在Global.asax文件里实现通用防SQL注入漏洞程序

Posted 2020-06-27

首先，创建一个SQLInjectionHelper类完成恶意代码的检查

代码如下：

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Text.RegularExpressions;

 

/// <summary>

///SQLInjectionHelper 的摘要说明

/// </summary>

public class SQLInjectionHelper

{

    /// <summary>

    /// 获取Post的数据

    /// </summary>

    /// <param name="request"></param>

    /// <returns></returns>

    public static bool ValidUrlData(string request)

    {

        bool result = false;

        if (request == "POST")

        {

            for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)

            {

                result = ValidData(HttpContext.Current.Request.Form[i].ToString());

                if (result)

                {

                    break;

                }

            }

        }

        else

        {

            for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)

            {

                result = ValidData(HttpContext.Current.Request.QueryString[i].ToString());

                if (result)

                {

                    break;

                }

            }

        }

        return result;

    }

 

    /// <summary>

    /// 验证是否存在注入代码

    /// </summary>

    /// <param name="inputData"></param>

    /// <returns></returns>

    private static bool ValidData(string inputData)

    {

        //验证inputData是否包含恶意集合

        if (Regex.IsMatch(inputData, GetRegexString()))

        {

            return true;

        }

        else

        {

            return false;

        }

    }

 

    /// <summary>

    /// 获取正则表达式

    /// </summary>

    /// <returns></returns>

    private static string GetRegexString()

    {

        //构造SQL的注入关键字符

        string[] strChar = { "and", "exec", "insert", "select", "update", "delete", "count", "from", "drop", "asc", "or", "char", "%", ";", ":", "\‘", "\"", "-", "chr", "master", "mid", "truncate", "declare", "char", "SiteName", "/add", "xp_cmdshell", "net user", "net localgroup administrators", "exec master.dbo.xp_cmdshell" };

        string str_Regex = ".*(";

        for (int i = 0; i < strChar.Length - 1; i++)

        {

            str_Regex += strChar[i] + "|";

        }

        str_Regex += strChar[strChar.Length - 1] + ").*";

        return str_Regex;

    }

}

　　

有此类后即可使用Global.asax中的Application_BeginRequest(object sender, EventArgs e)事件来实现表单或者URL提交数据的获取，获取后传给SQLInjectionHelper类ValidUrlData方法来完成检查

代码如下

protected void Application_BeginRequest(object sender, EventArgs e)

    {

        bool result = false;

        result = SQLInjectionHelper.ValidUrlData(Request.RequestType.ToUpper());

        if (result)

        {

            Response.Write("您提交的数据有恶意字符");

            Response.End();

        }

    }

　　

下面以一个小程序测试：

创建一个页面，如下

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

 

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

    <title></title>

</head>

<body>

    <form id="form1" runat="server">

    <div>

   

        <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>

        <br />

        <asp:Button ID="btnPost" runat="server" Text="获取Post数据"

            onclick="btnPost_Click" />

   

    </div>

    <asp:Button ID="btnGet" runat="server" Text="获取Get数据" onclick="btnGet_Click" />

    </form>

</body>

</html>

　　

 

分别添加单击事件，如下

protected void btnPost_Click(object sender, EventArgs e)

    {

 

    }

    protected void btnGet_Click(object sender, EventArgs e)

    {

        Response.Redirect("Default.aspx?a=1&b=2&c=3");

    }

　　

在文本框中输入非法字符串，无论post请求还是get请求，都会被防SQL注入程序所截获

                      图1 测试防SQL注入程序的页面

                               图2 错误信息