zoukankan      html  css  js  c++  java
  • 网站跨站点脚本,Sql注入等攻击的处理

      从360安全论坛里找到的一段代码,经过整理封装,直接在站点Global.asax文件或写一个HttpModule来拦截恶意请求即可。

    using System.Text.RegularExpressions;
    using System.Web;
    
    /// <summary>
    /// Web请求安全检查:防止跨站点脚本,Sql注入等攻击,来自:http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=711&page=1&extra=#pid1927
    /// 检查数据包括:
    /// 1.Cookie
    /// 2.当前页面地址
    /// 3.ReferrerUrl
    /// 4.Post数据
    /// 5.Get数据
    /// </summary>
    public class Safe360
    {
        #region 执行安全检查
    
        /// <summary>
        /// 执行安全检查
        /// </summary>
        public static void Procress()
        {
            const string errmsg =
                "<div style='position:fixed;top:0px;100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;'><br>您的提交带有不合法参数,谢谢合作!<br><br>了解更多请点击:<a href='http://webscan.360.cn'>360网站安全检测</a></div>";
    
            if (RawUrl())
            {
                HttpContext.Current.Response.Write(errmsg);
                HttpContext.Current.Response.End();
            }
    
            if (CookieData())
            {
                HttpContext.Current.Response.Write(errmsg);
                HttpContext.Current.Response.End();
            }
    
            if (HttpContext.Current.Request.UrlReferrer != null)
            {
                if (Referer())
                {
                    HttpContext.Current.Response.Write(errmsg);
                    HttpContext.Current.Response.End();
                }
            }
    
            if (HttpContext.Current.Request.RequestType.ToUpper() == "POST")
            {
                if (PostData())
                {
                    HttpContext.Current.Response.Write(errmsg);
                    HttpContext.Current.Response.End();
                }
            }
            if (HttpContext.Current.Request.RequestType.ToUpper() == "GET")
            {
                if (GetData())
                {
                    HttpContext.Current.Response.Write(errmsg);
                    HttpContext.Current.Response.End();
                }
            }
        }
    
        #endregion
    
        #region 安全检查正则
    
        /// <summary>
        /// 安全检查正则
        /// </summary>
        private const string StrRegex = @"<[^>]+?style=[w]+?:expression(|(alert|confirm|prompt)|^+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|(and|or).{1,6}?(=|>|<|in|like)|/*.+?*/|<s*script|<s*img|EXEC|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";
    
        #endregion
    
        #region 检查Post数据
    
        /// <summary>
        /// 检查Post数据
        /// </summary>
        /// <returns></returns>
        private static bool PostData()
        {
            bool result = false;
    
            for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)
            {
                result = CheckData(HttpContext.Current.Request.Form[i]);
                if (result)
                {
                    break;
                }
            }
            return result;
        }
    
        #endregion
    
        #region 检查Get数据
    
        /// <summary>
        /// 检查Get数据
        /// </summary>
        /// <returns></returns>
        private static bool GetData()
        {
            bool result = false;
    
            for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
            {
                result = CheckData(HttpContext.Current.Request.QueryString[i]);
                if (result)
                {
                    break;
                }
            }
            return result;
        }
    
        #endregion
    
        #region 检查Cookie数据
    
        /// <summary>
        /// 检查Cookie数据
        /// </summary>
        /// <returns></returns>
        private static bool CookieData()
        {
            bool result = false;
            for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
            {
                result = CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower());
                if (result)
                {
                    break;
                }
            }
            return result;
        }
    
        #endregion
    
        #region 检查Referer
    
        /// <summary>
        /// 检查Referer
        /// </summary>
        /// <returns></returns>
        private static bool Referer()
        {
            return CheckData(HttpContext.Current.Request.UrlReferrer.ToString());
        }
    
        #endregion
    
        #region 检查当前请求路径
    
        /// <summary>
        /// 检查当前请求路径
        /// </summary>
        /// <returns></returns>
        private static bool RawUrl()
        {
            return CheckData(HttpContext.Current.Request.RawUrl);
        }
    
        #endregion
    
        #region 正则匹配
    
        /// <summary>
        /// 正则匹配
        /// </summary>
        /// <param name="inputData"></param>
        /// <returns></returns>
        private static bool CheckData(string inputData)
        {
            return Regex.IsMatch(inputData, StrRegex);
        }
    
        #endregion
    }
  • 相关阅读:
    毫秒倒计时小Demo
    css3 翻转
    canvas
    html5
    css3
    一些免费的svn空间(SVN代码托管)
    Xcode 6制作动态及静态Framework
    ios 动态执行的代码
    ios nsarray对象问题
    iOS xcode 编译选项 architecture(cup架构问题)
  • 原文地址:https://www.cnblogs.com/xinaixia/p/5856241.html
Copyright © 2011-2022 走看看