From 2c97ee5f2c4be45621d1c466f2172b6144e214f1 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:43:55 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/common/config/AdminInterceptor.java | 38 +++++++++++++------
src/main/java/com/zy/common/utils/SqlInjectionUtils.java | 22 +++++++++++
pom.xml | 3 -
3 files changed, 49 insertions(+), 14 deletions(-)
diff --git a/pom.xml b/pom.xml
index 820fffd..e8a4fe3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,8 +17,7 @@
<java.version>1.8</java.version>
<cool.version>3.2.0</cool.version>
<mysql-driver.version>5.1.47</mysql-driver.version>
-<!-- <mybatis-plus.version>2.3.2</mybatis-plus.version>-->
- <mybatis-plus.version> 3.5.9</mybatis-plus.version>
+ <mybatis-plus.version>2.3.2</mybatis-plus.version>
<fastjson.version>1.2.58</fastjson.version>
<springfox.version>2.7.0</springfox.version>
</properties>
diff --git a/src/main/java/com/zy/common/config/AdminInterceptor.java b/src/main/java/com/zy/common/config/AdminInterceptor.java
index e05cb80..c947fa0 100644
--- a/src/main/java/com/zy/common/config/AdminInterceptor.java
+++ b/src/main/java/com/zy/common/config/AdminInterceptor.java
@@ -8,6 +8,7 @@
import com.core.common.Cools;
import com.zy.common.properties.SystemProperties;
import com.zy.common.utils.Http;
+import com.zy.common.utils.SqlInjectionUtils;
import com.zy.system.entity.*;
import com.zy.system.service.*;
import org.springframework.beans.factory.annotation.Autowired;
@@ -22,6 +23,7 @@
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.Date;
+import java.util.Map;
/**
* Created by vincent on 2019-06-13
@@ -50,17 +52,22 @@
}
// super璐﹀彿
String token = request.getHeader("token");
- if (token!=null) {
+ if (token != null) {
String deToken = Cools.deTokn(token, superPwd);
- if (deToken!=null){
+ if (deToken != null) {
long timestamp = Long.parseLong(deToken.substring(0, 13));
// 1澶╁悗杩囨湡
- if (System.currentTimeMillis() - timestamp > 86400000){
+ if (System.currentTimeMillis() - timestamp > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
if ("super".equals(deToken.substring(13))) {
request.setAttribute("userId", 9527);
+ Map<String, String[]> parameterMap = request.getParameterMap();
+ if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
+ Http.response(response, "sql娉ㄥ叆锛岃姝h璁块棶");
+ return false;
+ }
return true;
}
}
@@ -74,15 +81,15 @@
// response.setHeader("Access-Control-Allow-Origin", "*");
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
- if (method.isAnnotationPresent(AppAuth.class)){
+ if (method.isAnnotationPresent(AppAuth.class)) {
AppAuth annotation = method.getAnnotation(AppAuth.class);
- if (annotation.value().equals(AppAuth.Auth.CHECK)){
+ if (annotation.value().equals(AppAuth.Auth.CHECK)) {
request.setAttribute("appAuth", annotation.memo());
}
}
- if (method.isAnnotationPresent(ManagerAuth.class)){
+ if (method.isAnnotationPresent(ManagerAuth.class)) {
ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
- if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
+ if (annotation.value().equals(ManagerAuth.Auth.CHECK)) {
return check(request, response, annotation.memo());
}
}
@@ -108,7 +115,7 @@
try {
String token = request.getHeader("token");
UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
- if (null == userLogin){
+ if (null == userLogin) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -116,7 +123,7 @@
// String deToken = Cools.deTokn(token, user.getPassword());
// long timestamp = Long.parseLong(deToken.substring(0, 13));
// 15鍒嗛挓鍚庤繃鏈� 涓�澶�
- if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 86400000){
+ if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 86400000) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -125,6 +132,12 @@
Http.response(response, BaseRes.LIMIT);
return false;
}
+ Map<String, String[]> parameterMap = request.getParameterMap();
+ if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
+ Http.response(response, "sql娉ㄥ叆锛岃姝h璁块棶");
+ return false;
+ }
+
// 璇锋眰缂撳瓨
request.setAttribute("userId", user.getId());
// 鏇存柊 token 鏈夋晥鏈�
@@ -139,14 +152,14 @@
}
// 璁板綍鎿嶄綔鏃ュ織
OperateLog operateLog = new OperateLog();
- operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
+ operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo);
operateLog.setIp(request.getRemoteAddr());
operateLog.setUserId(user.getId());
operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
request.setAttribute("operateLog", operateLog);
}
return true;
- } catch (Exception e){
+ } catch (Exception e) {
Http.response(response, BaseRes.DENIED);
return false;
}
@@ -155,6 +168,7 @@
/**
* 鏉冮檺鎷︽埅
+ *
* @return false:鏃犳潈闄�; true:璁よ瘉閫氳繃
*/
private boolean limit(String action, User user) {
@@ -172,7 +186,7 @@
/**
* 璺ㄥ煙
*/
- public static void cors(HttpServletResponse response){
+ public static void cors(HttpServletResponse response) {
// 璺ㄥ煙璁剧疆
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
diff --git a/src/main/java/com/zy/common/utils/SqlInjectionUtils.java b/src/main/java/com/zy/common/utils/SqlInjectionUtils.java
new file mode 100644
index 0000000..8ca6fab
--- /dev/null
+++ b/src/main/java/com/zy/common/utils/SqlInjectionUtils.java
@@ -0,0 +1,22 @@
+package com.zy.common.utils;
+
+import java.util.Objects;
+import java.util.regex.Pattern;
+
+public class SqlInjectionUtils {
+ private static final Pattern SQL_SYNTAX_PATTERN = Pattern.compile("(insert|delete|update|select|create|drop|truncate|grant|alter|deny|revoke|call|execute|exec|declare|show|rename|set)\\s+.*(into|from|set|where|table|database|view|index|on|cursor|procedure|trigger|for|password|union|and|or)|(select\\s*\\*\\s*from\\s+)|if\\s*\\(.*\\)|select\\s*\\(.*\\)|substr\\s*\\(.*\\)|substring\\s*\\(.*\\)|char\\s*\\(.*\\)|concat\\s*\\(.*\\)|benchmark\\s*\\(.*\\)|sleep\\s*\\(.*\\)|(and|or)\\s+.*", 2);
+ private static final Pattern SQL_COMMENT_PATTERN = Pattern.compile("'.*(or|union|--|#|/\\*|;)", 2);
+
+ public SqlInjectionUtils() {
+ }
+
+ public static boolean check(String value) {
+ Objects.requireNonNull(value);
+ return SQL_COMMENT_PATTERN.matcher(value).find() || SQL_SYNTAX_PATTERN.matcher(value).find();
+ }
+
+ public static String removeEscapeCharacter(String text) {
+ Objects.nonNull(text);
+ return text.replaceAll("\"", "").replaceAll("'", "");
+ }
+}
--
Gitblit v1.9.1