fix: 修复存在sql注入风险

修复存在sql注入风险 Log: 修复存在sql注入风险 Bug: https://pms.uniontech.com/bug-view-264997.html
linuxdeepin · Jul 22, 2024 · 139ea14 · 139ea14
1 parent ce2cc29
commit 139ea14
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 70 deletions.
diff --git a/deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.cpp b/deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.cpp
@@ -5,6 +5,7 @@
 #include "enablesqlmanager.h"
 #include "DDLog.h"
 
+#include <QtSql>
 #include <QLoggingCategory>
 #include <QDir>
 #include <QSqlError>
@@ -22,58 +23,72 @@ using namespace DDLog;
 
 std::atomic<EnableSqlManager *> EnableSqlManager::s_Instance;
 std::mutex EnableSqlManager::m_mutex;
-void EnableSqlManager::insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString strDriver)
+void EnableSqlManager::insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString &strDriver)
 {
-    QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, driver) VALUES ('%2', '%3', '%4', '%5', '%6');")
-                  .arg(DB_TABLE_REMOVE).arg(hclass).arg(name).arg(path).arg(unique_id).arg(strDriver);
-    if (!m_sqlQuery.exec(sql)) {
+    // QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, driver) VALUES (%2, %3, %4, %5, %6);")
+    //               .arg(DB_TABLE_REMOVE).arg(":hclass").arg(":name").arg(":path").arg(":unique_id").arg(":strDriver");
+    if(!m_sqlQuery.prepare("INSERT INTO remove (class, name, path, unique_id, driver) VALUES (:hclass, :name, :path, :unique_id, :strDriver);")) return;
+    m_sqlQuery.bindValue(":hclass", QVariant(hclass));
+    m_sqlQuery.bindValue(":name", QVariant(name));
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    m_sqlQuery.bindValue(":strDriver", QVariant(strDriver));
+
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }
 
 void EnableSqlManager::removeDateFromRemoveTable(const QString &path)
 {
-    QString sql = QString("DELETE FROM %1 WHERE path='%2';").arg(DB_TABLE_REMOVE).arg(path);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("DELETE FROM %1 WHERE path=%2;").arg(DB_TABLE_REMOVE).arg(":path");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << m_sqlQuery.lastError();
     }
 }
 
-void EnableSqlManager::insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString strDriver)
+void EnableSqlManager::insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString &strDriver)
 {
     // 数据库已经存在该设备记录
     if (uniqueIDExistedEX(unique_id)) {
         return;
     }
 
     // 数据库没有该设备记录，则直接插入
-    QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, exist, driver) VALUES ('%2', '%3', '%4', '%5', '%6', '%7');")
-                  .arg(DB_TABLE_AUTHORIZED).arg(hclass).arg(name).arg(path).arg(unique_id).arg(exist).arg(strDriver);
-    if (!m_sqlQuery.exec(sql)) {
+    // QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, exist, driver) VALUES (%2, %3, %4, %5, %6, %7);")
+    //               .arg(DB_TABLE_AUTHORIZED).arg(":hclass").arg(":name").arg(":path").arg(":unique_id").arg(":exist").arg(":strDriver");
+    if(!m_sqlQuery.prepare("INSERT INTO authorized (class, name, path, unique_id, exist, driver) VALUES (:hclass, :name, :path, :unique_id, :exist, :strDriver);")) return;
+    m_sqlQuery.bindValue(":hclass", QVariant(hclass));
+    m_sqlQuery.bindValue(":name", QVariant(name));
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    m_sqlQuery.bindValue(":exist", QVariant(exist));
+    m_sqlQuery.bindValue(":strDriver", QVariant(strDriver));
+
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }
 
 void EnableSqlManager::removeDataFromAuthorizedTable(const QString &key)
 {
-    QString sql = QString("DELETE FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("DELETE FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":key");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":key", QVariant(key));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << m_sqlQuery.lastError();
     }
 }
 
 void EnableSqlManager::updateDataToAuthorizedTable(const QString &unique_id, const QString &path)
 {
-    QString sql = QString("UPDATE %1 SET path='%2' WHERE unique_id='%3';").arg(DB_TABLE_AUTHORIZED).arg(path).arg(unique_id);
-    if (!m_sqlQuery.exec(sql)) {
-        qCInfo(appLog) << m_sqlQuery.lastError();
-    }
-}
-
-void EnableSqlManager::updateDataToAuthorizedTable(const QString &unique_id, bool enable_device)
-{
-    QString sql = QString("UPDATE %1 SET enable='%2' WHERE unique_id='%3';").arg(DB_TABLE_AUTHORIZED).arg(enable_device).arg(unique_id);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("UPDATE %1 SET path=%2 WHERE unique_id=%3;").arg(DB_TABLE_AUTHORIZED).arg(":path").arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << m_sqlQuery.lastError();
     }
 }
@@ -88,43 +103,50 @@ void EnableSqlManager::clearEnableFromAuthorizedTable()
 
 void EnableSqlManager::insertDataToPrinterTable(const QString &hclass, const QString &name, const QString &path)
 {
-    QString sql = QString("INSERT INTO %1 (class, name, path) VALUES ('%2', '%3', '%4');").arg(DB_TABLE_PRINTER).arg(hclass).arg(name).arg(path);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("INSERT INTO %1 (class, name, path) VALUES (%2, %3, %4);").arg(DB_TABLE_PRINTER).arg(":hclass").arg(":name").arg(":path");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":hclass", QVariant(hclass));
+    m_sqlQuery.bindValue(":name", QVariant(name));
+    m_sqlQuery.bindValue(":path", QVariant(path));
+
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }
 
 void EnableSqlManager::removeDataFromPrinterTable(const QString &name)
 {
-    QString sql = QString("DELETE FROM %1 WHERE name='%2';").arg(DB_TABLE_PRINTER).arg(name);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("DELETE FROM %1 WHERE name=%2;").arg(DB_TABLE_PRINTER).arg(":name");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":name", QVariant(name));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << m_sqlQuery.lastError();
     }
 }
 
 bool EnableSqlManager::uniqueIDExisted(const QString &key)
 {
-    QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
-        return m_sqlQuery.value(0).toInt() > 0;
+    QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":param");
+    if(!m_sqlQuery.prepare(sql)) return false;
+    m_sqlQuery.bindValue(":param", QVariant(key));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
+            return m_sqlQuery.value(0).toInt() > 0;
     }
     return false;
 }
 
 bool EnableSqlManager::uniqueIDExistedEX(const QString &key)
 {
-    QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
-        return m_sqlQuery.value(0).toInt() > 0;
-    }
-    return false;
+    return uniqueIDExisted(key);
 }
 
 bool EnableSqlManager::isUniqueIdEnabled(const QString &key)
 {
-    QString sql = QString("SELECT enable FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
-        return m_sqlQuery.value(0).toBool();
+    QString sql = QString("SELECT enable FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(":key");
+    if(!m_sqlQuery.prepare(sql)) return false;
+    m_sqlQuery.bindValue(":key", QVariant(key));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
+            return m_sqlQuery.value(0).toInt() > 0;
     }
     return false;
 }
@@ -169,8 +191,10 @@ QString EnableSqlManager::authorizedInfo()
 
 QString EnableSqlManager::authorizedPath(const QString &unique_id)
 {
-    QString sql = QString("SELECT path FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(unique_id);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
+    QString sql = QString("SELECT path FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return "";
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
         return m_sqlQuery.value(0).toString();
     }
     return "";
@@ -221,42 +245,57 @@ void EnableSqlManager::removePathUniqueIDList(QList<QPair<QString, QString> > &l
 
 void EnableSqlManager::insertWakeupData(const QString &unique_id, const QString &path, bool wakeup)
 {
-    QString sql = QString("INSERT INTO %1 (unique_id, path, wakeup) VALUES ('%2', '%3', '%4');").arg(DB_TABLE_WAKEUP).arg(unique_id).arg(path).arg(wakeup);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("INSERT INTO %1 (unique_id, path, wakeup) VALUES (%2, %3, %4);").arg(DB_TABLE_WAKEUP).arg(":unique_id").arg(":path").arg(":wakeup");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    m_sqlQuery.bindValue(":wakeup", QVariant(wakeup));
+
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }
 
 bool EnableSqlManager::isWakeupUniqueIdExisted(const QString &unique_id)
 {
-    QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
+    QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return false;
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
         return m_sqlQuery.value(0).toInt() > 0;
     }
     return false;
 }
 
 void EnableSqlManager::updateWakeData(const QString &unique_id, const QString &path, bool wakeup)
 {
-    QString sql = QString("UPDATE %1 SET path='%2', wakeup='%3' WHERE unique_id='%4';").arg(DB_TABLE_WAKEUP).arg(path).arg(wakeup).arg(unique_id);
-    if (!m_sqlQuery.exec(sql)) {
+    QString sql = QString("UPDATE %1 SET path=%2, wakeup=%3 WHERE unique_id=%4;").arg(DB_TABLE_WAKEUP).arg(":path").arg(":wakeup").arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return;
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    m_sqlQuery.bindValue(":path", QVariant(path));
+    m_sqlQuery.bindValue(":wakeup", QVariant(wakeup));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << m_sqlQuery.lastError();
     }
 }
 
 QString EnableSqlManager::wakeupPath(const QString &unique_id)
 {
-    QString sql = QString("SELECT path FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
+    QString sql = QString("SELECT path FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return "";
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
         return m_sqlQuery.value(0).toString();
     }
     return "";
 }
 
 bool EnableSqlManager::isWakeup(const QString &unique_id)
 {
-    QString sql = QString("SELECT wakeup FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next())
+    QString sql = QString("SELECT wakeup FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
+    if(!m_sqlQuery.prepare(sql)) return false;
+    m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
+    if (m_sqlQuery.exec() && m_sqlQuery.next())
         return m_sqlQuery.value(0).toBool();
     return false;
 }
@@ -265,23 +304,29 @@ void EnableSqlManager::insertNetworkWakeup(const QString &logical_name, bool wak
 {
     // 先判断是否已经存在
     QString sqlAdd;
-    QString sqlExist = QString("SELECT wakeup FROM %1 WHERE logical_name='%2';").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name);
-    if (m_sqlQuery.exec(sqlExist) && m_sqlQuery.next()) {
-        sqlAdd = QString("UPDATE %1 SET wakeup='%2' WHERE logical_name='%3';").arg(DB_TABLE_NETWORK_WAKEUP).arg(wake).arg(logical_name);
+    QString sqlExist = QString("SELECT wakeup FROM %1 WHERE logical_name=%2;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name");
+    if(!m_sqlQuery.prepare(sqlExist)) return;
+    m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
+    if (m_sqlQuery.exec() && m_sqlQuery.next()) {
+        sqlAdd = QString("UPDATE %1 SET wakeup=%2 WHERE logical_name=%3;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":wake").arg(":logical_name");
     } else {
-        sqlAdd = QString("INSERT INTO %1 (logical_name, wakeup) VALUES ('%2', '%3');").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name).arg(wake);
+        sqlAdd = QString("INSERT INTO %1 (logical_name, wakeup) VALUES (%2, %3);").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name").arg(":wake");
     }
 
-
-    if (!m_sqlQuery.exec(sqlAdd)) {
+    if(!m_sqlQuery.prepare(sqlAdd)) return;
+    m_sqlQuery.bindValue(":wake", QVariant(wake));
+    m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }
 
 bool EnableSqlManager::isNetworkWakeup(const QString &logical_name)
 {
-    QString sql = QString("SELECT wakeup FROM %1 WHERE logical_name='%2';").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name);
-    if (m_sqlQuery.exec(sql) && m_sqlQuery.next())
+    QString sql = QString("SELECT wakeup FROM %1 WHERE logical_name=%2;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name");
+    if(!m_sqlQuery.prepare(sql)) return false;
+    m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
+    if (m_sqlQuery.exec() && m_sqlQuery.next())
         return m_sqlQuery.value(0).toBool();
     return false;
 }
@@ -300,13 +345,14 @@ void EnableSqlManager::setMonitorWorkingFlag(const bool &flag)
     QString sqlAdd;
     QString sqlExist = QString("SELECT working_flag FROM %1 WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV);
     if (m_sqlQuery.exec(sqlExist) && m_sqlQuery.next()) {
-        sqlAdd = QString("UPDATE %1 SET working_flag='%2' WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV).arg(flag);
+        sqlAdd = QString("UPDATE %1 SET working_flag=%2 WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV).arg(":flag");
     } else {
-        sqlAdd = QString("INSERT INTO %1 (monitor_name, working_flag) VALUES ('usb', '%2');").arg(DB_TABLE_MONITOR_DEV).arg(flag);
+        sqlAdd = QString("INSERT INTO %1 (monitor_name, working_flag) VALUES ('usb', %2);").arg(DB_TABLE_MONITOR_DEV).arg(":flag");
     }
 
-
-    if (!m_sqlQuery.exec(sqlAdd)) {
+    if(!m_sqlQuery.prepare(sqlAdd)) return;
+    m_sqlQuery.bindValue(":flag", QVariant(flag));
+    if (!m_sqlQuery.exec()) {
         qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
     }
 }

diff --git a/deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.h b/deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.h
@@ -41,7 +41,7 @@ class EnableSqlManager : public QObject
      * @param hclass 类型
      * @param name 名称
      */
-    void insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString strDriver = "");
+    void insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString &strDriver = "");
 
     /**
      * @brief removeDateFromRemoveTable 从数据库里面删除数据
@@ -53,7 +53,7 @@ class EnableSqlManager : public QObject
      * @brief insertDataToAuthorizedTable 将数据插入remove表格
      * @param key
      */
-    void insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString strDriver = "");
+    void insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString &strDriver = "");
 
     /**
      * @brief removeDataFromAuthorizedTable 从数据库里面删除数据
@@ -66,13 +66,6 @@ class EnableSqlManager : public QObject
      */
     void updateDataToAuthorizedTable(const QString &unique_id, const QString &path);
 
-    /**
-     * @brief updateDataToAuthorizedTable
-     * @param unique_id
-     * @param enable
-     */
-    void updateDataToAuthorizedTable(const QString &unique_id, bool enable);
-
     /**
      * @brief clearEnableFromAuthorizedTable 清空数据库里面 enable = 1 数据
      */