asp.net(C#)防sql注入组件的实现代码
程序员文章站
2024-03-09 08:41:59
在服务器安全栏目里我写过一篇《破解通用sql防注入方法》的文章中说到,一些通用的防注入方法中没有对cookie数据进行过滤,会给黑客留下可乘之机。当然我的这段代码对提交过来...
在服务器安全栏目里我写过一篇《破解通用sql防注入方法》的文章中说到,一些通用的防注入方法中没有对cookie数据进行过滤,会给黑客留下可乘之机。当然我的这段代码对提交过来的cookie数据也进行了过滤。
代码:
using system;
using system.configuration;
using system.web;
using system.globalization;
namespace jnyw.stum.sqlinject
{
public class sqlstrany : ihttpmodule
{
public void init(httpapplication application)
{
application.beginrequest += (new
eventhandler(this.application_beginrequest));
}
private void application_beginrequest(object source, eventargs e)
{
processrequest pr = new processrequest();
pr.startprocessrequest();
}
public void dispose()
{
}
}
public class processrequest
{
private static string sqlstr = system.configuration.configurationmanager.appsettings["sqlinject"].tostring();
private static string sqlerrorpage = system.configuration.configurationsettings.appsettings["sqlinjecterrpage"].tostring();
///
/// 用来识别是否是流的方式传输
///
///
///
bool isuploadrequest(httprequest request)
{
return stringstartswithanotherignorecase(request.contenttype, "multipart/form-data");
}
///
/// 比较内容类型
///
///
///
///
private static bool stringstartswithanotherignorecase(string s1, string s2)
{
return (string.compare(s1, 0, s2, 0, s2.length, true, cultureinfo.invariantculture) == 0);
}
//sql注入式攻击代码分析
#region sql注入式攻击代码分析
///
/// 处理用户提交的请求
///
public void startprocessrequest()
{
httprequest request = system.web.httpcontext.current.request;
httpresponse response = system.web.httpcontext.current.response;
try
{
string getkeys = "";
if (isuploadrequest(request)) return; //如果是流传递就退出
//字符串参数
if (request.querystring != null)
{
for (int i = 0; i < request.querystring.count; i++)
{
getkeys = request.querystring.keys[i];
if (!processsqlstr(request.querystring[getkeys]))
{
response.redirect(sqlerrorpage + "?errmsg=querystring中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
//form参数
if (request.form != null)
{
for (int i = 0; i < request.form.count; i++)
{
getkeys = request.form.keys[i];
if (!processsqlstr(request.form[getkeys]))
{
response.redirect(sqlerrorpage + "?errmsg=form中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
//cookie参数
if (request.cookies != null)
{
for (int i = 0; i < request.cookies.count; i++)
{
getkeys = request.cookies.keys[i];
if (!processsqlstr(request.cookies[getkeys].value))
{
response.redirect(sqlerrorpage + "?errmsg=cookie中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
response.clear();
response.write("customerrorpage配置错误");
response.end();
}
}
///
/// 分析用户请求是否正常
///
/// 传入用户提交数据
/// 返回是否含有sql注入式攻击代码
private bool processsqlstr(string str)
{
bool returnvalue = true;
try
{
if (str != "")
{
string[] anysqlstr = sqlstr.split('|');
foreach (string ss in anysqlstr)
{
if (str.indexof(ss) >= 0)
{
returnvalue = false;
break;
}
}
}
}
catch
{
returnvalue = false;
}
return returnvalue;
}
#endregion
}
}
在实际使用时,我们要在web.config文件中的配置节中加上下面的代码
以下是示例代码:
<!--防注入设置-->
<add value="and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare " key="sqlinject" />
<add value="showerr.aspx" key="sqlinjecterrpage" />
并且在web.config文件的<system.web>中再加上下面的代码。 以下是示例代码:
<!--防注入设置-->
<httpmodules>
<add name="sqlstrany" type="jnyw.stum.sqlinject.sqlstrany,sqlstrany" />
</httpmodules>
代码:
复制代码 代码如下:
using system;
using system.configuration;
using system.web;
using system.globalization;
namespace jnyw.stum.sqlinject
{
public class sqlstrany : ihttpmodule
{
public void init(httpapplication application)
{
application.beginrequest += (new
eventhandler(this.application_beginrequest));
}
private void application_beginrequest(object source, eventargs e)
{
processrequest pr = new processrequest();
pr.startprocessrequest();
}
public void dispose()
{
}
}
public class processrequest
{
private static string sqlstr = system.configuration.configurationmanager.appsettings["sqlinject"].tostring();
private static string sqlerrorpage = system.configuration.configurationsettings.appsettings["sqlinjecterrpage"].tostring();
///
/// 用来识别是否是流的方式传输
///
///
///
bool isuploadrequest(httprequest request)
{
return stringstartswithanotherignorecase(request.contenttype, "multipart/form-data");
}
///
/// 比较内容类型
///
///
///
///
private static bool stringstartswithanotherignorecase(string s1, string s2)
{
return (string.compare(s1, 0, s2, 0, s2.length, true, cultureinfo.invariantculture) == 0);
}
//sql注入式攻击代码分析
#region sql注入式攻击代码分析
///
/// 处理用户提交的请求
///
public void startprocessrequest()
{
httprequest request = system.web.httpcontext.current.request;
httpresponse response = system.web.httpcontext.current.response;
try
{
string getkeys = "";
if (isuploadrequest(request)) return; //如果是流传递就退出
//字符串参数
if (request.querystring != null)
{
for (int i = 0; i < request.querystring.count; i++)
{
getkeys = request.querystring.keys[i];
if (!processsqlstr(request.querystring[getkeys]))
{
response.redirect(sqlerrorpage + "?errmsg=querystring中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
//form参数
if (request.form != null)
{
for (int i = 0; i < request.form.count; i++)
{
getkeys = request.form.keys[i];
if (!processsqlstr(request.form[getkeys]))
{
response.redirect(sqlerrorpage + "?errmsg=form中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
//cookie参数
if (request.cookies != null)
{
for (int i = 0; i < request.cookies.count; i++)
{
getkeys = request.cookies.keys[i];
if (!processsqlstr(request.cookies[getkeys].value))
{
response.redirect(sqlerrorpage + "?errmsg=cookie中含有非法字符串&sqlprocess=true");
response.end();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
response.clear();
response.write("customerrorpage配置错误");
response.end();
}
}
///
/// 分析用户请求是否正常
///
/// 传入用户提交数据
/// 返回是否含有sql注入式攻击代码
private bool processsqlstr(string str)
{
bool returnvalue = true;
try
{
if (str != "")
{
string[] anysqlstr = sqlstr.split('|');
foreach (string ss in anysqlstr)
{
if (str.indexof(ss) >= 0)
{
returnvalue = false;
break;
}
}
}
}
catch
{
returnvalue = false;
}
return returnvalue;
}
#endregion
}
}
在实际使用时,我们要在web.config文件中的配置节中加上下面的代码
以下是示例代码:
复制代码 代码如下:
<!--防注入设置-->
<add value="and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare " key="sqlinject" />
<add value="showerr.aspx" key="sqlinjecterrpage" />
并且在web.config文件的<system.web>中再加上下面的代码。 以下是示例代码:
复制代码 代码如下:
<!--防注入设置-->
<httpmodules>
<add name="sqlstrany" type="jnyw.stum.sqlinject.sqlstrany,sqlstrany" />
</httpmodules>
下一篇: php使用curl实现ftp文件下载功能