We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
测试发现,对于以下的sql注入漏洞,是无法检测的:
String username = request.getParameter("username"); String order = request.getParameter("order"); String sql= "select host,user from user where user=? order by host "+order; //System.out.println(sql); PreparedStatement preState = conn.prepareStatement(sql); preState.setString(1, username); ResultSet rs = preState.executeQuery();
其根源在于未hook预编译相关的方法。 对于mysql来说可以通过以下方式来解决: 添加SQLConnectionHook类(这里只覆盖了mysql,其他的请官方补充吧)
public class SQLConnectionHook extends AbstractClassHook { private String type; private String[] exceptions; /** * (none-javadoc) * * @see com.fuxi.javaagent.hook.AbstractClassHook#getType() */ @Override public String getType() { return "sql"; } @Override public boolean isClassMatched(String className) { /* MySQL */ if ("com/mysql/jdbc/ConnectionImpl".equals(className) || "com/mysql/cj/jdbc/ConnectionImpl".equals(className)) { this.type = "mysql"; this.exceptions = new String[]{"java/sql/SQLException"}; return true; } /* SQLite */ /* Oracle */ /* SQL Server */ /* PostgreSQL */ return false; } @Override protected MethodVisitor hookMethod(int access, String name, String desc, String signature, String[] exceptions, MethodVisitor mv) { boolean hook = false; if (name.equals("prepareStatement") && Arrays.equals(exceptions, this.exceptions)) { if (desc.equals("(Ljava/lang/String;)Ljava/sql/PreparedStatement;") ) { hook = true; } } return hook ? new AdviceAdapter(Opcodes.ASM5, mv, access, name, desc) { @Override protected void onMethodEnter() { push(type); loadArg(0); invokeStatic(Type.getType(HookHandler.class), new Method("checkSQL", "(Ljava/lang/String;Ljava/lang/String;)V")); } } : mv; } }
The text was updated successfully, but these errors were encountered:
如QQ群里讨论,预计在0.30版本增加(下个版本0.20)
Sorry, something went wrong.
放 v0.31 了,测试下没有性能的话,问题我们就加上
由 @feng 反馈,建议把spring data jpa、hibernate等主流持久层框架都测一遍
已经正式支持 prepared statement,关闭这个 ISSUE
No branches or pull requests
测试发现,对于以下的sql注入漏洞,是无法检测的:
其根源在于未hook预编译相关的方法。
对于mysql来说可以通过以下方式来解决:
添加SQLConnectionHook类(这里只覆盖了mysql,其他的请官方补充吧)
The text was updated successfully, but these errors were encountered: