommonConstant.ERROR_CONTROLLER_PATH)
+    public void handleException(HttpServletRequest request){
+        throw new RequestIllegalArgumentException((String) request.getAttribute("filterError"));
+    }
+
+    public class CommonConstant {
+
+        /**
+         * 异常处理 controller request url
+         */
+        public static final String ERROR_CONTROLLER_PATH = "/error/throw";
+    }
+}
diff --git a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
index 13f81eb..84773b1 100644
--- a/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
+++ b/src/main/java/com/baiyee/adcallback/api/filter/SqlFilter.java
@@ -1,6 +1,7 @@
 package com.baiyee.adcallback.api.filter;
 
 import cn.hutool.core.util.StrUtil;
+import com.baiyee.adcallback.api.handler.RequestIllegalArgumentException;
 import org.springframework.context.annotation.Configuration;
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
@@ -32,8 +33,11 @@ public class SqlFilter implements Filter{
             }
         }
         if (sqlValidate(sql)) {
-            //TODO 这里直接抛异常处理，前后端交互项目中，请把错误信息按前后端"数据返回的VO"对象进行封装
-            throw new IOException("您发送请求中的参数中含有非法字符");
+            // 传递异常信息
+            servletRequest.setAttribute("filterError", "您发送请求中的参数中含有非法字符");
+            // 指定处理该请求的处理器
+            servletRequest.getRequestDispatcher(ExceptionController.CommonConstant.ERROR_CONTROLLER_PATH).forward(servletRequest, servletResponse);
+//            throw new RequestIllegalArgumentException("您发送请求中的参数中含有非法字符");
         } else {
             filterChain.doFilter(servletRequest, servletResponse);
         }
diff --git a/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java b/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java
new file mode 100644
index 0000000..451989a
--- /dev/null
+++ b/src/main/java/com/baiyee/adcallback/api/handler/GlobalExceptionHandler.java
@@ -0,0 +1,25 @@
+package com.baiyee.adcallback.api.handler;
+
+import com.baiyee.adcallback.api.common.CommonResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Slf4j
+@ControllerAdvice
+public class GlobalExceptionHandler {
+
+
+    /**
+     * 检查出有 SQL 注入风险的异常
+     * @param requestIllegalArgumentException SQL 注入异常
+     * @return 返回异常给前端
+     */
+    @ResponseBody
+    @ExceptionHandler(RequestIllegalArgumentException.class)  //该类为自定义异常类
+    public CommonResponse checkSQLInjectionException(RequestIllegalArgumentException requestIllegalArgumentException){
+        log.error("发生异常：{}",requestIllegalArgumentException.getMessage());
+        return CommonResponse.createByErrorMessage(requestIllegalArgumentException.getMessage());
+    }
+}
diff --git a/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java b/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java
new file mode 100644
index 0000000..d41831c
--- /dev/null
+++ b/src/main/java/com/baiyee/adcallback/api/handler/RequestIllegalArgumentException.java
@@ -0,0 +1,11 @@
+package com.baiyee.adcallback.api.handler;
+
+/**
+ * 检查请求中是否存在不合法 SQL注入 参数的异常
+ */
+public class RequestIllegalArgumentException extends RuntimeException{
+
+    public RequestIllegalArgumentException(String message){
+        super(message);
+    }
+}