forked from wooyunwang/Fortify
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSQL注入:JDO
35 lines (35 loc) · 1.27 KB
/
SQL注入:JDO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
SQL注入,SQL语句中存在用户输入的字符串,数据用于动态地构造一个SQL或JDOQL查询。
<b>修复建议</b>
使用带占位符的预编译执行方式的SQL语句,并且,所有非程序自身的数据都不参与SQL语句的构成。
<b>修复示例</b>
如:
<pre>
public void risk(HttpServletRequest request, Connection c, org.apache.log4j.Logger logger) {
try {
String userName = ctx.getAuthenticatedUserName();
String itemName = request.getParameter("itemName");
String sql = "SELECT * FROM items WHERE owner = '"
+ userName + "' AND itemname = '"+ itemName + "'";
Query query = pm.newQuery(Query.SQL, sql);
query.setClass(Person.class);
List people = (List)query.execute();
} catch (SQLException e) {
logger.warn("Exception", e);
}
}
</pre>
修复为:
<pre>
public void fix(HttpServletRequest request, Connection c, org.apache.log4j.Logger logger) {
String userName = request.getParameter("userName ");
String itemName = request.getParameter("itemName");
String query ="FROM items WHERE itemname=? AND owner=?";
Query stmt = sess.createQuery(query);
stmt.setString(0, itemName);
stmt.setString(1, userName);
List items = stmt.list();
} catch (SQLException e) {
logger.warn(“Exception”, e);
}
}
</pre>