修复sql可以被注入的错误

learningperl · Jul 25, 2016 · d9efdd0 · d9efdd0
1 parent 6a96dd9
commit d9efdd0
Show file tree

Hide file tree

Showing 8 changed files with 117 additions and 98 deletions.
diff --git a/WebContent/static/Javascript/index.js b/WebContent/static/Javascript/index.js
@@ -242,6 +242,9 @@ function GetKey(name, id) {
 					document.getElementById("id").value = obj["id"];
 					document.getElementById("type").value = id;
 				}
+				if(!(id=="")){
+					document.getElementById("type").readOnly = true;
+				}
 			}
 	};
 }

diff --git a/src/com/test/KeyWord/servlet/UpdateKeyWords.java b/src/com/test/KeyWord/servlet/UpdateKeyWords.java
@@ -4,6 +4,8 @@
 import java.io.PrintWriter;
 import java.sql.ResultSet;
 import java.sql.Statement;
+import java.util.Map;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -29,35 +31,31 @@ public void doPost(HttpServletRequest request, HttpServletResponse resp)
 		String sqlu = "";
 		String type = "NULL";
 		String ret = "";
+		Map<String,String> map = null;
+		map = Mysql.disposeRequest(request);
 		try {
-			Thread.sleep(5000);
-		} catch (InterruptedException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
-		}
-		try {
-			id = request.getParameter("id");
+			id = map.get("id");
 			if (id.equals("NULL") || id.equals(""))
 				id = null;
 		} catch (Exception e) {
 		}
 
 		try {
-			type = request.getParameter("type");
+			type = map.get("type");
 			if (type.equals("NULL") || type.equals(""))
 				type = null;
 		} catch (Exception e) {
 		}
 		if (id != null && type != null) {
 			sqlu += "update keywords set id=" + id + ", type=" + type
-					+ ", keyName='" + request.getParameter("keyName")
-					+ "', describes='" + request.getParameter("describes")
-					+ "', useCase='" + request.getParameter("useCase")
+					+ ", keyName='" + map.get("keyName")
+					+ "', describes='" + map.get("describes")
+					+ "', useCase='" + map.get("useCase")
 					+ "' where id='" + id + "'";
 			sqli += "insert into keywords values(" + id + "," + type + ",'"
-					+ request.getParameter("keyName") + "','"
-					+ request.getParameter("describes") + "','"
-					+ request.getParameter("useCase") + "')";
+					+ map.get("keyName") + "','"
+					+ map.get("describes") + "','"
+					+ map.get("useCase") + "')";
 			ret = updateKeyWords(sqli, sqlu, id);
 		} else{
 			//System.out.println("关键字信息有误，请检查。");

diff --git a/src/com/test/UI/servlet/UpdateCase.java b/src/com/test/UI/servlet/UpdateCase.java
@@ -4,6 +4,8 @@
 import java.io.PrintWriter;
 import java.sql.ResultSet;
 import java.sql.Statement;
+import java.util.Map;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -30,66 +32,62 @@ public void doPost(HttpServletRequest request, HttpServletResponse resp)
 		String casesId = "NULL";
 		String order_id = "";
 		String ret = "";
+		Map<String,String> map = null;
+		map = Mysql.disposeRequest(request);
 		try {
-			Thread.sleep(5000);
-		} catch (InterruptedException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
-		}
-		try {
-			id = request.getParameter("id");
+			id = map.get("id");
 			if (id.equals("NULL") || id.equals(""))
 				id = null;
 		} catch (Exception e) {
 		}
 
 		try {
-			casesId = request.getParameter("casesId");
+			casesId = map.get("casesId");
 			if (casesId.equals("NULL") || casesId.equals(""))
 				casesId = null;
-			order_id = request.getParameter("order_id");
+			order_id = map.get("order_id");
 		} catch (Exception e) {
 		}
 		if (id != null && casesId != null) {
 			sqlu += "update caseoption set casesId='" + casesId
-					+ "', order_id='" + request.getParameter("order_id")
-					+ "', optionss='" + request.getParameter("optionss")
-					+ "', xPath='" + request.getParameter("xPath")
-					+ "', datas='" + request.getParameter("datas")
-					+ "', checkName='" + request.getParameter("checkName")
-					+ "', checkMethod='" + request.getParameter("checkMethod")
-					+ "', expectedRes='" + request.getParameter("expectedRes")
-					+ "', actualRes='" + request.getParameter("actualRes")
-					+ "', imgName='" + request.getParameter("imgName")
+					+ "', order_id='" + map.get("order_id")
+					+ "', optionss='" + map.get("optionss")
+					+ "', xPath='" + map.get("xPath")
+					+ "', datas='" + map.get("datas")
+					+ "', checkName='" + map.get("checkName")
+					+ "', checkMethod='" + map.get("checkMethod")
+					+ "', expectedRes='" + map.get("expectedRes")
+					+ "', actualRes='" + map.get("actualRes")
+					+ "', imgName='" + map.get("imgName")
 					+ "', caseDescription='"
-					+ request.getParameter("Description") + "', runState='"
-					+ request.getParameter("runState") + "' where id='" + id
+					+ map.get("Description") + "', runState='"
+					+ map.get("runState") + "' where id='" + id
 					+ "'";
 			sqli += "insert into caseoption values(" + id + "," + casesId + ","
-					+ request.getParameter("order_id") + ",'"
-					+ request.getParameter("optionss") + "','"
-					+ request.getParameter("xPath") + "','"
-					+ request.getParameter("datas") + "','"
-					+ request.getParameter("checkName") + "','"
-					+ request.getParameter("checkMethod") + "','"
-					+ request.getParameter("expectedRes") + "','"
-					+ request.getParameter("actualRes") + "','"
-					+ request.getParameter("imgName") + "','"
-					+ request.getParameter("Description") + "','"
-					+ request.getParameter("runState") + "')";
+					+ map.get("order_id") + ",'"
+					+ map.get("optionss") + "','"
+					+ map.get("xPath") + "','"
+					+ map.get("datas") + "','"
+					+ map.get("checkName") + "','"
+					+ map.get("checkMethod") + "','"
+					+ map.get("expectedRes") + "','"
+					+ map.get("actualRes") + "','"
+					+ map.get("imgName") + "','"
+					+ map.get("Description") + "','"
+					+ map.get("runState") + "')";
 			ret = updateCaseSql(sqli, sqlu, id, casesId, order_id);
 		} else if (casesId != null) {
 			sqlu += "update casescene set casesN='"
-					+ request.getParameter("casesN") + "', Browser='"
-					+ request.getParameter("Browser") + "', Bpath='"
-					+ request.getParameter("Bpath") + "', runStates='"
-					+ request.getParameter("runStates") + "' where casesId='"
+					+ map.get("casesN") + "', Browser='"
+					+ map.get("Browser") + "', Bpath='"
+					+ map.get("Bpath") + "', runStates='"
+					+ map.get("runStates") + "' where casesId='"
 					+ casesId + "'";
 			sqli += "insert into casescene values(" + casesId + ",'"
-					+ request.getParameter("casesN") + "','"
-					+ request.getParameter("Browser") + "','"
-					+ request.getParameter("Bpath") + "','"
-					+ request.getParameter("runStates") + "')";
+					+ map.get("casesN") + "','"
+					+ map.get("Browser") + "','"
+					+ map.get("Bpath") + "','"
+					+ map.get("runStates") + "')";
 			ret = updateSceneSql(sqli, sqlu, casesId);
 		} else{
 			ret = "{\"error\":501,\"msg\":\"主键字段不能为空！\"}";

diff --git a/src/com/test/UI/servlet/servletGetinfo.java b/src/com/test/UI/servlet/servletGetinfo.java
@@ -146,14 +146,14 @@ private String getById(String id) {//编辑时，获取对应id的用例
 				str = "NULL";
 			html += "<form id=\"cases_Edits\" onsubmit=\"AjaxSubmit('cases_Edits')\" method=\"post\"><a class=\"inedit_s\" >id</a><input id=\"id\" name=\"id\" class=\"edit_input_id\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\"  disabled=\"true\">";
 			if (outputList.l.get(i).get("casesId") != null)
 				str = outputList.l.get(i).get("casesId");
 			else
 				str = "NULL";
 			html += "<a class=\"inedit_s\" >casesId</a><input id=\"casesId\" name=\"casesId\" class=\"edit_input_id\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\"  disabled=\"true\">";
 			if (outputList.l.get(i).get("order_id") != null)
 				str = outputList.l.get(i).get("order_id");
 			else
@@ -273,7 +273,7 @@ private String getByName(String id) {//编辑时，获取对应id场景
 				str = "NULL";
 			html += "<form id=\"cases_Edits\" onsubmit=\"AjaxSubmit('cases_Edits')\" method=\"post\"><a class=\"inedit_s\" >casesId</a><input id=\"casesId\" name=\"casesId\" class=\"edit_input\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" disabled=\"true\">";
 			if (outputList.l.get(i).get("casesN") != null)
 				str = outputList.l.get(i).get("casesN");
 			else

diff --git a/src/com/test/interfaces/servlet/UpdateInterfaceCase.java b/src/com/test/interfaces/servlet/UpdateInterfaceCase.java
@@ -4,6 +4,8 @@
 import java.io.PrintWriter;
 import java.sql.ResultSet;
 import java.sql.Statement;
+import java.util.Map;
+
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -30,66 +32,62 @@ public void doPost(HttpServletRequest request, HttpServletResponse resp)
 		String sceneId = "NULL";
 		String order_id = "";
 		String ret = "";
+		Map<String,String> map = null;
+		map = Mysql.disposeRequest(request);
 		try {
-			Thread.sleep(5000);
-		} catch (InterruptedException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
-		}
-		try {
-			id = request.getParameter("id");
+			id = map.get("id");
 			if (id.equals("NULL") || id.equals(""))
 				id = null;
 		} catch (Exception e) {
 		}
 
 		try {
-			sceneId = request.getParameter("sceneId");
+			sceneId = map.get("sceneId");
 			if (sceneId.equals("NULL") || sceneId.equals(""))
 				sceneId = null;
-			order_id = request.getParameter("order_id");
+			order_id = map.get("order_id");
 		} catch (Exception e) {
 		}
 		if (id != null && sceneId != null) {
 			sqlu += "update interfacecase set sceneId='" + sceneId
-					+ "', order_id='" + request.getParameter("order_id")
-					+ "', method='" + request.getParameter("method")
-					+ "', url='" + request.getParameter("url")
-					+ "', parameter='" + request.getParameter("parameter")
-					+ "', checkName='" + request.getParameter("checkName")
-					+ "', checkMethod='" + request.getParameter("checkMethod")
-					+ "', expRes='" + request.getParameter("expRes")
-					+ "', actualRes='" + request.getParameter("actualRes")
-					+ "', jsonResult='" + request.getParameter("jsonResult")
+					+ "', order_id='" + map.get("order_id")
+					+ "', method='" + map.get("method")
+					+ "', url='" + map.get("url")
+					+ "', parameter='" + map.get("parameter")
+					+ "', checkName='" + map.get("checkName")
+					+ "', checkMethod='" + map.get("checkMethod")
+					+ "', expRes='" + map.get("expRes")
+					+ "', actualRes='" + map.get("actualRes")
+					+ "', jsonResult='" + map.get("jsonResult")
 					+ "', caseDescription='"
-					+ request.getParameter("Description") + "', runState='"
-					+ request.getParameter("runState") + "' where id='" + id
+					+ map.get("Description") + "', runState='"
+					+ map.get("runState") + "' where id='" + id
 					+ "'";
 			sqli += "insert into interfacecase values(" + id + ","
-					+ request.getParameter("order_id") + "," + sceneId + ",'"
-					+ request.getParameter("method") + "','"
-					+ request.getParameter("url") + "','"
-					+ request.getParameter("parameter") + "','"
-					+ request.getParameter("checkName") + "','"
-					+ request.getParameter("checkMethod") + "','"
-					+ request.getParameter("expRes") + "','"
-					+ request.getParameter("actualRes") + "','"
-					+ request.getParameter("runState") + "','"
-					+ request.getParameter("jsonResult") + "','"
-					+ request.getParameter("Description") + "')";
+					+ map.get("order_id") + "," + sceneId + ",'"
+					+ map.get("method") + "','"
+					+ map.get("url") + "','"
+					+ map.get("parameter") + "','"
+					+ map.get("checkName") + "','"
+					+ map.get("checkMethod") + "','"
+					+ map.get("expRes") + "','"
+					+ map.get("actualRes") + "','"
+					+ map.get("runState") + "','"
+					+ map.get("jsonResult") + "','"
+					+ map.get("Description") + "')";
 			ret = updateCaseSql(sqli, sqlu, id, sceneId, order_id);
 		} else if (sceneId != null) {
 			sqlu += "update interfacescene set sceneDescription='"
-					+ request.getParameter("Description") + "', url='"
-					+ request.getParameter("url") + "', delay="
-					+ request.getParameter("delay") + ", runStates='"
-					+ request.getParameter("runStates") + "' where sceneId='"
+					+ map.get("Description") + "', url='"
+					+ map.get("url") + "', delay="
+					+ map.get("delay") + ", runStates='"
+					+ map.get("runStates") + "' where sceneId='"
 					+ sceneId + "'";
 			sqli += "insert into interfacescene values(" + sceneId + ",'"
-					+ request.getParameter("Description") + "','"
-					+ request.getParameter("url") + "',"
-					+ request.getParameter("delay") + ",'"
-					+ request.getParameter("runStates") + "')";
+					+ map.get("Description") + "','"
+					+ map.get("url") + "',"
+					+ map.get("delay") + ",'"
+					+ map.get("runStates") + "')";
 			ret = updateSceneSql(sqli, sqlu, sceneId);
 		} else{
 			ret = "{\"error\":501,\"msg\":\"主键不能为空！\"}";;

diff --git a/src/com/test/interfaces/servlet/interfaceGetinfo.java b/src/com/test/interfaces/servlet/interfaceGetinfo.java
@@ -174,14 +174,14 @@ private String getById(String id) {
 				str = "NULL";
 			html += "<form id=\"cases_Edits\" onsubmit=\"AjaxSubmit('cases_Edits')\" method=\"post\"><a class=\"inedit_s\" >id</a><input id=\"id\" name=\"id\" class=\"edit_input_id\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\"  disabled=\"true\">";
 			if (outputList.l.get(i).get("sceneId") != null)
 				str = outputList.l.get(i).get("sceneId");
 			else
 				str = "NULL";
 			html += "<a class=\"inedit_s\" >sceneId</a><input id=\"sceneId\" name=\"sceneId\" class=\"edit_input_id\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\"  disabled=\"true\">";
 			if (outputList.l.get(i).get("order_id") != null)
 				str = outputList.l.get(i).get("order_id");
 			else
@@ -301,7 +301,7 @@ private String getByName(String id) {
 				str = "NULL";
 			html += "<form id=\"cases_Edits\" onsubmit=\"AjaxSubmit('cases_Edits')\" method=\"post\"><a class=\"inedit_s\" >sceneId</a><input id=\"sceneId\" name=\"sceneId\" class=\"edit_input\" type=\"text\" value=\""
 					+ str
-					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\" >";
+					+ "\" onfocus=\"if(this.value=='NULL' || this.value=='undefined'){this.value=''}\" onblur=\"if(this.value=='' || this.value=='undefined'){this.value='NULL'}\"  disabled=\"true\">";
 			if (outputList.l.get(i).get("sceneDescription") != null)
 				str = outputList.l.get(i).get("sceneDescription");
 			else

diff --git a/src/com/test/service/servicerunTest.java b/src/com/test/service/servicerunTest.java
@@ -123,6 +123,10 @@ public static void run(String[] check) {// 用例场景执行方法
 						}
 						sm.executeUpdate(sqlu);
 						rss=null;
+						String cmd_str = "cmd /c start ";
+						cmd_str += property.url + "sendKeys.vbs " + "F11";
+						runCmd(cmd_str);
+						Thread.sleep(2000);
 						driver.quit();
 						driver = null;
 						closeBrowser(Browser);

diff --git a/src/com/test/statics/Mysql.java b/src/com/test/statics/Mysql.java
@@ -1,6 +1,10 @@
 package com.test.statics;
 
 import java.sql.*;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
 
 public class Mysql {
 
@@ -15,6 +19,20 @@ public Mysql() {	//Mysql地址配置
 			e.printStackTrace();
 		}
 	}
+
+	public static Map<String,String> disposeRequest(HttpServletRequest request){
+		Map<String,String> map = new HashMap<String,String>();
+		for (String it : request.getParameterMap().keySet()) {
+			String value =  request.getParameterMap().get(it)[0];
+			value = value.replaceAll("'", "\\\\'");
+			value = value.replaceAll("\"", "\\\\\"");
+			value = value.replaceAll("#", "\\\\#");
+			map.put(it, value);
+		}
+
+		return map;	
+	}
+
 	public static void Sort(){	//处理UI用例order_id不连续
 		String id,casesId = "",sql;
 		int count=0;