如何检测具有动态原生 SQL 的 Grails 应用程序中的 SQL 注入(inject)漏洞?
我正在寻找的是可以区分这之间的区别的东西
def sql = new Sql(dataSource)
def dynamicWhereClause = ""
if (params.col) {
dynamicWhereClause = " and col = :col"
}
// OK because dynamic SQL does not concatenate user input
def sqlString = "select * from tab where ... ${dynamicWhereClause}"
sql.rows(sqlString, params)
def sql = new Sql(dataSource)
def dynamicWhereClause = ""
if (params.col) {
// NOT OK - directly concatenating user input
dynamicWhereClause = " and col = '" + params.col + "'"
}
def sqlString = "select * from tab where ... ${dynamicWhereClause}"
sql.rows(sqlString)
最佳答案
使用 Static Analysis 怎么样?工具如 "Find Security Bugs" .
See here对于与 Groovy 兼容的其他人。
https://stackoverflow.com/questions/29946464/