Web???????????????????????
???????????? ???????[ 2014/8/28 14:15:54 ] ??????????????? Web???? ???????
???????????Σ??Sql??????У??????????????????????????????????ε????????????????????????????????????????Щ????Σ????????????sql?????????Sql???????????????????Winform????????Web??????????????????????Щ?к?????????????????????????????????????????????????????????ù???????????????Щ???????????
/// <summary>
/// ???????????????(???????
/// </summary>
/// <param name="inputData"></param>
public bool HasInjectionData(string inputData)
{
if (string.IsNullOrEmpty(inputData))
return false;
//???漲????????????
//???inputData????????????
if (Regex.IsMatch(inputData.ToLower()?? GetRegexString()))
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// ??????????
/// </summary>
/// <returns></returns>
private static string GetRegexString()
{
//????SQL??????????
string[] strBadChar =
{
//"select\s"??
//"from\s"??
"insert\s"??
"delete\s"??
"update\s"??
"drop\s"??
"truncate\s"??
"exec\s"??
"count\("??
"declare\s"??
"asc\("??
"mid\("??
"char\("??
"net user"??
"xp_cmdshell"??
"/add\s"??
"exec master.dbo.xp_cmdshell"??
"net localgroup administrators"
};
//???????????
string str_Regex = ".*(";
for (int i = 0; i < strBadChar.Length - 1; i++)
{
str_Regex += strBadChar[i] + "|";
}
str_Regex += strBadChar[strBadChar.Length - 1] + ").*";
return str_Regex;
}
?????????????????б????Sql?????????????????????????????棬?????б??????????????????????????????????????????
/// <summary>
/// ???????????????????????????
/// </summary>
/// <param name="condition">?????????</param>
/// <param name="orderBy">??????????????Order By Name Desc???粻?????????????????</param>
/// <param name="paramList">?????б?</param>
/// <returns>???????????</returns>
public virtual List<T> Find(string condition?? string orderBy?? IDbDataParameter[] paramList)
{
if (HasInjectionData(condition))
{
LogTextHelper.Error(string.Format("????SQL???????????? {0}"?? condition));
throw new Exception("????SQL???????????");
}
...........................
}
?????????????Sql????????????棬??????????ò????????????и????????????????????????SQL???????
????Database db = CreateDatabase();
????DbCommand command = db.GetSqlStringCommand(sql);
????command.Parameters.AddRange(param);
???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????
??????
Web?????????????????Web????????????????Docker Compose???????Web???????WEB?????ΧС??APP??????WEB????WEB???????????????WEB??????APP?????????Web??????????Web????????????Linux?????′?Java Web???????WEB?????ΧWeb?????Χ???Web??????????????HTTP(1)????Э??Web?????е?A/B?????????????????Web??????????Web??????ò?????????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11????????
?????????App Bug???????????????????????Jmeter?????????QC??????APP????????????????app?????е????????jenkins+testng+ant+webdriver??????????????JMeter????HTTP???????Selenium 2.0 WebDriver ??????
sales@spasvo.com