SQL注入漏洞-Java

移动开发 2020-07-31 10:41:41 阅读次数: 0

这个是常见的漏洞了,相信大家都不会陌生,直接上解决该漏洞的代码

package com.ifan.soft.filter;

import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;

public class LoginFilter implements Filter {
    
    private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    private static final Logger log = Logger.getLogger(LoginFilter.class);

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest)req;
        String url = request.getRequestURI();
        log.info("---当前URL:" + url + "--当前时间" + sdf.format(new Date()));
        String[] strings = {//根据需要来定义
                "from","count","chr","master","truncate","declare","drop","all","all",
                "and","AND","MASTER","COUNT","FROM","DROP","order","to","TO","ALL","alter","ALTER",
                "OR","or","select","DECLARE","EXEC","ORDER","in","IN","on","ON",
                "SELECT","UPDATE","TRUNCATE","exec","GROUP","HAVING","DELETE","like","LIKE",
                "delete","update","insert","group","having","<",">","^","*","\'","!"," ","-","@","$","#",
                "(",")","_","~","`","{","}","[","]","\"","|","?",",","。","《","》","(",")","!",
                "、","——",";","‘","¥","’","【","】",":","&"
                };
            for (String string : strings) {
                String upperCaseURL = url.toUpperCase();
                String upperCaseStr = string.toUpperCase();
                if (upperCaseURL.indexOf(upperCaseStr) >= 0) {
                    request.getRequestDispatcher("/uc/error").forward(req, resp);//如有注入的关键字或字符则去到错误的页面,不在往下执行
                    return ;
                }
        }
        chain.doFilter(req, resp);
    }
    
    public void init(FilterConfig filterConfig) throws ServletException {
    }
 
    public void destroy() {
    }
}
 

在web.xml中添加

<filter>
        <filter-name>LoginFilter</filter-name>
        <filter-class>com.ifan.soft.filter.LoginFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>LoginFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

猜你喜欢

转载自blog.csdn.net/Zxdwr520/article/details/107696181
今日推荐
周排行
vue + echart +map中国地图,省市地图,区县地图
spring boot2 (31)-cors跨域请求
『学习资料推荐』299元买的微信营销资料打包
个人学习卷积神经网络的疑惑解答
网络工程师-软考
模拟人生4 春夏秋冬、星梦起飞版更新下载方法以及常见问题
python关于对象的字符串显示str和repr以及
奇怪的session混乱问题
【3】分治法(divide-and-conquer)
Java项目开发成绩管理系统(九) 各模块实现信息修改
每日归档
更多
2024-08-07(0)
2024-08-06(0)
2024-08-05(0)
2024-08-04(0)
2024-08-03(0)
2024-08-02(0)
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022