json數據sql注入的解決方法:
使用jackson實現對json數據的處理,添加依賴如下:
<dependency><groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.8.10</version>
<dependency>
使用jackson的屬性來獲取數據,例如:
import com.fasterxml.jackson.core.JsonProcessingException;import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;@Component
public class sqlValidateFilter implements Filter {private static final Logger logger = LoggerFactory.getLogger(sqlValidateFilter.class);
@Value("${spring.profiles.active}")
private String activeProfile;@Override
public void init(FilterConfig filterConfig) throws ServletException {
}@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
RequestWrapper wrapper = new RequestWrapper((HttpServletRequest) request);
HttpServletResponse resp = (HttpServletResponse) response;
if (existsInvalidsqlTokenInRequest(wrapper)) {
resp.setStatus(417);
String contentType = "test".equals(activeProfile) ? "text/html;charset=GBK" : "text/html;charset=UTF-8";
response.setContentType(contentType);
response.getOutputStream().write("您發送請求中的參數中含有非法字符".getBytes());
return;
}chain.doFilter(wrapper, resp); }
/**
* 判斷請求中是否有非法 sql 關鍵字
*
* @param request
* @return
* @throws IOException
* @throws JsonProcessingException
*/
private boolean existsInvalidsqlTokenInRequest(RequestWrapper request) throws JsonProcessingException, IOException {
for (String value : getParameterValuesBehindUrl(request)) {
if (findInvalidsqlToken(value)) {
return true;
}
}
for (String value : getParameterValuesInBody(request)) {
if (findInvalidsqlToken(value)) {
return true;
}
}
return false;
}/**
* 從 URL 中提取參數值
*
* @param request
* @return
*/
private List<String> getParameterValuesBehindUrl(RequestWrapper request) {
List<String> results = new ArrayList<String>();
Enumeration<String> params = request.getParameterNames();
while (params.hasMoreElements()) {
String name = params.nextElement().toString();
String[] values = request.getParameterValues(name);
for (String value : values) {
results.add(value);
}
}
return results;
}/**
* 從報文體中提取參數值
*
* @param request
* @return
* @throws JsonProcessingException
* @throws IOException
*/
private List<String> getParameterValuesInBody(RequestWrapper request)
throws JsonProcessingException, IOException {
List<String> results = new ArrayList<String>();
String body = request.getBody();
if (StringUtils.isNotBlank(body)) {
ObjectMapper mapper = new ObjectMapper();
JsonNode node = mapper.readTree(body);
results.addAll(parseJsonNode(node));
}
return results;
}/**
* 從 JSON 節點中提取參數值
*
* @param node
* @return
*/
private List<String> parseJsonNode(JsonNode node) {
List<String> results = new ArrayList<String>();
switch (node.getNodeType()) {
case ARRAY:
for (int index = 0; index < node.size(); index++) {
results.addAll(parseJsonNode(node.get(index)));
}
break;
case OBJECT:
Iterator<Map.Entry<String, JsonNode>> fields = node.fields();
while (fields.hasNext()) {
results.addAll(parseJsonNode(fields.next().getValue()));
}
break;
default:
results.add(node.toString());
break;
}
return results;
}/**
* 從字符串中查找 sql 關鍵字
*
* @param value
* @return
*/
private boolean findInvalidsqlToken(String value) {
String lowerCaseValue = value.toLowerCase(Locale.ENGLISH);
String sqlTokens = "'|and|exec|execute|insert|select|delete|count|drop|*|chr|mid|master|truncate|"
+ "char|declare|net user|xp_cmdshell|;|+|like'|and|exec|execute|insert|create"
+ "table|from|grant|use|group_concat|column_name|"
+ "information_schema.columns|table_schema|union|where|order|by|*|//|--|#|";
for (String token : sqlTokens.split("\\|")) {
if (lowerCaseValue.contains(token)) {
logger.info("dataValue=" + lowerCaseValue + ", marchValue=" + token);
return true;
}
}
return false;
}@Override
public void destroy() {
// TODO Auto-generated method stub}
}
