SQL盲注、SQL注入 - SpringBoot配置SQL注入过滤器

SQL盲注、SQL注入

风险：可能会查看、修改或删除数据库条目和表。

原因：未对用户输入正确执行危险字符清理。

固定值：查看危险字符注入的可能解决方案。

pom.xml添加依赖

org.springframework.boot
spring-boot-configuration-processor
true
添加SQL注入包装类

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import cn.hutool.core.util.StrUtil;
import lombok.extern.slf4j.Slf4j;

/**
- SQL注入包装类
- @author CL
  /
  @Slf4j
  public class SqlInjectHttpServletRequestWrapper extends HttpServletRequestWrapper {
  
  /**
  - 构造请求对象
  - @param request
    */
    public SqlInjectHttpServletRequestWrapper(HttpServletRequest request) {
    super(request);
    }
    
    /**
  - 获取头部参数
  - @param v 参数值
    */
    @Override
    public String getHeader(String v) {
    String header = super.getHeader(v);
    if (header == null || “”.equals(header)) {
```
 return header;
```
    }
    return sqlFilter(header);
    }
    
    /**
  - 获取参数
  - @param v 参数值
    */
    @Override
    public String getParameter(String v) {
    String param = super.getParameter(v);
    if (param == null || “”.equals(param)) {
```
 return param;
```
    }
    return sqlFilter(param);
    }
    
    /**
  - 获取参数值
  - @param v 参数值
    */
    @Override
    public String[] getParameterValues(String v) {
    String[] values = super.getParameterValues(v);
    if (values == null) {
```
 return values;
```
    }
    
    // 富文本内容不过滤
    if (“remarks”.equals(v)) {
```
 return values;
```
    }
    
    int length = values.length;
    String[] resultValues = new String[length];
    for (int i = 0; i < length; i++) {
```
 // 过滤特殊字符
 resultValues[i] = sqlFilter(values[i]);
 if (!(resultValues[i]).equals(values[i])) {
     log.debug("SQL注入过滤器 => 过滤前：{} => 过滤后：{}", values[i], resultValues[i]);
 }
```
    }
    return resultValues;
    }
    
    /**
  - 预编译SQL过滤正则表达式
    */
    private Pattern sqlPattern = Pattern.compile(
```
 "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)",
 Pattern.CASE_INSENSITIVE);
```
    /**
  - SQL过滤
  - @param v 参数值
  - @return
    */
    private String sqlFilter(String v) {
    if (v != null) {
```
 String resultVal = v;
 Matcher matcher = sqlPattern.matcher(resultVal);
 if (matcher.find()) {
     resultVal = matcher.replaceAll("");
 }
 if (!resultVal.equals(v)) {
     return "";
 }
 return resultVal;
```
    }
    return null;
    }
    }

配置文件添加配置

信息安全

security:
sql:

 enable: true
 excludes:
   - /images/*
   - /jquery/*
   - /layui/*

添加SQL注入过滤器

import java.io.IOException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;

/**
- SQL注入过滤器
- @author CL
  /
  @Component
  @ConfigurationProperties(prefix = “security.sql”)
  @WebFilter(filterName = “SqlInjectFilter”, urlPatterns = “/*”)
  public class SqlInjectFilter implements Filter {
  
  /**
  - 过滤器配置对象
    */
    FilterConfig filterConfig = null;
    
    /**
  - 是否启用
    */
    private boolean enable;
    
    public void setEnable(boolean enable) {
    this.enable = enable;
    }
    
    /**
  - 忽略的URL
    */
    private List excludes;
    
    public void setExcludes(List excludes) {
    this.excludes = excludes;
    }
    
    /**
  - 初始化
    */
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    this.filterConfig = filterConfig;
    }
    
    /**
  - 拦截
    */
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
```
 throws IOException, ServletException {
```
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    
    // 不启用或者已忽略的URL不拦截
    if (!enable || isExcludeUrl(request.getServletPath())) {
```
 filterChain.doFilter(servletRequest, servletResponse);
 return;
```
    }
    SqlInjectHttpServletRequestWrapper sqlInjectHttpServletRequestWrapper = new SqlInjectHttpServletRequestWrapper(
```
     request);
```
    filterChain.doFilter(sqlInjectHttpServletRequestWrapper, servletResponse);
    }
    
    /**
  - 销毁
    */
    @Override
    public void destroy() {
    this.filterConfig = null;
    }
    
    /**
  - 判断是否为忽略的URL
  - @param urlPath URL路径
  - @return true-忽略，false-过滤
    */
    private boolean isExcludeUrl(String url) {
    if (excludes == null || excludes.isEmpty()) {
```
 return false;
```
    }
    return excludes.stream().map(pattern -> Pattern.compile(“^” + pattern)).map(p -> p.matcher(url))
```
     .anyMatch(Matcher::find);
```
    }
    }