Big-Data-Lab
/
CET-cmd-2.0
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

【issues/4393】解决使用参数tableName=sys_user t&复测,漏洞仍然存在

This commit is contained in:
zhangdaiscott 2023-08-14 15:54:03 +08:00
parent 751b81c7bf
commit 20889e8724
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jeecg-boot-base-core/src/main/java/org/jeecg/common/util/security/AbstractQueryBlackListHandler.java
View File

@ -67,14 +67,14 @@ public abstract class AbstractQueryBlackListHandler {
} }
for (QueryTable table : list) { for (QueryTable table : list) {
String name = table.getName(); String name = table.getName();
String fieldString = ruleMap.get(name); String fieldRule = ruleMap.get(name);
// 有没有配置这张表 // 有没有配置这张表
if (fieldString != null) { if (fieldRule != null) {
if ("*".equals(fieldString) || table.isAll()) { if ("*".equals(fieldRule) || table.isAll()) {
flag = false; flag = false;
log.warn("sql黑名单校验表【"+name+"】禁止查询"); log.warn("sql黑名单校验表【"+name+"】禁止查询");
break; break;
} else if (table.existSameField(fieldString)) { } else if (table.existSameField(fieldRule)) {
flag = false; flag = false;
break; break;
} }

13
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/security/DictQueryBlackListHandler.java
View File

@ -5,6 +5,8 @@ import org.jeecg.common.util.oConvertUtils;
import org.jeecg.common.util.security.AbstractQueryBlackListHandler; import org.jeecg.common.util.security.AbstractQueryBlackListHandler;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -23,6 +25,17 @@ public class DictQueryBlackListHandler extends AbstractQueryBlackListHandler {
@Override @Override
protected List<QueryTable> getQueryTableInfo(String dictCodeString) { protected List<QueryTable> getQueryTableInfo(String dictCodeString) {
//针对转义字符进行解码
try {
if (dictCodeString.contains("%")) {
dictCodeString = URLDecoder.decode(dictCodeString, "UTF-8");
}
} catch (UnsupportedEncodingException e) {
//e.printStackTrace();
}
dictCodeString = dictCodeString.trim();
// 无论什么场景 第二三个元素一定是表的字段直接add
if (dictCodeString != null && dictCodeString.indexOf(SymbolConstant.COMMA) > 0) { if (dictCodeString != null && dictCodeString.indexOf(SymbolConstant.COMMA) > 0) {
String[] arr = dictCodeString.split(SymbolConstant.COMMA); String[] arr = dictCodeString.split(SymbolConstant.COMMA);
if (arr.length != 3 && arr.length != 4) { if (arr.length != 3 && arr.length != 4) {