'commit'

7 months ago · 073797c978
parent ee64a4ccec
commit 073797c978
2 changed files with 119 additions and 0 deletions
--- a/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java
+++ b/src/main/java/com/dsideal/base/DataEase/Controller/DataEaseController.java
@ -12,6 +12,7 @@ import com.dsideal.base.Interceptor.IsNumericInterface;
 import com.dsideal.base.Res.Model.ResourceModel;
 import com.dsideal.base.Util.CommonUtil;
 import com.dsideal.base.Util.CookieUtil;
+import com.dsideal.base.Util.SqlInjectionUtils;
 import com.jfinal.aop.Before;
 import com.jfinal.core.Controller;
 import com.jfinal.ext.interceptor.GET;
@ -325,6 +326,10 @@ public class DataEaseController extends Controller {
        if (StrKit.isBlank(keyword)) keyword = "";
        if (pageNumber == 0) pageNumber = 1;
        if (pageSize == 0) pageSize = 20;
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
        //登录的人员
        int identity_id = Integer.parseInt(CookieUtil.getValue(getRequest(), "identity_id"));
        String person_id = CookieUtil.getValue(getRequest(), "person_id");
@ -396,6 +401,10 @@ public class DataEaseController extends Controller {
        if (StrKit.isBlank(keyword)) keyword = "";
        if (pageNumber == 0) pageNumber = 1;
        if (pageSize == 0) pageSize = 20;
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
        //登录的人员
        int identity_id = Integer.parseInt(CookieUtil.getValue(getRequest(), "identity_id"));
        String person_id = CookieUtil.getValue(getRequest(), "person_id");
@ -522,6 +531,10 @@ public class DataEaseController extends Controller {
        if (pageNumber == 0) pageNumber = 1;
        if (pageSize == 0) pageSize = 20;
        if (StrKit.isBlank(keyword)) keyword = "";
+        if (SqlInjectionUtils.hasSqlInjectionRisk(keyword)) {
+            renderJson("输入的查询关键字存在SQL注入攻击，无法执行！");
+            return;
+        }
        Page<Record> list = dm.getDataSetContentByProvince(id, keyword, pageNumber, pageSize);
        renderJson(CommonUtil.renderJsonForLayUI(list));
    }
--- a/src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java
+++ b/src/main/java/com/dsideal/base/Util/SqlInjectionUtils.java
@ -0,0 +1,106 @@
+package com.dsideal.base.Util;
+
+public class SqlInjectionUtils {
+
+    // SQL注入风险的关键字
+    private static final String[] SQL_INJECTION_KEYWORDS = {
+            "SELECT", "INSERT", "UPDATE", "DELETE", "DROP", "TRUNCATE",
+            "EXEC", "EXECUTE", "UNION", "CREATE", "ALTER", "GRANT",
+            "--", "/*", "*/", ";", "@@", "@",
+            "CHAR", "DECLARE", "CAST", "CONVERT",
+            "WAITFOR", "DELAY"
+    };
+
+    // SQL注入特殊字符
+    private static final String[] SQL_INJECTION_CHARS = {
+            "'", "\"", "\\", "%", "_", "^", "[", "]"
+    };
+
+    /**
+     * 检查输入是否存在SQL注入风险
+     * @param input 待检查的字符串
+     * @return 检查结果，true表示存在风险
+     */
+    public static boolean hasSqlInjectionRisk(String input) {
+        if (input == null || input.trim().isEmpty()) {
+            return false;
+        }
+
+        // 转换为大写，便于检查关键字
+        String upperInput = input.toUpperCase();
+
+        // 检查SQL关键字
+        for (String keyword : SQL_INJECTION_KEYWORDS) {
+            if (upperInput.contains(keyword)) {
+                return true;
+            }
+        }
+
+        // 检查特殊字符
+        for (String specialChar : SQL_INJECTION_CHARS) {
+            if (input.contains(specialChar)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * 清理可能存在SQL注入风险的字符串
+     * @param input 待清理的字符串
+     * @return 清理后的字符串
+     */
+    public static String cleanSqlInjection(String input) {
+        if (input == null) {
+            return null;
+        }
+
+        String result = input;
+
+        // 替换SQL关键字
+        for (String keyword : SQL_INJECTION_KEYWORDS) {
+            result = result.replaceAll("(?i)" + keyword, "");
+        }
+
+        // 替换特殊字符
+        for (String specialChar : SQL_INJECTION_CHARS) {
+            result = result.replace(specialChar, "");
+        }
+
+        return result;
+    }
+
+    /**
+     * 转义SQL特殊字符
+     * @param input 待转义的字符串
+     * @return 转义后的字符串
+     */
+    public static String escapeSql(String input) {
+        if (input == null) {
+            return null;
+        }
+
+        return input.replace("'", "''")
+                .replace("\\", "\\\\")
+                .replace("%", "\\%")
+                .replace("_", "\\_");
+    }
+
+    /**
+     * 验证并清理输入
+     * @param input 输入字符串
+     * @param throwException 是否抛出异常
+     * @return 清理后的字符串
+     */
+    public static String validateAndClean(String input, boolean throwException)
+            throws IllegalArgumentException {
+        if (hasSqlInjectionRisk(input)) {
+            if (throwException) {
+                throw new IllegalArgumentException("检测到SQL注入风险: " + input);
+            }
+            return cleanSqlInjection(input);
+        }
+        return input;
+    }
+}