Commit 0275e34

committed

增加ToSql接口,处理@column重命名列名时的sql注入的情况

1 parent afe7e8a commit 0275e34Copy full SHA for 0275e34

File tree

2 files changed

+98

-6

lines changed

APIJSON.NET/APIJSONCommon
- Properties
  - AssemblyInfo.cs
- SelectTable.cs

2 files changed

+98

-6

lines changed

`‎APIJSON.NET/APIJSONCommon/Properties/AssemblyInfo.cs`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`// 控制。更改这些特性值可修改`
`7`	`7`	`// 与程序集关联的信息。`
`8`	`8`	`[assembly: AssemblyTitle("ApiJson.Common")]`
`9`		`-[assembly: AssemblyDescription("单表查询的返回节点指定为Infos")]`
	`9`	`+[assembly: AssemblyDescription("增加ToSql接口,处理sql注入的情况")]`
`10`	`10`	`[assembly: AssemblyConfiguration("")]`
`11`	`11`	`[assembly: AssemblyCompany("")]`
`12`	`12`	`[assembly: AssemblyProduct("ApiJson.Common")]`
`@@ -32,5 +32,5 @@`
`32`	`32`	`//可以指定所有这些值,也可以使用"生成号"和"修订号"的默认值`
`33`	`33`	`//通过使用 "*",如下所示:`
`34`	`34`	`// [assembly: AssemblyVersion("1.0.*")]`
`35`		`-[assembly: AssemblyVersion("0.0.4.0")]`
`36`		`-[assembly: AssemblyFileVersion("0.0.4.0")]`
	`35`	`+[assembly: AssemblyVersion("0.0.6.0")]`
	`36`	`+[assembly: AssemblyFileVersion("0.0.6.0")]`

`‎APIJSON.NET/APIJSONCommon/SelectTable.cs`

Lines changed: 95 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,19 @@ public object ExecFunc(string funcname, object[] param, Type[] types)`
`66`	`66`	`return result;`
`67`	`67`	`}`
`68`	`68`
	`69`	`+ private string ToSql(string subtable, int page, int count, int query, string json)`
	`70`	`+ {`
	`71`	`+ JObject values = JObject.Parse(json);`
	`72`	`+ page = values["page"] == null ? page : int.Parse(values["page"].ToString());`
	`73`	`+ count = values["count"] == null ? count : int.Parse(values["count"].ToString());`
	`74`	`+ query = values["query"] == null ? query : int.Parse(values["query"].ToString());`
	`75`	`+ values.Remove("page");`
	`76`	`+ values.Remove("count");`
	`77`	`+ subtable = _tableMapper.GetTableName(subtable);`
	`78`	`+ var tb = sugarQueryable(subtable, "*", values,null);`
	`79`	`+ var xx= tb.Skip((page - 1) * count).Take(10).ToSql();`
	`80`	`+ return xx.Key;`
	`81`	`+ }`
`69`	`82`	`/// <summary>`
`70`	`83`	`///`
`71`	`84`	`/// </summary>`
`@@ -187,8 +200,9 @@ public JObject Query(string queryJson)`
`187`	`200`	`/// 单表查询`
`188`	`201`	`/// </summary>`
`189`	`202`	`/// <param name="queryObj"></param>`
	`203`	`+ /// <param name="nodeName">返回数据的节点名称默认为 infos</param>`
`190`	`204`	`/// <returns></returns>`
`191`		`- public JObject QuerySingle(JObject queryObj)`
	`205`	`+ public JObject QuerySingle(JObject queryObj,stringnodeName="infos")`
`192`	`206`	`{`
`193`	`207`	`JObject resultObj = new JObject();`
`194`	`208`	`resultObj.Add("code", "200");`
`@@ -202,7 +216,7 @@ public JObject QuerySingle(JObject queryObj)`
`202`	`216`
`203`	`217`	`if (key.EndsWith("[]"))`
`204`	`218`	`{`
`205`		`- total = QuerySingleList(resultObj, item, "Infos");`
	`219`	`+ total = QuerySingleList(resultObj, item, nodeName);`
`206`	`220`	`}`
`207`	`221`	`else if (key.Equals("func"))`
`208`	`222`	`{`
`@@ -222,6 +236,25 @@ public JObject QuerySingle(JObject queryObj)`
`222`	`236`	`return resultObj;`
`223`	`237`	`}`
`224`	`238`
	`239`	`+ /// <summary>`
	`240`	`+ /// 获取查询语句`
	`241`	`+ /// </summary>`
	`242`	`+ /// <param name="queryObj"></param>`
	`243`	`+ /// <returns></returns>`
	`244`	`+ public string ToSql(JObject queryObj)`
	`245`	`+ {`
	`246`	`+ foreach (var item in queryObj)`
	`247`	`+ {`
	`248`	`+ string key = item.Key.Trim();`
	`249`	`+`
	`250`	`+ if (key.EndsWith("[]"))`
	`251`	`+ {`
	`252`	`+ return ToSql(item);`
	`253`	`+ }`
	`254`	`+ }`
	`255`	`+ return string.Empty;`
	`256`	`+ }`
	`257`	`+`
`225`	`258`	`/// <summary>`
`226`	`259`	`/// 解析并查询`
`227`	`260`	`/// </summary>`
`@@ -284,6 +317,7 @@ private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item`
`284`	`317`	`int total = 0;`
`285`	`318`
`286`	`319`	`jb.Remove("page"); jb.Remove("count"); jb.Remove("query");`
	`320`	`+`
`287`	`321`	`var htt = new JArray();`
`288`	`322`	`foreach (var t in jb)`
`289`	`323`	`{`
`@@ -307,6 +341,23 @@ private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item`
`307`	`341`	`return total;`
`308`	`342`	`}`
`309`	`343`
	`344`	`+ private string ToSql(KeyValuePair<string, JToken> item)`
	`345`	`+ {`
	`346`	`+ string key = item.Key.Trim();`
	`347`	`+ var jb = JObject.Parse(item.Value.ToString());`
	`348`	`+ int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString());`
	`349`	`+ int count = jb["count"] == null ? 10 : int.Parse(jb["count"].ToString());`
	`350`	`+ int query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());`
	`351`	`+`
	`352`	`+ jb.Remove("page"); jb.Remove("count"); jb.Remove("query");`
	`353`	`+ var htt = new JArray();`
	`354`	`+ foreach (var t in jb)`
	`355`	`+ {`
	`356`	`+ return ToSql(t.Key, page, count, query, t.Value.ToString());`
	`357`	`+ }`
	`358`	`+`
	`359`	`+ return string.Empty;`
	`360`	`+ }`
`310`	`361`	`//单表查询`
`311`	`362`	`private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item)`
`312`	`363`	`{`
`@@ -495,7 +546,13 @@ private void ProcessColumn(string subtable, string selectrole, JObject values, I`
`495`	`546`	`if (colName == "*" \|\| int.TryParse(colName, out int colNumber) \|\| (IsCol(subtable, colName) && _identitySvc.ColIsRole(colName, selectrole.Split(','))))`
`496`	`547`	`{`
`497`	`548`	`if (ziduan.Length > 1)`
`498`		`- str.Append(ziduan[0] + " as " + ziduan[1] + ",");`
	`549`	`+ {`
	`550`	`+ if (ziduan[1].Length > 20)`
	`551`	`+ {`
	`552`	`+ throw new Exception("别名不能超过20个字符");`
	`553`	`+ }`
	`554`	`+ str.Append(ziduan[0] + " as " + ReplaceSQLChar(ziduan[1]) + ",");`
	`555`	`+ }`
`499`	`556`	`else`
`500`	`557`	`str.Append(ziduan[0] + ",");`
`501`	`558`
`@@ -744,5 +801,40 @@ private void FuzzyQuery(string subtable, List<IConditionalModel> conModels, KeyV`
`744`	`801`	`conModels.Add(new ConditionalModel() { FieldName = vakey.TrimEnd('$'), ConditionalType = conditionalType, FieldValue = fieldValue.TrimEnd("%".ToArray()).TrimStart("%".ToArray()) });`
`745`	`802`	`}`
`746`	`803`	`}`
	`804`	`+`
	`805`	`+ public string ReplaceSQLChar(string str)`
	`806`	`+ {`
	`807`	`+ if (str == String.Empty)`
	`808`	`+ return String.Empty;`
	`809`	`+ str = str.Replace("'", "");`
	`810`	`+ str = str.Replace(";", "");`
	`811`	`+ str = str.Replace(",", "");`
	`812`	`+ str = str.Replace("?", "");`
	`813`	`+ str = str.Replace("<", "");`
	`814`	`+ str = str.Replace(">", "");`
	`815`	`+ str = str.Replace("(", "");`
	`816`	`+ str = str.Replace(")", "");`
	`817`	`+ str = str.Replace("@", "");`
	`818`	`+ str = str.Replace("=", "");`
	`819`	`+ str = str.Replace("+", "");`
	`820`	`+ str = str.Replace("*", "");`
	`821`	`+ str = str.Replace("&", "");`
	`822`	`+ str = str.Replace("#", "");`
	`823`	`+ str = str.Replace("%", "");`
	`824`	`+ str = str.Replace("$", "");`
	`825`	`+ str = str.Replace("\"", "");`
	`826`	`+`
	`827`	`+ //删除与数据库相关的词`
	`828`	`+ str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);`
	`829`	`+ str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);`
	`830`	`+ str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);`
	`831`	`+ str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);`
	`832`	`+ str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);`
	`833`	`+ str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);`
	`834`	`+ str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);`
	`835`	`+ str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);`
	`836`	`+ str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);`
	`837`	`+ return str;`
	`838`	`+ }`
`747`	`839`	`}`
`748`	`840`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 0275e34

File tree

2 files changed

2 files changed

`‎APIJSON.NET/APIJSONCommon/Properties/AssemblyInfo.cs`

`‎APIJSON.NET/APIJSONCommon/SelectTable.cs`

0 commit comments