.Net 全局过滤,防止SQL注入

问题背景:由于公司需要整改的老系统的漏洞检查,而系统就是没有使用参数化SQL即拼接查询语句开发的程序,导致漏洞扫描出现大量SQL注入问题。

解决方法:最好的办法就是不写拼接SQL,改用参数化SQL,推荐新项目使用,老项目改起来比较麻烦,花费的时间也多,最后选择用全局SQL过滤器过滤前端发送的请求内容。

代码:

cs 复制代码
/// <summary>
    /// 防止输入参数sql注入:Post Get Cookies
    /// </summary>
    public class SqlFilter : ActionFilterAttribute
    {
        private const string FilterSql = "execute,exec,select,insert,update,delete,create,drop,alter,exists,table,sysobjects,truncate,union,and,order,xor,or,mid,cast,where,asc,desc,xp_cmdshell,join,declare,nvarchar,varchar,char,sp_oacreate,wscript.shell,xp_regwrite,',%,;,--";

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            // -----------------------防 Post 注入-----------------------
            if (filterContext.HttpContext.Request.Form != null)
            {
                var isReadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
                //把 Form 属性改为可读写
                isReadonly?.SetValue(filterContext.HttpContext.Request.Form, false, null);

                for (var k = 0; k < filterContext.HttpContext.Request.Form.Count; k++)
                {
                    var inputKey = filterContext.HttpContext.Request.Form.Keys[k];
                    var inputValue = filterContext.HttpContext.Request.Form[inputKey];
                    var filters = FilterSql.Split(',');
                    inputValue = filters.Aggregate(inputValue, (current, filterSql) => Regex.Replace(current, filterSql, "", RegexOptions.IgnoreCase));
                    filterContext.HttpContext.Request.Form[inputKey] = inputValue;
                }
            }


            // -----------------------防 GET 注入-----------------------
            if (filterContext.HttpContext.Request.QueryString != null)
            {
                var isReadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
                //把 QueryString 属性改为可读写
                isReadonly?.SetValue(filterContext.HttpContext.Request.QueryString, false, null);

                for (var k = 0; k < filterContext.HttpContext.Request.QueryString.Count; k++)
                {
                    var inputKey = filterContext.HttpContext.Request.QueryString.Keys[k];
                    var inputValue = filterContext.HttpContext.Request.QueryString[inputKey];
                    var filters = FilterSql.Split(',');
                    inputValue = filters.Aggregate(inputValue, (current, filterSql) => Regex.Replace(current, filterSql, "", RegexOptions.IgnoreCase));
                    filterContext.HttpContext.Request.QueryString[inputKey] = inputValue;
                }
            }


            // -----------------------防 Cookies 注入-----------------------
            if (filterContext.HttpContext.Request.Cookies.Count > 0)
            {
                var isReadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);
                //把 Cookies 属性改为可读写
                isReadonly?.SetValue(filterContext.HttpContext.Request.Cookies, false, null);

                for (var k = 0; k < filterContext.HttpContext.Request.Cookies.Count; k++)
                {
                    var inputKey = filterContext.HttpContext.Request.Cookies.Keys[k];
                    var inputValue = filterContext.HttpContext.Request.Cookies[inputKey]?.Value;
                    var filters = FilterSql.Split(',');
                    inputValue = filters.Aggregate(inputValue, (current, filterSql) => Regex.Replace(current, filterSql, "", RegexOptions.IgnoreCase));
                    if (!(filterContext.HttpContext.Request.Cookies[inputKey] is null))
                    {
                        filterContext.HttpContext.Request.Cookies[inputKey].Value = inputValue;
                    }
                }
            }
            base.OnActionExecuting(filterContext);
        }
    }
相关推荐
喵叔哟4 小时前
7. 从0到上线:.NET 8 + ML.NET LTR 智能类目匹配实战--反馈存储与数据治理:MongoDB 设计与运维
运维·mongodb·.net
友善的鸡蛋5 小时前
项目中执行SQL报错oracle.jdbc.OracleDatabaseException: ORA-00942: 表或视图不存在
数据库·sql·oracle
.NET修仙日记5 小时前
SQL Server实战指南:从基础CRUD到高并发处理的完整面试题库
面试·职场和发展·c#·.net·sql server·.net全栈经典面试题库
Olrookie5 小时前
MySQL运维常用SQL
运维·数据库·sql·mysql·dba
星光一影7 小时前
HIS系统天花板,十大核心模块,门诊/住院/医保全流程打通,医院数字化转型首选
java·spring boot·后端·sql·elementui·html·scss
啊吧怪不啊吧8 小时前
初识SQL
服务器·数据库·sql
yuniko-n8 小时前
【力扣 SQL 50】连接
数据库·后端·sql·算法·leetcode
自己收藏学习8 小时前
统计订单总数并列出排名
数据库·sql·mysql
青山撞入怀111411 小时前
sql题目练习——聚合函数
数据库·sql
weixin_4569042718 小时前
基于.NET Framework 4.0的串口通信
开发语言·c#·.net