我有一些执行数据库操作的API。每当我将代码上传到checkmarx时,都会收到以下错误,并将其标记为高度漏洞错误有人可以帮助我吗?
错误
应用程序的CreateDatabaseAndMapToDomain方法在daas-springboot-CheckMarxIntegration \ src \ main \ java \ com \ it \ daas \ apis \ service \ PostgresConnectionServiceImpl.java的第717行处,使用executeQuery执行SQL查询。应用程序通过在不进行适当清理的情况下将不受信任的字符串嵌入查询中来构造此SQL查询。并置的字符串被提交到数据库,然后在该数据库中进行解析和相应执行。
攻击者可能能够将任意数据写入数据库,然后由应用程序在daas-springboot-CheckMarxIntegration \ src \ main \ java \ com \ it \ daas \ apis的第678行的getDomains方法中使用executeQuery在executeDomains方法中进行检索。 \ service \ PostgresConnectionServiceImpl.java。然后,这些数据流经代码,直到直接将其直接用于SQL查询中而不进行清理,然后提交给数据库服务器以执行]
这是我的功能
@Override
public String getDomains() throws SQLException {
String domainquery = "SELECT id,domain FROM domain";
Connection con = null;
PreparedStatement st = null;
ResultSet result = null;
try
{
con = ConnectToPostgresapibuilderDatabase(apibuilderConnectionString, apibuilderUserName,apibuilderPassword);
con.setSchema(this.schema);
st = con.prepareStatement(domainquery);
result = st.executeQuery();
ArrayList<DatabaseDomainBean> list = new ArrayList<DatabaseDomainBean>();
while (result.next()) {
list.add(new DatabaseDomainBean(result.getString("domain"), result.getString("id")));
}
return new JSONObject().put("domainlist", list).toString();
}
catch(Exception e)
{
e.printStackTrace();
return null;
}
finally{
result.close();
st.close();
con.close();
}
}
@Override
public String CreateDatabaseAndMapToDomain(String database, String[] domainIds, String password)
throws SQLException {
if (!this.apibuilderPassword.equals(password)) {
return null;
}
else if(database==null || domainIds==null || password ==null)
{
return "Failure";
}
Connection con =null;
PreparedStatement st =null;
ResultSet ispresent =null;
PreparedStatement mapquerystmnt =null;
ResultSet resultMapping = null;
try
{
con = ConnectToPostgresapibuilderDatabase(apibuilderConnectionString, apibuilderUserName,apibuilderPassword);
con.setSchema(this.schema);
for (int i = 0; i < domainIds.length; i++) {
con.setSchema(this.schema);
String IfExists = MessageFormat.format(
"SELECT databasename,domainid FROM Databases WHERE databasename IN (?) AND domainid IN (?)",
Utilitymethods.ConvertToMessageFormatCompatibleForm(database),
Utilitymethods.ConvertToMessageFormatCompatibleForm(domainIds[i]));
st = con.prepareStatement(IfExists);
st.setString(1, database);
st.setInt(2, Integer.parseInt(domainIds[i]));
ispresent = st.executeQuery();
if (!ispresent.next()) {
// INSERT INTO Databases (databasename,domainid) VALUES ('Teradata','1')
String mapquery = MessageFormat.format(
"INSERT INTO Databases (databasename,domainid) VALUES (?,?) returning Id",
Utilitymethods.ConvertToMessageFormatCompatibleForm(database),
Utilitymethods.ConvertToMessageFormatCompatibleForm(domainIds[i]));
mapquerystmnt = con.prepareStatement(mapquery);
mapquerystmnt.setString(1, database);
mapquerystmnt.setInt(2, Integer.parseInt(domainIds[i]));
resultMapping = mapquerystmnt.executeQuery();
}
}
return "Success";
}
catch(Exception e)
{
e.printStackTrace();
return "Failure";
}
finally
{
ispresent.close();
st.close();
resultMapping.close();
mapquerystmnt.close();
con.close();
}
}
@Override
public String getDomains() throws SQLException {
String domainquery = "SELECT id,domain FROM domain";
Connection con = null;
PreparedStatement st = null;
ResultSet result = null;
try
{
con = ConnectToPostgresapibuilderDatabase(apibuilderConnectionString, apibuilderUserName,apibuilderPassword);
con.setSchema(this.schema);
st = con.prepareStatement(domainquery);
result = st.executeQuery();
ArrayList<DatabaseDomainBean> list = new ArrayList<DatabaseDomainBean>();
while (result.next()) {
list.add(new DatabaseDomainBean(result.getString("domain"), result.getString("id")));
}
return new JSONObject().put("domainlist", list).toString();
}
catch(Exception e)
{
e.printStackTrace();
return null;
}
finally{
result.close();
st.close();
con.close();
}
}
直接尝试st = con.prepareStatement("SELECT id,domain FROM domain")
。由于String domainquery = "SELECT id,domain FROM domain"
语句和sql注入的可能性,checkmarx看起来很困惑。