所以我正在查看一些代码,Fortify将以下查询标记为SQL Injectible
"select"+seqName+".NEXTVAL from DUAL;"
答案 0 :(得分:3)
是的,绝对如此。它基本上是SQL Injection漏洞的典型示例。
如果<?php
defined('TYPO3_MODE') or die();
(function ($vendor, $extKey, $table) {
/**
* Content modifications
*/
if (is_array($GLOBALS['TCA']['tt_content']['types']['maskproject_teaser'])) {
$GLOBALS['TCA'][$table]['types']['maskproject_teaser']['columnsOverrides'] = [
'tx_maskproject_image_required' => [
'config' => [
'overrideChildTca' => [
'columns' => [
'crop' => [
'label' => 'LLL:EXT:lang/Resources/Private/Language/locallang_tca.xlf:sys_file_reference.crop',
'config' => [
'type' => 'imageManipulation',
'cropVariants' => [
'mobile' => [
'title' => 'Mobile',
'selectedRatio' => '991:557',
'allowedAspectRatios' => [
'539:657' => [
'title' => '991:557',
'value' => 991 / 557
],
],
'coverAreas' => [
[
'x' => 0.0,
'y' => 0.86,
'width' => 1.0,
'height' => 0.14,
]
],
],
'desktop' => [
'title' => 'Desktop',
'selectedRatio' => '884:498',
'allowedAspectRatios' => [
'884:498' => [
'title' => '884:498',
'value' => 884 / 498
],
],
'coverAreas' => [
[
'x' => 0.0,
'y' => 0.0,
'width' => 0.5,
'height' => 1.0,
]
],
],
]
],
],
],
],
],
]
];
}
})('Vendor', 'project', 'tt_content');
与seqName类似,则select将查询" * from User_passwords; --"中使用的表。
当然,如果seqName来自安全来源,例如程序中的一些硬编码列表,则这可能不适用。
答案 1 :(得分:2)
为避免SQL注入,您需要先声明字符串的值,然后再将其连接到语句中,您可以使用items = self.tree.GetSelections()
for item in items:
print(self.tree.GetItemText(item))
子程序之一来执行此操作,例如dbms_assert