2023-11-14 取消sql脚本注入关键字。

zd-gateway/src/main/java/com/zd/gateway/filter/XssFilter.java

@@ -37,9 +37,6 @@ public class XssFilter implements GlobalFilter, Ordered {
     @Autowired
     private XssProperties xss;
 
-    private static final Pattern PATTERN = Pattern.compile("\\b(\\s*and\\s*|\\s*exec\\s*|\\s*insert\\s*|\\s*select\\s*|\\s*drop\\s*|\\s*grant\\s*|\\s*alter\\s*|\\s*" +
-            "delete\\s*|\\s*update\\s*|\\s*count\\s*|\\s*chr\\s*|\\s*mid\\s*|\\s*master\\s*|\\s*truncate\\s*|\\s*char\\s*|\\s*declare\\s*|\\s*or\\s*)\\b|(\\*|;|\\+)");
-
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
         ServerHttpRequest request = exchange.getRequest();
@@ -53,11 +50,6 @@ public class XssFilter implements GlobalFilter, Ordered {
             if(result){
                 throw new TypeMismatchException("非法参数异常!");
             }
-            String urlPath = request.getURI().getSchemeSpecificPart().toLowerCase();
-            Matcher matcher = PATTERN.matcher(urlPath);
-            if(matcher.find()){
-                throw new TypeMismatchException("非法参数异常!");
-            }
             return chain.filter(exchange);
         }
         // 非json类型，不过滤