forked from cyq1162/cyqdata
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SqlInjection.cs
131 lines (125 loc) · 4.9 KB
/
SqlInjection.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
using System;
using System.Collections.Generic;
namespace CYQ.Data.SQL
{
internal static class SqlInjection
{
//select;from,
internal const string filterSqlInjection = "select;into,delete;from,drop;table,drop;database,update;set,truncate;table,create;table,exists;select,insert;into,xp_cmdshell,declare;@,exec;master,waitfor;delay";
//internal const string replaceSqlInjection = "--";
private static List<string> filterKeyList = null;
/// <summary>
/// 用List 也是因为内存读写异常问题(所有的[]数组,看似都有这问题)
/// </summary>
internal static List<string> FilterKeyList
{
get
{
if (filterKeyList == null)
{
filterKeyList = new List<string>();
filterKeyList.AddRange(filterSqlInjection.TrimEnd(',').Split(','));
}
return filterKeyList;
}
set
{
filterKeyList = value;
}
}
public static string Filter(string text, DalType dalType)
{
string[] items = null;
if (text.IndexOf("--") > -1)
{
items = text.Split(new string[] { "--" }, StringSplitOptions.None);
for (int i = 0; i < items.Length - 1; i++)
{
if (items[i].Split('\'').Length % 2 == (i == 0 ? 1 : 0))
{
text = text.Replace("--", string.Empty);//name like'% --aaa' --or name='--aa' 前面的 ' 号必须是单数
break;
}
}
items = null;
}
//foreach (string item in replaceSqlInjection.Split(','))
//{
// text = text.Replace(item, string.Empty);
//}
//text = text.Replace("--", "").Replace(";", "").Replace("&", "").Replace("*", "").Replace("||", "");
items = text.Split(' ', '(', ')');
if (items.Length == 1 && text.Length > 30)
{
if (text.IndexOf("%20") > -1)
{
Log.WriteLog(true, text);//记录日志
return "SqlInjection error:" + text;
}
}
else
{
switch (dalType)
{
case DalType.MySql:
case DalType.Oracle:
case DalType.SQLite:
for (int i = 0; i < items.Length; i++)//去掉字段的[字段],两个符号
{
if (!items[i].StartsWith("[#") && items[i].StartsWith("[") && items[i].EndsWith("]"))
{
text = text.Replace(items[i], items[i].Replace("[", string.Empty).Replace("]", string.Empty));
}
}
break;
}
}
string lowerText = text.ToLower();
items = lowerText.Split(' ', '(', ')');
int keyIndex = -1;
bool isOK = false;
string tempKey = string.Empty;
string filterKey = string.Empty;
string[] filterSpitItems = null;
for (int i = 0; i < FilterKeyList.Count; i++)
{
filterSpitItems = filterKeyList[i].Split(';');//分隔
filterKey = filterSpitItems[0];//取第一个为关键词
if (filterSpitItems.Length > 2)
{
continue;
}
else if (filterSpitItems.Length == 2) // 如果是两个词的。
{
keyIndex = Math.Min(lowerText.IndexOf(filterKey), lowerText.IndexOf(filterSpitItems[1]));
}
else
{
keyIndex = lowerText.IndexOf(filterKey);//过滤的关键词或词组
}
if (keyIndex > -1)
{
foreach (string item in items) // 用户传进来的每一个单独的词
{
tempKey = item.Trim('\'', '|', '!', '%', '^');
if (tempKey.IndexOf(filterKey) > -1 && tempKey.Length > filterKey.Length)
{
isOK = true;
break;
}
}
if (!isOK)
{
Log.WriteLog(true, FilterKeyList[i] + ":" + text);//记录日志
return "SqlInjection error:" + text;
}
else
{
isOK = false;
}
}
}
return text;
}
}
}