我正在尝试使用dbms_store.insertXML将一些已清理的XML插入到表中。插入需要存储特殊字符而不是它们的转义等价物。
示例表:
CREATE TABLE xml_test
(
key_num NUMBER,
value_desc VARCHAR2 (1000)
);
使用DBMS_XMLSTORE的示例函数:
CREATE OR REPLACE FUNCTION fn_insertxml
(
pi_xmldoc IN CLOB,
pi_tablename IN VARCHAR2
)
RETURN NUMBER
IS
v_ctx_type DBMS_XMLSTORE.ctxtype;
v_rows NUMBER;
BEGIN
-- Set the context to the table to be inserted into
v_ctx_type := DBMS_XMLSTORE.newcontext (pi_tablename);
-- Insert document
v_rows := DBMS_XMLSTORE.insertxml (v_ctx_type, pi_xmldoc);
-- Close the context
DBMS_XMLSTORE.closecontext (v_ctx_type);
RETURN v_rows;
END fn_insertxml;
示例代码:
DECLARE
k_injected_input CONSTANT VARCHAR2 (4000) := q'[<![CDATA[x]]></VALUE_DESC><KEY_NUM>-1</KEY_NUM><VALUE_DESC><![CDATA[example text]';
k_xml_doc CONSTANT VARCHAR2 (4000) := q'[<ROWSET><ROW num='0'><KEY_NUM><![CDATA[1]]></KEY_NUM><VALUE_DESC><![CDATA[%s]]></VALUE_DESC></ROW></ROWSET>]';
v_row_num NUMBER;
v_sanitised_input varchar2(4000);
v_xml_doc VARCHAR2 (4000);
BEGIN
--Sanitised input
v_sanitised_input := DBMS_XMLGEN.CONVERT (k_injected_input, DBMS_XMLGEN.entity_encode);
--If I insert this as it is, the sanitized input is stored
v_xml_doc := REPLACE (k_xml_doc, '%s', v_sanitised_input);
v_row_num := fn_insertxml (v_xml_doc, 'XML_TEST');
--If I attempt to decode the xml it is open to XML injection (key_num is set to -1)
v_sanitised_input := DBMS_XMLGEN.CONVERT (v_sanitised_input, DBMS_XMLGEN.entity_decode);
v_xml_doc := REPLACE (k_xml_doc, '%s', v_sanitised_input);
v_row_num := fn_insertxml (v_xml_doc, 'XML_TEST');
END;
有人有任何想法吗?
答案 0 :(得分:0)
解决了这个问题。
万一其他人遇到此事。 DBMS_XMLSTORE.insertxml会将转义字符转换回原始值,只要它们不包含在CDATA中。