增加ToSql接口，处理@column重命名列名时的sql注入的情况

haptear · haptear · commit 0275e34067b7 · 2019-05-30T17:09:36.000+08:00
diff --git a/APIJSON.NET/APIJSONCommon/Properties/AssemblyInfo.cs b/APIJSON.NET/APIJSONCommon/Properties/AssemblyInfo.cs
@@ -6,7 +6,7 @@
 // 控制。更改这些特性值可修改
 // 与程序集关联的信息。
 [assembly: AssemblyTitle("ApiJson.Common")]
-[assembly: AssemblyDescription("单表查询的返回节点指定为Infos")]
+[assembly: AssemblyDescription("增加ToSql接口，处理sql注入的情况")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]
 [assembly: AssemblyProduct("ApiJson.Common")]
@@ -32,5 +32,5 @@
 //可以指定所有这些值，也可以使用“生成号”和“修订号”的默认值
 //通过使用 "*"，如下所示:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("0.0.4.0")]
-[assembly: AssemblyFileVersion("0.0.4.0")]
+[assembly: AssemblyVersion("0.0.6.0")]
+[assembly: AssemblyFileVersion("0.0.6.0")]
diff --git a/APIJSON.NET/APIJSONCommon/SelectTable.cs b/APIJSON.NET/APIJSONCommon/SelectTable.cs
@@ -66,6 +66,19 @@ public object ExecFunc(string funcname, object[] param, Type[] types)
             return result;
         }
 
+        private string ToSql(string subtable, int page, int count, int query, string json)
+        {
+            JObject values = JObject.Parse(json);
+            page = values["page"] == null ? page : int.Parse(values["page"].ToString());
+            count = values["count"] == null ? count : int.Parse(values["count"].ToString());
+            query = values["query"] == null ? query : int.Parse(values["query"].ToString());
+            values.Remove("page");
+            values.Remove("count");
+            subtable = _tableMapper.GetTableName(subtable);
+            var tb = sugarQueryable(subtable, "*", values,null);
+            var xx= tb.Skip((page - 1) * count).Take(10).ToSql();
+            return xx.Key;
+        }
         /// <summary>
         /// 
         /// </summary>
@@ -187,8 +200,9 @@ public JObject Query(string queryJson)
         /// 单表查询
         /// </summary>
         /// <param name="queryObj"></param>
+        /// <param name="nodeName">返回数据的节点名称  默认为 infos</param>
         /// <returns></returns>
-        public JObject QuerySingle(JObject queryObj)
+        public JObject QuerySingle(JObject queryObj, string nodeName = "infos")
         {
             JObject resultObj = new JObject();
             resultObj.Add("code", "200");
@@ -202,7 +216,7 @@ public JObject QuerySingle(JObject queryObj)
 
                     if (key.EndsWith("[]"))
                     {
-                        total = QuerySingleList(resultObj, item, "Infos");
+                        total = QuerySingleList(resultObj, item, nodeName);
                     }
                     else if (key.Equals("func"))
                     {
@@ -222,6 +236,25 @@ public JObject QuerySingle(JObject queryObj)
             return resultObj;
         }
 
+        /// <summary>
+        /// 获取查询语句
+        /// </summary>
+        /// <param name="queryObj"></param>
+        /// <returns></returns>
+        public string ToSql(JObject queryObj)
+        {
+            foreach (var item in queryObj)
+            {
+                string key = item.Key.Trim();
+
+                if (key.EndsWith("[]"))
+                {
+                    return  ToSql(item);
+                }
+            }
+            return string.Empty;
+        }
+
         /// <summary>
         /// 解析并查询
         /// </summary>
@@ -284,6 +317,7 @@ private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item
             int total = 0;
 
             jb.Remove("page"); jb.Remove("count"); jb.Remove("query");
+
             var htt = new JArray();
             foreach (var t in jb)
             {
@@ -307,6 +341,23 @@ private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item
             return total;
         }
 
+        private string ToSql(KeyValuePair<string, JToken> item)
+        {
+            string key = item.Key.Trim();
+            var jb = JObject.Parse(item.Value.ToString());
+            int page = jb["page"] == null ? 0 : int.Parse(jb["page"].ToString());
+            int count = jb["count"] == null ? 10 : int.Parse(jb["count"].ToString());
+            int query = jb["query"] == null ? 0 : int.Parse(jb["query"].ToString());
+
+            jb.Remove("page"); jb.Remove("count"); jb.Remove("query");
+            var htt = new JArray();
+            foreach (var t in jb)
+            {
+                return ToSql(t.Key, page, count, query, t.Value.ToString());
+            }
+
+            return string.Empty;
+        }
         //单表查询
         private int QuerySingleList(JObject resultObj, KeyValuePair<string, JToken> item)
         {
@@ -495,7 +546,13 @@ private void ProcessColumn(string subtable, string selectrole, JObject values, I
                 if (colName == "*" || int.TryParse(colName, out int colNumber) || (IsCol(subtable, colName) && _identitySvc.ColIsRole(colName, selectrole.Split(','))))
                 {
                     if (ziduan.Length > 1)
-                        str.Append(ziduan[0] + " as " + ziduan[1] + ",");
+                    {
+                        if (ziduan[1].Length > 20)
+                        {
+                            throw new Exception("别名不能超过20个字符");
+                        }
+                        str.Append(ziduan[0] + " as " + ReplaceSQLChar(ziduan[1]) + ",");
+                    }
                     else
                         str.Append(ziduan[0] + ",");
 
@@ -744,5 +801,40 @@ private void FuzzyQuery(string subtable, List<IConditionalModel> conModels, KeyV
                 conModels.Add(new ConditionalModel() { FieldName = vakey.TrimEnd('$'), ConditionalType = conditionalType, FieldValue = fieldValue.TrimEnd("%".ToArray()).TrimStart("%".ToArray()) });
             }
         }
+
+        public string ReplaceSQLChar(string str)
+        {
+            if (str == String.Empty)
+                return String.Empty;
+            str = str.Replace("'", "");
+            str = str.Replace(";", "");
+            str = str.Replace(",", "");
+            str = str.Replace("?", "");
+            str = str.Replace("<", "");
+            str = str.Replace(">", "");
+            str = str.Replace("(", "");
+            str = str.Replace(")", "");
+            str = str.Replace("@", "");
+            str = str.Replace("=", "");
+            str = str.Replace("+", "");
+            str = str.Replace("*", "");
+            str = str.Replace("&", "");
+            str = str.Replace("#", "");
+            str = str.Replace("%", "");
+            str = str.Replace("$", "");
+            str = str.Replace("\"", "");
+
+            //删除与数据库相关的词
+            str = Regex.Replace(str, "delete from", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "drop table", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "xp_cmdshell", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "exec master", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "net localgroup administrators", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "net user", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "-", "", RegexOptions.IgnoreCase);
+            str = Regex.Replace(str, "truncate", "", RegexOptions.IgnoreCase);
+            return str;
+        }
     }
 }
