manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sql过滤优化增加|sleep|union|load_file函数的过滤

Browse Source
This commit is contained in:
thinkgem
2020-09-28 15:11:27 +08:00
parent a95d663db3
commit 4e6e22e4dc
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
View File

@@ -263,7 +263,7 @@ public class EncodeUtils {
// 预编译SQL过滤正则表达式
private static Pattern sqlPattern = Pattern.compile(
"(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml)([\\s]*?)\\()|"
+ "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|case when)\\b)",
+ "(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|case when|sleep|union|load_file)\\b)",
Pattern.CASE_INSENSITIVE);
/**
@@ -286,8 +286,8 @@ public class EncodeUtils {
return null;
}
// public static void main(String[] args) {
// int i = 0;
public static void main(String[] args) {
int i = 0;
// xssFilter((++i)+"你好,<script>alert(document.cookie)</script>我还在。");
// xssFilter((++i)+"你好,<strong>加粗文字</strong>我还在。");
// xssFilter("<!--HTML-->"+(++i)+"你好,\"><strong>加粗文字</strong>我还在。");
@@ -313,10 +313,11 @@ public class EncodeUtils {
// xssFilter("<!--HTML-->"+(++i)+"你好,<a href='javascript:alert(\"abc\");'>hello</a>我还在。");
// xssFilter("<!--HTML-->"+(++i)+"你好,?abc=def&hello=123&world={\"a\":1}我还在。");
// xssFilter("<!--HTML-->"+(++i)+"你好,?abc=def&hello=123&world={'a':1}我还在。");
// sqlFilter((++i)+"你好select * from xxx where abc=def and 1=1我还在。");
// sqlFilter((++i)+"你好insert into xxx values(1,2,3,4,5)我还在。");
// sqlFilter((++i)+"你好delete from xxx我还在。");
// sqlFilter((++i)+"a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(11111111111111111) end then 1 else 1/0 end");
// }
sqlFilter((++i)+"你好select * from xxx where abc=def and 1=1我还在。");
sqlFilter((++i)+"你好insert into xxx values(1,2,3,4,5)我还在。");
sqlFilter((++i)+"你好delete from xxx我还在。");
sqlFilter((++i)+"你好,a.audit_result asc,case when 1 like case when length(database())=6 then 1 else exp(11111111111111111) end then 1 else 1/0 end");
sqlFilter((++i)+"你好if(1=2,1,SLEEP(10))");
}
}