- using System;
- using System.Collections.Generic;
- using System.Text;
- using System.Text.RegularExpressions;
- using System.Web;
- namespace _1_3
- {
- public class SQLInjectionHelper
- {
- /// <summary>
- /// 获取Post的数据
- /// </summary>
- public static bool ValidUrlData(string request)
- {
- bool result = false;
- //获取Post的数据
- if (request == "POST")
- {
- for (int i = 0; i < HttpContext.
Current.Request.Form.Count; i++)
- {
- result = ValidData(HttpContext.
Current.Request.Form[i].ToString());
- if (result)
- {
- break;
- }
- }
- }
- //获取QueryString中的数据
- else
- {
- for (int i = 0; i < HttpContext.Current.
Request.QueryString.Count; i++)
- {
- result = ValidData(HttpContext.
Current.Request.QueryString[i].ToString());
- if (result)
- {
- break;
- }
- }
- }
- return result;
- }
- /// <summary>
- /// 验证是否存在注入代码
- /// </summary>
- /// <param name="inputData">输入字符</param>
- private static bool ValidData(string inputData)
- {
- //验证inputData是否包含恶意集合
- if (Regex.IsMatch(inputData, GetRegexString()))
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- /// <summary>
- /// 获取正则表达式
- /// </summary>
- private static string GetRegexString()
- {
- //构造SQL的注入关键字符
- string[] strBadChar = {"and"
- ,"exec" ,"insert" ,"select" ,"delete","update"
- ,"count" ,"from" ,"drop" ,"asc" ,"char" ,"or"
- ,"%" ,";" ,":" ,"\'" ,"\"" ,"-" ,"chr"
- ,"mid" ,"master" ,"truncate" ,"char" ,"declare"
- ,"SiteName" ,"net user" ,"xp_cmdshell" ,"/add"
- ,"exec master.dbo.xp_cmdshell" ,"net
localgroup administrators"};
- //构造正则表达式
- string str_Regex = ".*(";
- for (int i = 0; i < strBadChar.Length - 1; i++)
- {
- str_Regex += strBadChar[i] + "|";
- }
- str_Regex += strBadChar[strBadChar.Length - 1] + ").*";
- return str_Regex;
- }
- }
- }
有了这个类之后,就可以使用Global.asax中的Application_BeginRequest(object sender, EventArgs e)事件来实现表单或URL提交数据的获取,获取之后传给SQLInjectionHelper类public static bool ValidUrlData(string request)方法来完成恶意代码的检查。见代码清单1-12。
代码清单1-12 Global.asax
- //在接收到一个应用程序请求时触发。对于一个请求来说,
它是第一个被触发的事件,请求一般是用户输入的一个页面请求(URL)。
- protected void Application_BeginRequest(object sender, EventArgs e)
- {
- bool result = false;
- result = SQLInjectionHelper.ValidUrlData
(Request.RequestType.ToUpper());
- if (result)
- {
- Response.Write("您提交的数据有恶意字符!");
- Response.End();
- }
- }
到现在为止,一个通用防SQL注入漏洞程序已经基本完成。现在就来建一个测试页面做一下SQL注入测试,如代码清单1-13所示。
代码清单1-13 Test.aspx
- <%@ Page Language="C#" AutoEventWireup="true"
CodeBehind="Test.aspx.cs"
- Inherits="_1_3.Test" Keywords="sdfsd"%>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head runat="server">
- <title></title>
- </head>
- <body>
- <form id="form1" runat="server">
- <div>
- <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
- </div>
- <asp:Button ID="bt_Post" runat="server"
Text="获取Post数据" onclick="bt_Post_Click" />
- <asp:Button ID="bt_Get" runat="server"
Text="获取Get数据" onclick="bt_Get_Click" />
- </form>
- </body>
- </html>
如代码清单1-13所示,首先在页面创建一个TextBox来模拟用户的输入,然后分别添加“获取Post数据”和“获取Get数据”这两个Button来模拟Post请求和Get请求,请求事件的代码,如代码清单1-14所示。
代码清单1-14 Test.aspx.cs
- protected void bt_Post_Click(object sender, EventArgs e)
- {
- }
- protected void bt_Get_Click(object sender, EventArgs e)
- {
- Response.Redirect("Test.aspx?a=1&b=2&c=3");
- }
创建完测试程序后,运行结果如图1-34所示。
如图1-34所示,只要在文本框中输入所定义的非法字符串,不论Post请求还是Get请求,都会被防SQL注入程序所截获,弹出如图1-35所示页面。
【责任编辑:
云霞 TEL:(010)68476606】
