• 网站跨站点脚本,Sql注入等攻击的处理

      从360安全论坛里找到的一段代码,经过整理封装,直接在站点Global.asax文件或写一个HttpModule来拦截恶意请求即可。

    using System.Text.RegularExpressions;
using System.Web;

/// <summary>
/// Web请求安全检查:防止跨站点脚本,Sql注入等攻击,来自:http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=711&page=1&extra=#pid1927
/// 检查数据包括:
/// 1.Cookie
/// 2.当前页面地址
/// 3.ReferrerUrl
/// 4.Post数据
/// 5.Get数据
/// </summary>
public class Safe360
{
    #region 执行安全检查

    /// <summary>
    /// 执行安全检查
    /// </summary>
    public static void Procress()
    {
        const string errmsg =
            "<div style='position:fixed;top:0px;100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;'><br>您的提交带有不合法参数,谢谢合作!<br><br>了解更多请点击:<a href='http://webscan.360.cn'>360网站安全检测</a></div>";

        if (RawUrl())
        {
            HttpContext.Current.Response.Write(errmsg);
            HttpContext.Current.Response.End();
        }

        if (CookieData())
        {
            HttpContext.Current.Response.Write(errmsg);
            HttpContext.Current.Response.End();
        }

        if (HttpContext.Current.Request.UrlReferrer != null)
        {
            if (Referer())
            {
                HttpContext.Current.Response.Write(errmsg);
                HttpContext.Current.Response.End();
            }
        }

        if (HttpContext.Current.Request.RequestType.ToUpper() == "POST")
        {
            if (PostData())
            {
                HttpContext.Current.Response.Write(errmsg);
                HttpContext.Current.Response.End();
            }
        }
        if (HttpContext.Current.Request.RequestType.ToUpper() == "GET")
        {
            if (GetData())
            {
                HttpContext.Current.Response.Write(errmsg);
                HttpContext.Current.Response.End();
            }
        }
    }

    #endregion

    #region 安全检查正则

    /// <summary>
    /// 安全检查正则
    /// </summary>
    private const string StrRegex = @"<[^>]+?style=[w]+?:expression(|(alert|confirm|prompt)|^+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|(and|or).{1,6}?(=|>|<|in|like)|/*.+?*/|<s*script|<s*img|EXEC|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";

    #endregion

    #region 检查Post数据

    /// <summary>
    /// 检查Post数据
    /// </summary>
    /// <returns></returns>
    private static bool PostData()
    {
        bool result = false;

        for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)
        {
            result = CheckData(HttpContext.Current.Request.Form[i]);
            if (result)
            {
                break;
            }
        }
        return result;
    }

    #endregion

    #region 检查Get数据

    /// <summary>
    /// 检查Get数据
    /// </summary>
    /// <returns></returns>
    private static bool GetData()
    {
        bool result = false;

        for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
        {
            result = CheckData(HttpContext.Current.Request.QueryString[i]);
            if (result)
            {
                break;
            }
        }
        return result;
    }

    #endregion

    #region 检查Cookie数据

    /// <summary>
    /// 检查Cookie数据
    /// </summary>
    /// <returns></returns>
    private static bool CookieData()
    {
        bool result = false;
        for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
        {
            result = CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower());
            if (result)
            {
                break;
            }
        }
        return result;
    }

    #endregion

    #region 检查Referer

    /// <summary>
    /// 检查Referer
    /// </summary>
    /// <returns></returns>
    private static bool Referer()
    {
        return CheckData(HttpContext.Current.Request.UrlReferrer.ToString());
    }

    #endregion

    #region 检查当前请求路径

    /// <summary>
    /// 检查当前请求路径
    /// </summary>
    /// <returns></returns>
    private static bool RawUrl()
    {
        return CheckData(HttpContext.Current.Request.RawUrl);
    }

    #endregion

    #region 正则匹配

    /// <summary>
    /// 正则匹配
    /// </summary>
    /// <param name="inputData"></param>
    /// <returns></returns>
    private static bool CheckData(string inputData)
    {
        return Regex.IsMatch(inputData, StrRegex);
    }

    #endregion
}
  • 相关阅读:
    A1052. Linked List Sorting (25)
    A1032. Sharing (25)
    A1022. Digital Library (30)
    A1071. Speech Patterns (25)
    A1054. The Dominant Color (20)
    A1060. Are They Equal (25)
    A1063. Set Similarity (25)
    电子码表
    矩阵键盘
    对象追踪、临时对象追踪、绝对坐标与相对坐标
  • 原文地址:https://www.cnblogs.com/xinaixia/p/5856241.html
Copyright © 2020-2023  润新知