From c62ac4c38350d0001ac7ca7489f47633f539b17e Mon Sep 17 00:00:00 2001 From: Jie Zheng <201507802@qq.com> Date: Wed, 15 Jan 2025 11:05:47 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=A2=9E=E5=8A=A0JDBC=20URL=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E5=8F=82=E6=95=B0=E8=BF=87=E6=BB=A4=EF=BC=8C=E9=98=B2?= =?UTF-8?q?=E6=AD=A2SQL=E6=B3=A8=E5=85=A5=E7=AD=89=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit close https://github.com/elunez/eladmin/issues/839 --- .../mnt/service/impl/DatabaseServiceImpl.java | 18 +++++------ .../zhengjie/modules/mnt/util/SqlUtils.java | 31 +++++++++++++++++++ 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/service/impl/DatabaseServiceImpl.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/service/impl/DatabaseServiceImpl.java index fa55782e..386b4c29 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/service/impl/DatabaseServiceImpl.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/service/impl/DatabaseServiceImpl.java @@ -88,15 +88,15 @@ public class DatabaseServiceImpl implements DatabaseService { } } - @Override - public boolean testConnection(Database resources) { - try { - return SqlUtils.testConnection(resources.getJdbcUrl(), resources.getUserName(), resources.getPwd()); - } catch (Exception e) { - log.error(e.getMessage()); - return false; - } - } + @Override + public boolean testConnection(Database resources) { + try { + return SqlUtils.testConnection(resources.getJdbcUrl(), resources.getUserName(), resources.getPwd()); + } catch (Exception e) { + log.error(e.getMessage()); + return false; + } + } @Override public void download(List queryAll, HttpServletResponse response) throws IOException { diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/util/SqlUtils.java b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/util/SqlUtils.java index d7e06b17..0e867af5 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/mnt/util/SqlUtils.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/mnt/util/SqlUtils.java @@ -61,6 +61,8 @@ public class SqlUtils { druidDataSource.setDriverClassName(className); } + // 去掉不安全的参数 + jdbcUrl = sanitizeJdbcUrl(jdbcUrl); druidDataSource.setUrl(jdbcUrl); druidDataSource.setUsername(userName); @@ -198,4 +200,33 @@ public class SqlUtils { return sqlList; } + /** + * 去除不安全的参数 + * @param jdbcUrl / + * @return / + */ + private static String sanitizeJdbcUrl(String jdbcUrl) { + // 定义不安全参数和其安全替代值 + String[][] unsafeParams = { + // allowLoadLocalInfile:允许使用 LOAD DATA LOCAL INFILE,可能导致文件泄露 + {"allowLoadLocalInfile", "false"}, + // allowUrlInLocalInfile:允许在 LOAD DATA LOCAL INFILE 中使用 URL,可能导致未经授权的文件访问 + {"allowUrlInLocalInfile", "false"}, + // autoDeserialize:允许自动反序列化对象,可能导致反序列化漏洞 + {"autoDeserialize", "false"}, + // allowNanAndInf:允许使用 NaN 和 Infinity 作为数字值,可能导致不一致的数据处理 + {"allowNanAndInf", "false"}, + // allowMultiQueries:允许在一个语句中执行多个查询,可能导致 SQL 注入攻击 + {"allowMultiQueries", "false"}, + // allowPublicKeyRetrieval:允许从服务器检索公钥,可能导致中间人攻击 + {"allowPublicKeyRetrieval", "false"} + }; + + // 替换不安全的参数 + for (String[] param : unsafeParams) { + jdbcUrl = jdbcUrl.replaceAll("(?i)" + param[0] + "=true", param[0] + "=" + param[1]); + } + return jdbcUrl; + } + }