sql_inject_detector.go
917 字节
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package domain
import (
"fmt"
"gitlab.fjmaimaimai.com/allied-creation/character-library-metadata-bastion/pkg/infrastructure/utils"
"strings"
)
var sqlKeys = []string{
"'",
"`",
//",",
"--",
"/*",
//";",
"(",
")",
"#",
"*",
"or",
"=",
"having ",
"union",
"sleep",
"as ",
"from",
"where",
"exists",
"and",
"&&",
"or",
"||",
"not",
"in",
"like",
"is",
"between",
"union",
"all",
"having",
"order",
"group",
"by",
"print",
"sleep",
}
var ErrorSqlInject = fmt.Errorf("!!! 请检查输入的内容,存在注入风险")
func SqlDetections(args ...interface{}) error {
for _, item := range args {
if err := sqlDetection(item); err != nil {
return err
}
}
return nil
}
func sqlDetection(val interface{}) error {
sVal := strings.ToLower(utils.AssertString(val))
for _, kw := range sqlKeys {
if strings.Contains(sVal, kw) {
return ErrorSqlInject
}
}
return nil
}