forked from cyq1162/cyqdata
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SqlInjection.cs
126 lines (120 loc) · 4.68 KB
/
SqlInjection.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
using System;
namespace CYQ.Data.SQL
{
internal static class SqlInjection
{
//select;from,
internal const string filterSqlInjection = "select;into,delete;from,drop;table,drop;database,update;set,truncate;table,create;table,exists;select,insert;into,xp_cmdshell,declare;@,exec;master,waitfor;delay";
//internal const string replaceSqlInjection = "--";
private static string[] filterKeyList = null;
internal static string[] FilterKeyList
{
get
{
if (filterKeyList == null)
{
filterKeyList = filterSqlInjection.TrimEnd(',').Split(',');
}
return filterKeyList;
}
set
{
filterKeyList = value;
}
}
public static string Filter(string text, DalType dalType)
{
string[] items = null;
if (text.IndexOf("--") > -1)
{
items = text.Split(new string[] { "--" }, StringSplitOptions.None);
for (int i = 0; i < items.Length - 1; i++)
{
if (items[i].Split('\'').Length % 2 == (i == 0 ? 1 : 0))
{
text = text.Replace("--", string.Empty);//name like'% --aaa' --or name='--aa' 前面的 ' 号必须是单数
break;
}
}
items = null;
}
//foreach (string item in replaceSqlInjection.Split(','))
//{
// text = text.Replace(item, string.Empty);
//}
//text = text.Replace("--", "").Replace(";", "").Replace("&", "").Replace("*", "").Replace("||", "");
items = text.Split(' ', '(', ')');
if (items.Length == 1 && text.Length > 30)
{
if (text.IndexOf("%20") > -1)
{
Log.WriteLog(true, text);//记录日志
return "SqlInjection error:" + text;
}
}
else
{
switch (dalType)
{
case DalType.MySql:
case DalType.Oracle:
case DalType.SQLite:
for (int i = 0; i < items.Length; i++)//去掉字段的[字段],两个符号
{
if (!items[i].StartsWith("[#") && items[i].StartsWith("[") && items[i].EndsWith("]"))
{
text = text.Replace(items[i], items[i].Replace("[", string.Empty).Replace("]", string.Empty));
}
}
break;
}
}
string lowerText = text.ToLower();
items = lowerText.Split(' ', '(', ')');
int keyIndex = -1;
bool isOK = false;
string tempKey = string.Empty;
string filterKey = string.Empty;
string[] filterSpitItems = null;
for (int i = 0; i < FilterKeyList.Length; i++)
{
filterSpitItems = filterKeyList[i].Split(';');//分隔
filterKey = filterSpitItems[0];//取第一个为关键词
if (filterSpitItems.Length > 2)
{
continue;
}
else if (filterSpitItems.Length == 2) // 如果是两个词的。
{
keyIndex = Math.Min(lowerText.IndexOf(filterKey), lowerText.IndexOf(filterSpitItems[1]));
}
else
{
keyIndex = lowerText.IndexOf(filterKey);//过滤的关键词或词组
}
if (keyIndex > -1)
{
foreach (string item in items) // 用户传进来的每一个单独的词
{
tempKey = item.Trim('\'', '|', '!', '%', '^');
if (tempKey.IndexOf(filterKey) > -1 && tempKey.Length > filterKey.Length)
{
isOK = true;
break;
}
}
if (!isOK)
{
Log.WriteLog(true, FilterKeyList[i] + ":" + text);//记录日志
return "SqlInjection error:" + text;
}
else
{
isOK = false;
}
}
}
return text;
}
}
}