add mybatis demo

VillanCh · VillanCh · commit 1189804ff784 · 2024-08-05T18:05:20.000+08:00
diff --git a/java-mybatis-plus-mapper/java-mybatis-injection-checking.sf b/java-mybatis-plus-mapper/java-mybatis-injection-checking.sf
@@ -0,0 +1,12 @@
+desc(
+  title: 'checking []',
+  type: audit
+)
+
+// write your SyntaxFlow Rule, like:
+//     DocumentBuilderFactory.newInstance()...parse(* #-> * as $source) as $sink; // find some call chain for parse
+//     check $sink then 'find sink point' else 'No Found' // if not found sink, the rule will stop here and report error
+//     alert $source // record $source
+
+
+// the template is generate by yak.ssa.syntaxflow command line
diff --git a/java-mybatis-plus-mapper/sample/MapperWIthoutAnnotation.java b/java-mybatis-plus-mapper/sample/MapperWIthoutAnnotation.java
@@ -0,0 +1,8 @@
+package com.mycompany.myapp;
+
+public interface UserMapper {
+    User getUser(int id);
+    int insertUser(User user);
+    void updateUser(User user);
+    void deleteUser(int id);
+}
diff --git a/java-mybatis-plus-mapper/sample/UserMapperWithAnnotation.java b/java-mybatis-plus-mapper/sample/UserMapperWithAnnotation.java
@@ -2,7 +2,7 @@
 import org.apache.ibatis.annotations.*;
 import java.util.List;
 
-public interface UserMapper extends BaseMapper<User> {
+public interface UserMapperWithAnnotation extends BaseMapper<User> {
     @Select("SELECT * FROM users WHERE age = #{age} AND name = #{name} AND email = #{email}")
     List<User> selectUsersByMultipleFields(int age, String name, String email);
 
diff --git a/java-mybatis-plus-mapper/sample/mapper.xml b/java-mybatis-plus-mapper/sample/mapper.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.mycompany.myapp.UserMapper">
+    <resultMap id="UserResult" type="com.mycompany.myapp.User">
+        <id property="id" column="id" />
+        <result property="name" column="name" />
+        <result property="email" column="email" />
+    </resultMap>
+
+    <select id="getUser" resultMap="UserResult">
+        SELECT * FROM User WHERE id = #{id}
+    </select>
+
+    <insert id="insertUser" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO User (name, email) VALUES (#{name}, #{email})
+    </insert>
+
+    <update id="updateUser">
+        UPDATE User SET name=#{name}, email=#{email} WHERE id=#{id}
+    </update>
+
+    <delete id="deleteUser">
+        DELETE FROM User WHERE id=#{id}
+    </delete>
+</mapper>
diff --git a/java-mybatis-plus-mapper/sample/mybatis-config.xml b/java-mybatis-plus-mapper/sample/mybatis-config.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+    <environments default="development">
+        <environment id="development">
+            <transactionManager type="JDBC"/>
+            <dataSource type="POOLED">
+                <property name="driver" value="com.mysql.jdbc.Driver"/>
+                <property name="url" value="jdbc:mysql://localhost:3306/mydatabase"/>
+                <property name="username" value="root"/>
+                <property name="password" value="password"/>
+            </dataSource>
+        </environment>
+    </environments>
+    <mappers>
+        <mapper resource="com/mycompany/myapp/BaseMapper.xml"/>
+    </mappers>
+</configuration>
diff --git a/java-servlet/java-servlet-finding.sf b/java-servlet/java-servlet-finding.sf
@@ -1,7 +1,7 @@
 desc(
   title: 'checking [Servlet Web Parameters Finding]',
   type: audit,
-  lib: servlet-params
+  lib: 'servlet-params'
 )
 
 /(do(Get|Post|Delete|Filter|\w+))|(service)/(*?{!have: this && opcode: param } as $req);
diff --git a/java-struts-realworld/java-struts-entry.sf b/java-struts-realworld/java-struts-entry.sf
@@ -0,0 +1,12 @@
+desc(
+  title: 'checking []',
+  type: audit
+)
+
+// Action.__ref__?{opcode: function}<getObject> as $actions;
+.inherits?{have: ActionSupport}<getObject>.set*?{opcode: function} as $setter;
+$setter<name><regexp("^set(\\w+)$", group=1)><strlower> as $name;
+$setter<getObject><name>?{!have: ':' && !have: " " && !have: '='} as $class;
+
+
+<fuzztag("{{class}}./(?i){{name}}/ as $entry")><eval>;

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`desc(`
`2`	`2`	`title: 'checking [Servlet Web Parameters Finding]',`
`3`	`3`	`type: audit,`
`4`		`- lib: servlet-params`
	`4`	`+ lib: 'servlet-params'`
`5`	`5`	`)`
`6`	`6`
`7`	`7`	`/(do(Get\|Post\|Delete\|Filter\|\w+))\|(service)/(*?{!have: this && opcode: param } as $req);`