1、通过HttpModule防止SQL注入式攻击,适用于.net1.1程序
(1)新建类文件SqlHttpModule.cs,具体代码类似如下:
SqlHttpModule.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
namespace HttpModule.Class
{
/// <summary>
/// SqlInPost 的摘要说明
/// </summary>
public class SqlHttpModule : System.Web.IHttpModule
{
public SqlHttpModule()
{
}
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
}
private void context_AcquireRequestState(object sender, EventArgs e)
{
HttpContext context = ((HttpApplication)sender).Context;
try
{
string getkeys = string.Empty;
string keyvalue = string.Empty;
string strErrorAlertScript = "<script type=\"text/javascript\">alert('字符串格式非法,请重新输入!');history.go(-1);</script>";
string requestUrl = context.Request.Path.ToString();
#region URL提交数据
if (context.Request.QueryString != null)
{
for (int i = 0; i < context.Request.QueryString.Count; i++)
{
getkeys = context.Request.QueryString.Keys[i];
keyvalue = context.Server.UrlDecode(context.Request.QueryString[getkeys]).Replace("'", "");
if (!IsSafeString(keyvalue))
{
context.Response.Write(strErrorAlertScript);
context.Response.End();
break;
}
}
}
#endregion
#region 表单提交数据
if (context.Request.Form != null)
{
for (int i = 0; i < context.Request.Form.Count; i++)
{
getkeys = context.Request.Form.Keys[i].ToUpper();
if (getkeys == "__VIEWSTATE" || getkeys == "__EVENTARGUMENT" || getkeys == "__EVENTTARGET" || getkeys == "__CLIENTPOSTDATA__") continue;
keyvalue = context.Server.HtmlDecode(context.Request.Form[i]).Replace("'", "");
if (!IsSafeString(keyvalue))
{
context.Response.Write(strErrorAlertScript);
context.Response.End();
break;
}
}
}
#endregion
}
catch (Exception ex)
{
}
}
//判断是否为安全字符串
public bool IsSafeString(string strText)
{
bool bResult = true;
//strText = Regex.Replace(strText, "[\\s]{1,}", ""); //two or more spaces
strText = Regex.Replace(strText, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n"); //<br>
string FilterSql = System.Configuration.ConfigurationSettings.AppSettings["SqlHttpModule_KeyWord"];//将关键词组配置在webconfig中
if(FilterSql==null || FilterSql=="")
{
string[] UnSafeArray = new string[23];
UnSafeArray[0] = "'";
UnSafeArray[1] = "xp_cmdshell ";
UnSafeArray[2] = "declare";
UnSafeArray[3] = "netlocalgroupadministrators ";
UnSafeArray[4] = "delete ";
UnSafeArray[5] = "truncate ";
UnSafeArray[6] = "netuser ";
UnSafeArray[7] = "/add ";
UnSafeArray[8] = "drop ";
UnSafeArray[9] = "update ";
UnSafeArray[10] = "select ";
UnSafeArray[11] = "union ";
UnSafeArray[12] = "exec ";
UnSafeArray[13] = "create ";
UnSafeArray[14] = "insertinto ";
UnSafeArray[15] = "sp_ ";
UnSafeArray[16] = "exec ";
UnSafeArray[17] = "create ";
UnSafeArray[18] = "insert ";
UnSafeArray[19] = "masterdbo ";
UnSafeArray[20] = "sp_ ";
UnSafeArray[21] = ";-- ";
UnSafeArray[22] = "1= ";
foreach (string strValue in UnSafeArray)
{
if (strText.ToLower().IndexOf(strValue) > -1)
{
bResult = false;
break;
}
}
}
else
{
string sqlStr = FilterSql;
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (strText.ToLower().IndexOf(ss) >= 0)
{
bResult = false;
break;
}
}
}
return bResult;
}
}
}
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
namespace HttpModule.Class
{
/// <summary>
/// SqlInPost 的摘要说明
/// </summary>
public class SqlHttpModule : System.Web.IHttpModule
{
public SqlHttpModule()
{
}
public void Dispose()
{
}
public void Init(HttpApplication context)
{
context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
}
private void context_AcquireRequestState(object sender, EventArgs e)
{
HttpContext context = ((HttpApplication)sender).Context;
try
{
string getkeys = string.Empty;
string keyvalue = string.Empty;
string strErrorAlertScript = "<script type=\"text/javascript\">alert('字符串格式非法,请重新输入!');history.go(-1);</script>";
string requestUrl = context.Request.Path.ToString();
#region URL提交数据
if (context.Request.QueryString != null)
{
for (int i = 0; i < context.Request.QueryString.Count; i++)
{
getkeys = context.Request.QueryString.Keys[i];
keyvalue = context.Server.UrlDecode(context.Request.QueryString[getkeys]).Replace("'", "");
if (!IsSafeString(keyvalue))
{
context.Response.Write(strErrorAlertScript);
context.Response.End();
break;
}
}
}
#endregion
#region 表单提交数据
if (context.Request.Form != null)
{
for (int i = 0; i < context.Request.Form.Count; i++)
{
getkeys = context.Request.Form.Keys[i].ToUpper();
if (getkeys == "__VIEWSTATE" || getkeys == "__EVENTARGUMENT" || getkeys == "__EVENTTARGET" || getkeys == "__CLIENTPOSTDATA__") continue;
keyvalue = context.Server.HtmlDecode(context.Request.Form[i]).Replace("'", "");
if (!IsSafeString(keyvalue))
{
context.Response.Write(strErrorAlertScript);
context.Response.End();
break;
}
}
}
#endregion
}
catch (Exception ex)
{
}
}
//判断是否为安全字符串
public bool IsSafeString(string strText)
{
bool bResult = true;
//strText = Regex.Replace(strText, "[\\s]{1,}", ""); //two or more spaces
strText = Regex.Replace(strText, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n"); //<br>
string FilterSql = System.Configuration.ConfigurationSettings.AppSettings["SqlHttpModule_KeyWord"];//将关键词组配置在webconfig中
if(FilterSql==null || FilterSql=="")
{
string[] UnSafeArray = new string[23];
UnSafeArray[0] = "'";
UnSafeArray[1] = "xp_cmdshell ";
UnSafeArray[2] = "declare";
UnSafeArray[3] = "netlocalgroupadministrators ";
UnSafeArray[4] = "delete ";
UnSafeArray[5] = "truncate ";
UnSafeArray[6] = "netuser ";
UnSafeArray[7] = "/add ";
UnSafeArray[8] = "drop ";
UnSafeArray[9] = "update ";
UnSafeArray[10] = "select ";
UnSafeArray[11] = "union ";
UnSafeArray[12] = "exec ";
UnSafeArray[13] = "create ";
UnSafeArray[14] = "insertinto ";
UnSafeArray[15] = "sp_ ";
UnSafeArray[16] = "exec ";
UnSafeArray[17] = "create ";
UnSafeArray[18] = "insert ";
UnSafeArray[19] = "masterdbo ";
UnSafeArray[20] = "sp_ ";
UnSafeArray[21] = ";-- ";
UnSafeArray[22] = "1= ";
foreach (string strValue in UnSafeArray)
{
if (strText.ToLower().IndexOf(strValue) > -1)
{
bResult = false;
break;
}
}
}
else
{
string sqlStr = FilterSql;
string[] sqlStrs = sqlStr.Split('|');
foreach (string ss in sqlStrs)
{
if (strText.ToLower().IndexOf(ss) >= 0)
{
bResult = false;
break;
}
}
}
return bResult;
}
}
}
(2)在web.config文件中做以下配置
</system.web>
<httpModules>
<add name="SqlHttpModule" type="HttpModule.Class.SqlHttpModule, HttpModule" />
</httpModules>
</system.web>
2、通过httpHandlers防止SQL注入式攻击,适用于.net2.0及以上程序
(1)新建类文件SqlhttpHandlers.cs,具体代码类似如下:
SqlhttpHandlers.cs
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
using System.Collections.Specialized;
namespace httpHandlers
{
/// <summary>
/// SqlInPost 的摘要说明
/// </summary>
public class SqlhttpHandlers : IHttpHandlerFactory
{
public SqlhttpHandlers()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public virtual IHttpHandler GetHandler(HttpContext context, string requestType, string url, string pathTranslated)
{
//得到编译实例(通过反射)
PageHandlerFactory factory = (PageHandlerFactory)Activator.CreateInstance(typeof(PageHandlerFactory), true);
IHttpHandler handler = factory.GetHandler(context, requestType, url, pathTranslated);
//过滤字符串
if (requestType == "POST")
{
Page page = handler as Page;
if (page != null)
page.PreLoad += new EventHandler(FormFilterStrFactoryHandler_PreLoad);
}
if (requestType == "GET")
{
Page page = handler as Page;
if (page != null)
page.PreLoad += new EventHandler(RequestFilterStrFactoryRHandler_PreLoad);
}
//返回
return handler;
}
public virtual void ReleaseHandler(IHttpHandler handler)
{
}
/// <summary>
/// 过滤TextBox、Input和Textarea中非法字符
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void FormFilterStrFactoryHandler_PreLoad(object sender, EventArgs e)
{
try
{
bool isSafe = true;
Page page = sender as Page;
NameValueCollection postData = page.Request.Form;
foreach (string postKey in postData)
{
Control ctl = page.FindControl(postKey);
if (ctl as TextBox != null)
{
((TextBox)ctl).Text = ((TextBox)ctl).Text.Replace("'", "'");
string strValue = ((TextBox)ctl).Text.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
if (ctl as HtmlInputControl != null)
{
((HtmlInputControl)ctl).Value = ((HtmlInputControl)ctl).Value.Replace("'", "'");
string strValue = ((HtmlInputControl)ctl).Value.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
if (ctl as HtmlTextArea != null)
{
((HtmlTextArea)ctl).Value = ((HtmlTextArea)ctl).Value.Replace("'", "'");
string strValue = ((HtmlTextArea)ctl).Value.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
}
if (!isSafe)
{
page.Response.Write("<b><font color='red' font-size=12pt>字符串格式非法!</font></b>");
page.Response.End();
}
}
catch(Exception ex)
{
string a = ex.Message;
}
}
/// <summary>
/// 过滤QueryString 中的非法字符串
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void RequestFilterStrFactoryRHandler_PreLoad(object sender, EventArgs e)
{
try
{
Page page = sender as Page;
NameValueCollection QueryNV = page.Request.QueryString;
bool isSafe = true;
for (int i = 0; i < QueryNV.Count; i++)
{
if (!IsSafeString(QueryNV.Get(i)))
{
isSafe = false;
break;
}
}
if (!isSafe)
{
page.Response.Write("<b><font color='red' font-size=12pt>字符串格式非法!</font></b>");
page.Response.End();
}
}
catch { }
}
//判断是否为安全字符串
public bool IsSafeString(string strText)
{
bool bResult = true;
strText = Regex.Replace(strText, "[\\s]{1,}", ""); //two or more spaces
strText = Regex.Replace(strText, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n"); //<br>
string[] UnSafeArray = new string[23];
UnSafeArray[0] = "'";
UnSafeArray[1] = "xp_cmdshell";
UnSafeArray[2] = "declare";
UnSafeArray[3] = "netlocalgroupadministrators";
UnSafeArray[4] = "delete";
UnSafeArray[5] = "truncate";
UnSafeArray[6] = "netuser";
UnSafeArray[7] = "/add";
UnSafeArray[8] = "drop";
UnSafeArray[9] = "update";
UnSafeArray[10] = "select";
UnSafeArray[11] = "union";
UnSafeArray[12] = "exec";
UnSafeArray[13] = "create";
UnSafeArray[14] = "insertinto";
UnSafeArray[15] = "sp_";
UnSafeArray[16] = "exec";
UnSafeArray[17] = "create";
UnSafeArray[18] = "insertinto";
UnSafeArray[19] = "masterdbo";
UnSafeArray[20] = "sp_";
UnSafeArray[21] = ";--";
UnSafeArray[22] = "1=";
foreach (string strValue in UnSafeArray)
{
if (strText.ToLower().IndexOf(strValue) > -1)
{
bResult = false;
break;
}
}
return bResult;
}
}
}
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
using System.Collections.Specialized;
namespace httpHandlers
{
/// <summary>
/// SqlInPost 的摘要说明
/// </summary>
public class SqlhttpHandlers : IHttpHandlerFactory
{
public SqlhttpHandlers()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
public virtual IHttpHandler GetHandler(HttpContext context, string requestType, string url, string pathTranslated)
{
//得到编译实例(通过反射)
PageHandlerFactory factory = (PageHandlerFactory)Activator.CreateInstance(typeof(PageHandlerFactory), true);
IHttpHandler handler = factory.GetHandler(context, requestType, url, pathTranslated);
//过滤字符串
if (requestType == "POST")
{
Page page = handler as Page;
if (page != null)
page.PreLoad += new EventHandler(FormFilterStrFactoryHandler_PreLoad);
}
if (requestType == "GET")
{
Page page = handler as Page;
if (page != null)
page.PreLoad += new EventHandler(RequestFilterStrFactoryRHandler_PreLoad);
}
//返回
return handler;
}
public virtual void ReleaseHandler(IHttpHandler handler)
{
}
/// <summary>
/// 过滤TextBox、Input和Textarea中非法字符
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void FormFilterStrFactoryHandler_PreLoad(object sender, EventArgs e)
{
try
{
bool isSafe = true;
Page page = sender as Page;
NameValueCollection postData = page.Request.Form;
foreach (string postKey in postData)
{
Control ctl = page.FindControl(postKey);
if (ctl as TextBox != null)
{
((TextBox)ctl).Text = ((TextBox)ctl).Text.Replace("'", "'");
string strValue = ((TextBox)ctl).Text.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
if (ctl as HtmlInputControl != null)
{
((HtmlInputControl)ctl).Value = ((HtmlInputControl)ctl).Value.Replace("'", "'");
string strValue = ((HtmlInputControl)ctl).Value.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
if (ctl as HtmlTextArea != null)
{
((HtmlTextArea)ctl).Value = ((HtmlTextArea)ctl).Value.Replace("'", "'");
string strValue = ((HtmlTextArea)ctl).Value.Trim();
if (!IsSafeString(strValue))
{
isSafe = false;
break;
}
continue;
}
}
if (!isSafe)
{
page.Response.Write("<b><font color='red' font-size=12pt>字符串格式非法!</font></b>");
page.Response.End();
}
}
catch(Exception ex)
{
string a = ex.Message;
}
}
/// <summary>
/// 过滤QueryString 中的非法字符串
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void RequestFilterStrFactoryRHandler_PreLoad(object sender, EventArgs e)
{
try
{
Page page = sender as Page;
NameValueCollection QueryNV = page.Request.QueryString;
bool isSafe = true;
for (int i = 0; i < QueryNV.Count; i++)
{
if (!IsSafeString(QueryNV.Get(i)))
{
isSafe = false;
break;
}
}
if (!isSafe)
{
page.Response.Write("<b><font color='red' font-size=12pt>字符串格式非法!</font></b>");
page.Response.End();
}
}
catch { }
}
//判断是否为安全字符串
public bool IsSafeString(string strText)
{
bool bResult = true;
strText = Regex.Replace(strText, "[\\s]{1,}", ""); //two or more spaces
strText = Regex.Replace(strText, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n"); //<br>
string[] UnSafeArray = new string[23];
UnSafeArray[0] = "'";
UnSafeArray[1] = "xp_cmdshell";
UnSafeArray[2] = "declare";
UnSafeArray[3] = "netlocalgroupadministrators";
UnSafeArray[4] = "delete";
UnSafeArray[5] = "truncate";
UnSafeArray[6] = "netuser";
UnSafeArray[7] = "/add";
UnSafeArray[8] = "drop";
UnSafeArray[9] = "update";
UnSafeArray[10] = "select";
UnSafeArray[11] = "union";
UnSafeArray[12] = "exec";
UnSafeArray[13] = "create";
UnSafeArray[14] = "insertinto";
UnSafeArray[15] = "sp_";
UnSafeArray[16] = "exec";
UnSafeArray[17] = "create";
UnSafeArray[18] = "insertinto";
UnSafeArray[19] = "masterdbo";
UnSafeArray[20] = "sp_";
UnSafeArray[21] = ";--";
UnSafeArray[22] = "1=";
foreach (string strValue in UnSafeArray)
{
if (strText.ToLower().IndexOf(strValue) > -1)
{
bResult = false;
break;
}
}
return bResult;
}
}
}
(2)在web.config文件中做以下配置
</system.web>
<httpHandlers>
<add verb="*" path="*.aspx" type="httpHandlers.SqlhttpHandlers, httpHandlers"/>
</httpHandlers>
</system.web>
