fix: 增加JDBC URL安全参数过滤,防止SQL注入等漏洞

close https://github.com/elunez/eladmin/issues/839
pull/875/head
Jie Zheng 2025-01-15 11:05:47 +08:00
parent 13ae86ad15
commit c62ac4c383
2 changed files with 40 additions and 9 deletions

View File

@ -88,15 +88,15 @@ public class DatabaseServiceImpl implements DatabaseService {
} }
} }
@Override @Override
public boolean testConnection(Database resources) { public boolean testConnection(Database resources) {
try { try {
return SqlUtils.testConnection(resources.getJdbcUrl(), resources.getUserName(), resources.getPwd()); return SqlUtils.testConnection(resources.getJdbcUrl(), resources.getUserName(), resources.getPwd());
} catch (Exception e) { } catch (Exception e) {
log.error(e.getMessage()); log.error(e.getMessage());
return false; return false;
} }
} }
@Override @Override
public void download(List<DatabaseDto> queryAll, HttpServletResponse response) throws IOException { public void download(List<DatabaseDto> queryAll, HttpServletResponse response) throws IOException {

View File

@ -61,6 +61,8 @@ public class SqlUtils {
druidDataSource.setDriverClassName(className); druidDataSource.setDriverClassName(className);
} }
// 去掉不安全的参数
jdbcUrl = sanitizeJdbcUrl(jdbcUrl);
druidDataSource.setUrl(jdbcUrl); druidDataSource.setUrl(jdbcUrl);
druidDataSource.setUsername(userName); druidDataSource.setUsername(userName);
@ -198,4 +200,33 @@ public class SqlUtils {
return sqlList; return sqlList;
} }
/**
*
* @param jdbcUrl /
* @return /
*/
private static String sanitizeJdbcUrl(String jdbcUrl) {
// 定义不安全参数和其安全替代值
String[][] unsafeParams = {
// allowLoadLocalInfile允许使用 LOAD DATA LOCAL INFILE可能导致文件泄露
{"allowLoadLocalInfile", "false"},
// allowUrlInLocalInfile允许在 LOAD DATA LOCAL INFILE 中使用 URL可能导致未经授权的文件访问
{"allowUrlInLocalInfile", "false"},
// autoDeserialize允许自动反序列化对象可能导致反序列化漏洞
{"autoDeserialize", "false"},
// allowNanAndInf允许使用 NaN 和 Infinity 作为数字值,可能导致不一致的数据处理
{"allowNanAndInf", "false"},
// allowMultiQueries允许在一个语句中执行多个查询可能导致 SQL 注入攻击
{"allowMultiQueries", "false"},
// allowPublicKeyRetrieval允许从服务器检索公钥可能导致中间人攻击
{"allowPublicKeyRetrieval", "false"}
};
// 替换不安全的参数
for (String[] param : unsafeParams) {
jdbcUrl = jdbcUrl.replaceAll("(?i)" + param[0] + "=true", param[0] + "=" + param[1]);
}
return jdbcUrl;
}
} }