如何判断自己写的sql是否存在注入的安全隐患

光明31007625

已于 2022-01-27 17:40:22 修改

阅读量1.1k

点赞数

文章标签： sql java 数据库

于 2022-01-27 17:19:04 首次发布

本文链接：https://blog.csdn.net/qq_44322586/article/details/122720797

版权

如果你使用的是框架方式写的sql，就没问题，比如JPA支持@Query查询，

UserInfoRepository

/**
 * @Author ZGM
 * @DateTime 2022/1/24
 * @description
 */
@Repository
public interface UserInfoRepository extends JpaRepository<UserInfo, Long>, JpaSpecificationExecutor<UserInfo> {

@Query(value = "select * from user_info info where info.profession = ?1",nativeQuery = true)
Page<UserInfo> selectAll(String profession, Pageable pageable);
}

UserService

/**
 * @Author ZGM
 * @DateTime 2022/1/4
 * @description
 */
@Service
@RequiredArgsConstructor
@RefreshScope
public class UserService extends KeyGenService {
    private final UserInfoRepository infoRepository;
    
    @PersistenceContext
    private EntityManager entityManager;

    public Object list4(String profession){
        Pageable pageable = PageRequest.of(0,15);
        StringBuilder nativeQuerySql;
        StringBuilder nativeCountSql;
        Query dataQuery;
        Query countQuery;
        Map<String, Object> properties = Maps.newHashMap();
        List<Map<String, Object>> resultList;
        long totalEles;
        nativeQuerySql = new StringBuilder("SELECT * FROM user_info ");
        nativeCountSql = new StringBuilder("SELECT COUNT(*) FROM ( SELECT * FROM user_info ");
        if (profession != null) {
            nativeQuerySql.append(" where profession = profession ");
            nativeCountSql.append(" where profession = profession ");
        }
        nativeCountSql.append("  ) as X ");
        dataQuery = entityManager.createNativeQuery(nativeQuerySql.toString());
        countQuery = entityManager.createNativeQuery(nativeCountSql.toString());

        dataQuery.setFirstResult((int) pageable.getOffset());
        dataQuery.setMaxResults(pageable.getPageSize());


        dataQuery.unwrap(NativeQueryImpl.class).setResultTransformer(Transformers.ALIAS_TO_ENTITY_MAP);

        totalEles = countQuery.getResultList() == null || countQuery.getResultList().size() == 0 ? 0 : Long.parseLong(countQuery.getResultList().get(0).toString());

        resultList = dataQuery.getResultList();
        return new PageImpl<>(resultList, pageable, totalEles);
    }

    public Page<UserInfo> list1(String profession){
        Pageable pageable = PageRequest.of(0,15);
        return infoRepository.selectAll(profession, pageable);
    }
}

UserController

/**
 * @Author ZGM
 * @DateTime 2022/1/24
 * @description
 */
@RestController
@RequestMapping("/v1/user")
@RequiredArgsConstructor
public class UserController {
    private final UserService userService;

    @PostMapping("/list4")
    public Object list4(@RequestParam(required = false) String profession){
        return userService.list4(profession);
    }
    @PostMapping("/list1")
    public Object list1(@RequestParam String profession){
        return userService.list1(profession);
    }
}

当调用/list1接口时，传递的参数值为“通信”，打印的sql如下图所示，没有直接把参数值加进去，而是用？替代，之就说明框架自己做了防止SQL注入的处理

Hibernate: select * from user_info info where info.profession = ? limit ?

当调用/list4接口时，传递的参数值为“通信”，打印的sql如下图所示，直接把参数值加进去，这就没有做防止SQL注入的处理

Hibernate: SELECT * FROM user_info info  where info.profession = '通信' limit ?

其他的框架应该也有类似的操作，只需要把sql打印出对比一下就知道了。

光明31007625

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
如何判断自己写的sql是否存在注入的安全隐患

如果你使用的是框架方式写的sql，就没问题，比如JPA支持@Query查询，UserInfoRepository/** * @Author ZGM * @DateTime 2022/1/24 * @description */@Repositorypublic interface UserInfoRepository extends JpaRepository<UserInfo, Long>, JpaSpecificationExecutor<UserInfo> {
复制链接

扫一扫