public class SqlInjectHelper
{
/// <summary>
///
/// </summary>
private static List<Regex> regices;
/// <summary>
///
/// </summary>
static SqlInjectHelper()
{
regices = new List<Regex>();
regices.Add(new Regex(@"<[^>]+?style=[\w]+?:expression\(|<[^>]*?=[^>]*?&#[^>]*?>|\b(alert|confirm|prompt)\b|^\+/v(8|9)|\bonmouse(over|move)=\b|\b(and|or)\b.+?(>|<|=|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)", RegexOptions.IgnoreCase));
regices.Add(new Regex(@"\b(and|or)\b.+?(>|<|=|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)", RegexOptions.IgnoreCase));
regices.Add(new Regex(@"\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)", RegexOptions.IgnoreCase));
regices.Add(new Regex(@"<[^>]+?style=[\w]+?:expression\(|\bonmouse(over|move)=\b|\b(alert|confirm|prompt)\b|^\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|<\s*img\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)", RegexOptions.IgnoreCase));
regices.Add(new Regex(@"'([\s\+]+'){1,}", RegexOptions.IgnoreCase));
}
/// <summary>
///
/// </summary>
/// <returns></returns>
public bool CheckSqlInject()
{
if (CheckRequestQuery())
{
return true;
}
if (CheckRequestForm())
{
return true;
}
//if (CheckRequestRequestJson())
//{
// return true;
//}
return false;
}
/// <summary>
///
/// </summary>
private readonly HttpRequest _request;
/// <summary>
///
/// </summary>
/// <param name="request"></param>
public SqlInjectHelper(HttpRequest request)
{
_request = request;
}
/// <summary>
///
/// </summary>
/// <param name="formValue"></param>
/// <returns></returns>
private static bool IsInjection(string formValue)
{
foreach (var regex in regices)
{
Match m = regex.Match(formValue);
if (m.Success)
{
return true;
}
}
return false;
}
/// <summary>
///
/// </summary>
/// <returns></returns>
public bool CheckRequestRequestJson()
{
long buffSize = _request.InputStream.Length;
if (buffSize > 0)
{
byte[] buff = new byte[buffSize];
_request.InputStream.Read(buff, 0, (int)buffSize);
string postContent = _request.ContentEncoding.GetString(buff);
return IsInjection(postContent);
}
return false;
}
///<summary>
///检查URL中是否包含Sql注入
/// <param name="_request">当前HttpRequest对象</param>
/// <returns>如果包含sql注入关键字,返回:true;否则返回:false</returns>
///</summary>
public bool CheckRequestQuery()
{
if (_request.QueryString.Count > 0)
{
foreach (string sqlParam in this._request.QueryString)
{
if (sqlParam == "__VIEWSTATE")
continue;
if (sqlParam == "__EVENTVALIDATION")
continue;
if (CheckKeyWord(_request.QueryString[sqlParam].ToLower()))
{
return true;
}
}
}
return false;
}
///<summary>
///检查提交的表单中是否包含Sql注入关键字
/// <param name="_request">当前HttpRequest对象</param>
/// <returns>如果包含sql注入关键字,返回:true;否则返回:false</returns>
///</summary>
public bool CheckRequestForm()
{
if (_request.Form.Count > 0)
{
foreach (string sqlParam in this._request.Form)
{
if (sqlParam == "__VIEWSTATE")
continue;
if (sqlParam == "__EVENTVALIDATION")
continue;
if (CheckKeyWord(_request.Form[sqlParam]))
{
return true;
}
}
}
return false;
}
///<summary>
///检查字符串中是否包含Sql注入关键字
/// <param name="value">被检查的字符串</param>
/// <returns>如果包含sql注入关键字,返回:true;否则返回:false</returns>
///</summary>
private static bool CheckKeyWord(string value)
{
return IsInjection(value);
}
}