参考:https://blog.csdn.net/zhangbeizhen18/article/details/125239707
/** * @desc: sql注入过滤器 * @author: 毛会懂 * @create: 2022-11-14 11:04:00 **/ @Slf4j @RefreshScope @Service public class SqlInjectionFilter implements Filter { // 总开关: 0:关闭 1:打开 在nacos中配置 @Value("${sqlInjectionAllSwitch:1}") private Integer sqlInjectionAllSwitch; // 特殊字符的开关: 0:关闭 1:打开 在nacos中配置 @Value("${sqlInjectionKeySwitch:1}") private Integer sqlInjectionKeySwitch; /** * 校验的关键词 **/ private static final String SQL_REG_EXP = ".*(\\b(and|exec|execute|insert|into|create|drop|table|from|grant|use|group_concat|column_name|" + "information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|" + "chr|mid|master|truncate|char|declare|or|like)\\b).*"; /** * 根据开关是否校验字段的开头和结尾有特殊字符 **/ private static final List<String> keys = Arrays.asList(";","--",",","//","%","#","'","*"); @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { if(sqlInjectionAllSwitch.equals(0) || ("POST".equals(request.getMethod().toUpperCase()) && request.getHeader("content-type").startsWith("multipart/form-data"))){
// 总开关关闭 或 文件上传不sql过滤 filterChain.doFilter(servletRequest, servletResponse); return; } HttpServletRequest request = (HttpServletRequest) servletRequest; CustomRequestWrapper requestWrapper = new CustomRequestWrapper(request); Map<String, Object> parameterMap = new HashMap<>(); parameterMap =getParameterMap(parameterMap, request, requestWrapper); // 正则校验是否有SQL关键字 for (Object obj : parameterMap.entrySet()) { Map.Entry entry = (Map.Entry) obj; Object value = entry.getValue(); if (value != null) { boolean isValid = isSqlInject(value.toString(), servletResponse); if (!isValid) { return; } } } filterChain.doFilter(requestWrapper, servletResponse); } private Map<String, Object> getParameterMap(Map<String, Object> paramMap, HttpServletRequest request, CustomRequestWrapper requestWrapper) { // 1.POST请求获取参数 if ("POST".equals(request.getMethod().toUpperCase())) { String body = requestWrapper.getBody(); paramMap = JSONObject.parseObject(body, HashMap.class); } else { Map<String, String[]> parameterMap = requestWrapper.getParameterMap(); //普通的GET请求 if (parameterMap != null && parameterMap.size() > 0) { Set<Map.Entry<String, String[]>> entries = parameterMap.entrySet(); for (Map.Entry<String, String[]> next : entries) { paramMap.put(next.getKey(), next.getValue()[0]); } } else { //GET请求,参数在URL路径型式,比如server/{var1}/{var2} String afterDecodeUrl = null; try { //编码过URL需解码解码还原字符 afterDecodeUrl = URLDecoder.decode(request.getRequestURI(), "UTF-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } paramMap.put("pathVar", afterDecodeUrl); } } return paramMap; } private boolean isSqlInject(String value, ServletResponse servletResponse) throws IOException { if ((null != value && value.toLowerCase().matches(SQL_REG_EXP)) || isKey(value)) { // if (null != value && Pattern.compile(SQL_REG_EXP).matcher(value.toLowerCase()).find()) { log.info("入参中有非法字符: " + value); HttpServletResponse response = (HttpServletResponse) servletResponse; Map<String, String> responseMap = new HashMap<>(); // 匹配到非法字符,立即返回 responseMap.put("code", "999"); responseMap.put("message","入参中有非法字符"); response.setContentType("application/json;charset=UTF-8"); response.setStatus(HttpStatus.OK.value()); response.getWriter().write(JSON.toJSONString(responseMap)); response.getWriter().flush(); response.getWriter().close(); return false; } return true; } /** * @desc : 校验是否以关键字开头或结尾 * @author : 毛会懂 * @create: 2022/11/14 15:38:00 **/ private Boolean isKey(String value){ // 不开启关键字校验 if(sqlInjectionKeySwitch.equals(0)){ return Boolean.FALSE; } for (String key : keys) { if(value.startsWith(key) || value.endsWith(key)){ return Boolean.TRUE; } } return Boolean.FALSE; } }
包装请求:
/** * @desc: 装饰请求 * @author: 毛会懂 * @create: 2022-11-14 11:05:00 **/ public class CustomRequestWrapper extends HttpServletRequestWrapper { private final String body; public CustomRequestWrapper(HttpServletRequest request) throws IOException { super(request); StringBuilder sb = new StringBuilder(); BufferedReader bufferedReader = null; try { InputStream inputStream = request.getInputStream(); if (inputStream != null) { bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); char[] charBuffer = new char[512]; int bytesRead = -1; while ((bytesRead = bufferedReader.read(charBuffer)) > 0) { sb.append(charBuffer, 0, bytesRead); } } } catch (IOException e) { e.printStackTrace(); throw e; } finally { if (bufferedReader != null) { try { bufferedReader.close(); } catch (IOException e) { e.printStackTrace(); throw e; } } } body = sb.toString(); } @Override public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream bais = new ByteArrayInputStream(body.getBytes("UTF-8")); return new ServletInputStream() { @Override public boolean isFinished() { return false; } @Override public boolean isReady() { return false; } @Override public void setReadListener(ReadListener readListener) { } @Override public int read() { return bais.read(); } }; } @Override public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(this.getInputStream(), StandardCharsets.UTF_8)); } public String getBody() { return this.body; } @Override public String getParameter(String name) { return super.getParameter(name); } @Override public Map<String, String[]> getParameterMap() { return super.getParameterMap(); } @Override public Enumeration<String> getParameterNames() { return super.getParameterNames(); } @Override public String[] getParameterValues(String name) { return super.getParameterValues(name); } }
/** * @desc: sql过滤器注册 * @author: 毛会懂 * @create: 2022-11-14 11:35:00 **/ @Configuration public class FilterConfiguration { @Autowired private SqlInjectionFilter filter; @Bean public FilterRegistrationBean<SqlInjectionFilter> sqlFilterRegistrationBean() { FilterRegistrationBean<SqlInjectionFilter> filterReg = new FilterRegistrationBean<>(); filterReg.setFilter(filter); filterReg.addUrlPatterns("/*"); filterReg.setOrder(1); return filterReg; } }