修改权限通用查询过滤sql注入问题，导致动态页面无法保存，追加jsonArray判断

a65eab89 · 王炜 · 88c67ef1 · a65eab89
Commit a65eab89 authored Jun 27, 2024 by 王炜
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 13 deletions

AbstractFacadeServlet.java src/main/java/leaf/service/http/AbstractFacadeServlet.java +17 -13

No files found.
--- a/src/main/java/leaf/service/http/AbstractFacadeServlet.java
+++ b/src/main/java/leaf/service/http/AbstractFacadeServlet.java
@@ -12,6 +12,7 @@ import leaf.events.E_ServiceFinish;
 import leaf.service.*;
 import leaf.transaction.ITransactionService;
 import leaf.transaction.UserTransactionImpl;
+import org.json.JSONArray;
 import org.json.JSONObject;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
@@ -116,21 +117,24 @@ public abstract class AbstractFacadeServlet extends HttpServlet {
            if(it.getKey().equals("_request_data")&&!it.getValue()[0].isEmpty()){
                JSONObject requestData = new JSONObject(it.getValue()[0]);
                if(requestData.has("parameter")){
-                    JSONObject paraOject=requestData.getJSONObject("parameter");
+                    if(!(requestData.get("parameter") instanceof JSONArray)){
-                    if (paraOject.has("trx_id")){
+                        JSONObject paraOject=requestData.getJSONObject("parameter");
-                        String trx_id=paraOject.get("trx_id").toString().toLowerCase();
+                        if (paraOject.has("trx_id")){
-                        if(trx_id.indexOf("and") != -1||
+                            String trx_id=paraOject.get("trx_id").toString().toLowerCase();
-                                trx_id.indexOf("or") != -1||
+                            if(trx_id.indexOf("and") != -1||
-                                trx_id.indexOf("=") != -1||
+                                    trx_id.indexOf("or") != -1||
-                                trx_id.indexOf("select") != -1||
+                                    trx_id.indexOf("=") != -1||
-                                trx_id.indexOf("union") != -1||
+                                    trx_id.indexOf("select") != -1||
-                                trx_id.indexOf("<") != -1||
+                                    trx_id.indexOf("union") != -1||
-                                trx_id.indexOf(">") != -1||
+                                    trx_id.indexOf("<") != -1||
-                                trx_id.indexOf("+") != -1||
+                                    trx_id.indexOf(">") != -1||
-                                trx_id.indexOf("-") != -1){
+                                    trx_id.indexOf("+") != -1||
-                            throw new RuntimeException("parameter contain illegal value:" + trx_id);
+                                    trx_id.indexOf("-") != -1){
+                                throw new RuntimeException("parameter contain illegal value:" + trx_id);
+                            }
                        }
                    }
                }