Remove SQL Injection Filter of NativeRepository And Relative Refactor (…

…#10)

sqli-builder/src/main/java/io/xream/sqli/filter/UnsafeSyntaxFilter.java

@@ -26,7 +26,6 @@
 public interface UnsafeSyntaxFilter {
 
     default String filter(String sql) {
-        return sql.replace("'", "''")
-                .replace(";", SqlScript.SPACE);
+        return sql.replace("'", "''");
     }
 }

sqli-core/src/main/java/io/xream/sqli/core/NativeSupport.java

@@ -26,7 +26,7 @@
  */
 public interface NativeSupport {
 
-     <T> boolean execute(Class<T> clzz, String sql);
+     boolean execute(String sql, Object...objs);
 
      List<Map<String,Object>> list(String sql, List<Object> conditionList);
 }

sqli-core/src/main/java/io/xream/sqli/spi/JdbcHelper.java

@@ -40,7 +40,7 @@ public interface JdbcHelper extends BaseFinder, ResultMapFinder {
 
     boolean remove(String sql, Object id);
 
-    boolean execute(String sql);
+    boolean execute(String sql,Object...objs);
 
     <K> List<K> queryForPlainValueList(Class<K> clzz, String sql, Collection<Object> valueList, Dialect dialect);
 

sqli-repo/src/main/java/io/xream/sqli/repository/core/CacheableRepository.java

@@ -230,19 +230,8 @@ public <T> List<T> list(Criteria criteria) {
     }
 
 
-    public <T> boolean execute(Class<T> clzz, String sql) {
-
-        Parsed parsed = Parser.get(clzz);
-        boolean b = dao.execute(clzz, sql);
-
-        if (!b)
-            return b;
-        if (isCacheEnabled(parsed)) {
-            String key = ParserUtil.getCacheKey(clzz, parsed);
-            cacheResolver.refresh(clzz, key);
-        }
-
-        return b;
+    public boolean execute(String sql, Object...objs) {
+        return dao.execute(sql,objs);
     }
 
 

sqli-repo/src/main/java/io/xream/sqli/repository/dao/Dao.java

@@ -66,8 +66,7 @@ List<Map<String,Object>>  list(String sql,
 
 	<T> List<T> list(Criteria criteria);
 
-	@Deprecated
-	<T> boolean execute(Class<T> clzz, String sql);
+	boolean execute(String sql, Object...objs);
 
 	<T> T getOne(T conditionObj);
 

sqli-repo/src/main/java/io/xream/sqli/repository/dao/DaoImpl.java

@@ -19,6 +19,7 @@
 package io.xream.sqli.repository.dao;
 
 import io.xream.sqli.annotation.X;
+import io.xream.sqli.api.NativeRepository;
 import io.xream.sqli.builder.*;
 import io.xream.sqli.builder.internal.PageBuilderHelper;
 import io.xream.sqli.converter.ObjectDataConverter;
@@ -175,8 +176,6 @@ public boolean createOrReplace(Object obj) {
     @Override
     public List<Map<String, Object>> list(String sql, List<Object> conditionList) {
 
-        sql = sqlBuilder.filter(sql);
-
         return this.jdbcHelper.queryForResultMapList(sql, conditionList,null, null,this.dialect);
     }
 
@@ -262,21 +261,14 @@ private long getCount(Class clz, String sql, Collection<Object> list) {
 
     /**
      *
-     * @param clzz
+     * @param
      * @param sql
      */
     @Deprecated
     @Override
-    public boolean execute(Class clzz, String sql) {
-
-        Parsed parsed = Parser.get(clzz);
-
-        sql = sqlBuilder.filter(sql);
-        sql = SqlParserUtil.mapperForNative(sql, parsed);
-
-        SqliLoggerProxy.debug(clzz, sql);
+    public boolean execute(String sql, Object...objs) {
 
-        return this.jdbcHelper.execute(sql);
+        return this.jdbcHelper.execute(sql,objs);
 
     }
 

sqli-repo/src/main/java/io/xream/sqli/repository/internal/DefaultNativeRepository.java

@@ -54,9 +54,9 @@ public void setNativeSupport(NativeSupport nativeSupport){
 	}
 
 	@Override
-	public <T> boolean execute(Class<T> clzz, String sql){
+	public boolean execute(String sql, Object...objs){
 		try {
-			return nativeSupport.execute(clzz, sql);
+			return nativeSupport.execute(sql, objs);
 		}catch (Exception e) {
 			if (e instanceof RuntimeException){
 				throw e;

sqli-repo/src/main/java/io/xream/sqli/repository/util/SqlParserUtil.java

@@ -26,35 +26,10 @@
  */
 public final class SqlParserUtil {
 
-    public final static String COMMA = ",";
     public final static String SPACE = " ";
     public final static String SQL_KEYWORD_MARK = "`";
 
 
-    public static String mapperForNative(String sqlSegment, Parsed parsed) {
-
-        sqlSegment = mapper(sqlSegment,parsed);
-
-        if (parsed.isNoSpec())
-            return sqlSegment;
-
-        if (!sqlSegment.contains(COMMA))
-            return sqlSegment;
-
-        for (String property : parsed.getPropertyMapperMap().keySet()){//FIXME 解析之后, 替换,拼接
-            String key = SPACE+property+COMMA;
-            String value = SPACE+parsed.getMapper(property)+COMMA;
-            sqlSegment = sqlSegment.replaceAll(key, value);
-        }
-        for (String property : parsed.getPropertyMapperMap().keySet()){//FIXME 解析之后, 替换,拼接
-            String key = COMMA+property+COMMA;
-            String value = COMMA+parsed.getMapper(property)+COMMA;
-            sqlSegment = sqlSegment.replaceAll(key, value);
-        }
-        return sqlSegment;
-    }
-
-
     public static String mapper(String sql, Parsed parsed) {
 
         if (parsed.isNoSpec())

sqli-repo/src/main/java/io/xream/sqli/starter/InitializerListener.java

@@ -22,6 +22,7 @@
 import io.xream.sqli.builder.DialectSupport;
 import io.xream.sqli.core.NativeSupport;
 import io.xream.sqli.core.RepositoryManagement;
+import io.xream.sqli.exception.ParsingException;
 import io.xream.sqli.parser.Parser;
 import io.xream.sqli.repository.exception.UninitializedException;
 import io.xream.sqli.repository.init.SqlInit;
@@ -37,22 +38,30 @@ public class InitializerListener {
     private final static Logger logger = LoggerFactory.getLogger(InitializerListener.class);
 
     private static InitializerListener instance;
-    private InitializerListener(){}
+
+    private InitializerListener() {
+    }
 
     public static void onStarted(NativeSupport nativeSupport, DialectSupport dialect, SqlInit sqlInit) {
 
         if (instance != null)
             return;
         instance = new InitializerListener();
 
+
         for (BaseRepository repository : RepositoryManagement.REPOSITORY_LIST) {
             if (repository.getClzz() == Void.class)
                 continue;
-            logger.info("Parsing {}" ,repository.getClzz());
-            Parser.get(repository.getClzz());
+            logger.info("Parsing {}", repository.getClzz());
+            try {
+                Parser.get(repository.getClzz());
+            } catch (Exception e) {
+                if (e instanceof ParsingException) {
+                    throw new ParsingException(repository.getClzz() + ", " + e.getMessage());
+                }
+            }
         }
 
-
         boolean flag = false;
         boolean isNotSupportTableSql = false;
 
@@ -65,12 +74,12 @@ public static void onStarted(NativeSupport nativeSupport, DialectSupport dialect
                 String createSql = sqlInit.tryToParse(clz);
                 String test = sqlInit.getSql(clz, SqlInit.CREATE);
                 if (SqliStringUtil.isNullOrEmpty(test)) {
-                    logger.info("Failed to start sqli-repo, check Bean: {}",clz);
+                    logger.info("Failed to start sqli-repo, check Bean: {}", clz);
                     throw new UninitializedException("Failed to start sqli-repo, check Bean: " + clz);
                 }
 
                 if (SqliStringUtil.isNotNull(createSql)) {
-                    nativeSupport.execute(clz, createSql);
+                    nativeSupport.execute(createSql);
                 }
 
             } catch (Exception e) {
@@ -85,7 +94,7 @@ public static void onStarted(NativeSupport nativeSupport, DialectSupport dialect
             logger.info("The dialect not support creating table, try to implement Dialect.buildTableSql(clzz, isTemporary)");
         }
 
-        logger.info("sqli-repo " + (flag ? "still " : "") + "started" + (flag ? " OK, wtih some problem" : "" ) + "\n");
+        logger.info("sqli-repo " + (flag ? "still " : "") + "started" + (flag ? " OK, wtih some problem" : "") + "\n");
 
     }
 }