Java中的SQL注入攻击
[英]SQL injection Attack in Java
问题描述
I am trying to achieve one of the scenario using java code.
我正在尝试使用 java 代码实现其中一种场景。 I am writing some bad code to analyse it over sonarqube.我正在编写一些糟糕的代码来通过声纳分析它。
I tried to test "SQL queries should not be vulnerable to injection attacks" fromhttps://rules.sonarsource.com/java/tag/SonarSecurity/RSPEC-3649 .我试图从https://rules.sonarsource.com/java/tag/SonarSecurity/RSPEC-3649测试“SQL 查询不应受到注入攻击”。 Below is the code that i am trying to analyse,下面是我试图分析的代码,
package group;
import java.util.*;
import java.io.PrintStream;
import java.nio.file.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import javax.naming.*;
public class SonarDemo {
public static void main(String[] args) {
PrintStream o = System.out; //NOSONAR
String pass = args[0];//request.getParameter("pass");
String user = args[1];
String query = "SELECT * FROM users WHERE user = '" + user + "' AND pass = '" + pass + "'"; // Unsafe
Properties connectionProps = new Properties();
connectionProps.put("user", user);
connectionProps.put("password", pass);
java.sql.Connection connection = null;
try {
connection = java.sql.DriverManager.getConnection("jdbc:localhost:sql1;create=true",connectionProps);
java.sql.Statement statement = connection.createStatement();
java.sql.ResultSet resultSet = statement.executeQuery(query);
Files.exists(Paths.get("/home/", user));
String filter = "(&(uid=" + user + ")(userPassword=" + pass + "))"; // Unsafe
LdapContext ctx = new InitialLdapContext();
NamingEnumeration<SearchResult> results = ctx.search("ou=system", filter, new SearchControls());
} catch (Exception e){
o.println("Exception");
}
}
}
But there is some Issue in code where sonarqube isn't able to pick up this code and show there is an issue with injection attack.但是代码中存在一些问题,其中 sonarqube 无法获取此代码并显示注入攻击存在问题。
How to modify this code to create some SQL injection attack so that my sonarqube can able to show this error on dashboard?如何修改此代码以创建一些 SQL 注入攻击,以便我的 sonarqube 能够在仪表板上显示此错误?
In short- Modifying above code to create injection attack as as mentioned herehttps://rules.sonarsource.com/java/tag/SonarSecurity/RSPEC-3649简而言之-修改上面的代码以创建这里提到的注入攻击https://rules.sonarsource.com/java/tag/SonarSecurity/RSPEC-3649
2 个解决方案
解决方案1
2 2018-07-17 14:56:15
User provided data such as URL parameters should always be considered as untrusted and tainted.
AFAIK runtime args are not recognized as input from the user. AFAIK 运行时参数不被识别为来自用户的输入。 To reproduce the issue try taking user and pass from the URL parameters of a request.要重现该问题,请尝试获取用户并从请求的 URL 参数中传递。
public boolean authenticate(javax.servlet.http.HttpServletRequest request, java.sql.Connection connection) throws SQLException {
String user = request.getParameter("user");
String pass = request.getParameter("pass");
}
解决方案2
-2 2019-10-30 19:32:31
In this particular line在这个特定的行中
String query = "SELECT * FROM users WHERE user = '" + user + "' AND pass = '" + pass + "'"; // Unsafe
instead of using + to concat string ,use StringBuilder and its append method to concat string which will avoid SQL injection attack.而不是使用+来连接字符串,使用StringBuilder及其 append 方法来连接字符串,这将避免 SQL 注入攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.