Skip to content

Commit e7ef979

Browse files
shuaijiedeepin-bot[bot]
shuaijie
authored and
deepin-bot[bot]
committed
fix: 修复存在sql注入风险
 修复存在sql注入风险 Log: 修复存在sql注入风险 Bug: https://pms.uniontech.com/bug-view-264997.html
1 parent ce2cc29 commit e7ef979

2 files changed

Lines changed: 109 additions & 70 deletions

File tree

deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.cpp

Lines changed: 107 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
#include "enablesqlmanager.h"
66
#include "DDLog.h"
77

8+
#include <QtSql>
89
#include <QLoggingCategory>
910
#include <QDir>
1011
#include <QSqlError>
@@ -22,58 +23,72 @@ using namespace DDLog;
2223

2324
std::atomic<EnableSqlManager *> EnableSqlManager::s_Instance;
2425
std::mutex EnableSqlManager::m_mutex;
25-
void EnableSqlManager::insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString strDriver)
26+
void EnableSqlManager::insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString &strDriver)
2627
{
27-
QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, driver) VALUES ('%2', '%3', '%4', '%5', '%6');")
28-
.arg(DB_TABLE_REMOVE).arg(hclass).arg(name).arg(path).arg(unique_id).arg(strDriver);
29-
if (!m_sqlQuery.exec(sql)) {
28+
// QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, driver) VALUES (%2, %3, %4, %5, %6);")
29+
// .arg(DB_TABLE_REMOVE).arg(":hclass").arg(":name").arg(":path").arg(":unique_id").arg(":strDriver");
30+
if(!m_sqlQuery.prepare("INSERT INTO remove (class, name, path, unique_id, driver) VALUES (:hclass, :name, :path, :unique_id, :strDriver);")) return;
31+
m_sqlQuery.bindValue(":hclass", QVariant(hclass));
32+
m_sqlQuery.bindValue(":name", QVariant(name));
33+
m_sqlQuery.bindValue(":path", QVariant(path));
34+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
35+
m_sqlQuery.bindValue(":strDriver", QVariant(strDriver));
36+
37+
if (!m_sqlQuery.exec()) {
3038
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
3139
}
3240
}
3341

3442
void EnableSqlManager::removeDateFromRemoveTable(const QString &path)
3543
{
36-
QString sql = QString("DELETE FROM %1 WHERE path='%2';").arg(DB_TABLE_REMOVE).arg(path);
37-
if (!m_sqlQuery.exec(sql)) {
44+
QString sql = QString("DELETE FROM %1 WHERE path=%2;").arg(DB_TABLE_REMOVE).arg(":path");
45+
if(!m_sqlQuery.prepare(sql)) return;
46+
m_sqlQuery.bindValue(":path", QVariant(path));
47+
if (!m_sqlQuery.exec()) {
3848
qCInfo(appLog) << m_sqlQuery.lastError();
3949
}
4050
}
4151

42-
void EnableSqlManager::insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString strDriver)
52+
void EnableSqlManager::insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString &strDriver)
4353
{
4454
// 数据库已经存在该设备记录
4555
if (uniqueIDExistedEX(unique_id)) {
4656
return;
4757
}
4858

4959
// 数据库没有该设备记录,则直接插入
50-
QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, exist, driver) VALUES ('%2', '%3', '%4', '%5', '%6', '%7');")
51-
.arg(DB_TABLE_AUTHORIZED).arg(hclass).arg(name).arg(path).arg(unique_id).arg(exist).arg(strDriver);
52-
if (!m_sqlQuery.exec(sql)) {
60+
// QString sql = QString("INSERT INTO %1 (class, name, path, unique_id, exist, driver) VALUES (%2, %3, %4, %5, %6, %7);")
61+
// .arg(DB_TABLE_AUTHORIZED).arg(":hclass").arg(":name").arg(":path").arg(":unique_id").arg(":exist").arg(":strDriver");
62+
if(!m_sqlQuery.prepare("INSERT INTO authorized (class, name, path, unique_id, exist, driver) VALUES (:hclass, :name, :path, :unique_id, :exist, :strDriver);")) return;
63+
m_sqlQuery.bindValue(":hclass", QVariant(hclass));
64+
m_sqlQuery.bindValue(":name", QVariant(name));
65+
m_sqlQuery.bindValue(":path", QVariant(path));
66+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
67+
m_sqlQuery.bindValue(":exist", QVariant(exist));
68+
m_sqlQuery.bindValue(":strDriver", QVariant(strDriver));
69+
70+
if (!m_sqlQuery.exec()) {
5371
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
5472
}
5573
}
5674

5775
void EnableSqlManager::removeDataFromAuthorizedTable(const QString &key)
5876
{
59-
QString sql = QString("DELETE FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
60-
if (!m_sqlQuery.exec(sql)) {
77+
QString sql = QString("DELETE FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":key");
78+
if(!m_sqlQuery.prepare(sql)) return;
79+
m_sqlQuery.bindValue(":key", QVariant(key));
80+
if (!m_sqlQuery.exec()) {
6181
qCInfo(appLog) << m_sqlQuery.lastError();
6282
}
6383
}
6484

6585
void EnableSqlManager::updateDataToAuthorizedTable(const QString &unique_id, const QString &path)
6686
{
67-
QString sql = QString("UPDATE %1 SET path='%2' WHERE unique_id='%3';").arg(DB_TABLE_AUTHORIZED).arg(path).arg(unique_id);
68-
if (!m_sqlQuery.exec(sql)) {
69-
qCInfo(appLog) << m_sqlQuery.lastError();
70-
}
71-
}
72-
73-
void EnableSqlManager::updateDataToAuthorizedTable(const QString &unique_id, bool enable_device)
74-
{
75-
QString sql = QString("UPDATE %1 SET enable='%2' WHERE unique_id='%3';").arg(DB_TABLE_AUTHORIZED).arg(enable_device).arg(unique_id);
76-
if (!m_sqlQuery.exec(sql)) {
87+
QString sql = QString("UPDATE %1 SET path=%2 WHERE unique_id=%3;").arg(DB_TABLE_AUTHORIZED).arg(":path").arg(":unique_id");
88+
if(!m_sqlQuery.prepare(sql)) return;
89+
m_sqlQuery.bindValue(":path", QVariant(path));
90+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
91+
if (!m_sqlQuery.exec()) {
7792
qCInfo(appLog) << m_sqlQuery.lastError();
7893
}
7994
}
@@ -88,43 +103,50 @@ void EnableSqlManager::clearEnableFromAuthorizedTable()
88103

89104
void EnableSqlManager::insertDataToPrinterTable(const QString &hclass, const QString &name, const QString &path)
90105
{
91-
QString sql = QString("INSERT INTO %1 (class, name, path) VALUES ('%2', '%3', '%4');").arg(DB_TABLE_PRINTER).arg(hclass).arg(name).arg(path);
92-
if (!m_sqlQuery.exec(sql)) {
106+
QString sql = QString("INSERT INTO %1 (class, name, path) VALUES (%2, %3, %4);").arg(DB_TABLE_PRINTER).arg(":hclass").arg(":name").arg(":path");
107+
if(!m_sqlQuery.prepare(sql)) return;
108+
m_sqlQuery.bindValue(":hclass", QVariant(hclass));
109+
m_sqlQuery.bindValue(":name", QVariant(name));
110+
m_sqlQuery.bindValue(":path", QVariant(path));
111+
112+
if (!m_sqlQuery.exec()) {
93113
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
94114
}
95115
}
96116

97117
void EnableSqlManager::removeDataFromPrinterTable(const QString &name)
98118
{
99-
QString sql = QString("DELETE FROM %1 WHERE name='%2';").arg(DB_TABLE_PRINTER).arg(name);
100-
if (!m_sqlQuery.exec(sql)) {
119+
QString sql = QString("DELETE FROM %1 WHERE name=%2;").arg(DB_TABLE_PRINTER).arg(":name");
120+
if(!m_sqlQuery.prepare(sql)) return;
121+
m_sqlQuery.bindValue(":name", QVariant(name));
122+
if (!m_sqlQuery.exec()) {
101123
qCInfo(appLog) << m_sqlQuery.lastError();
102124
}
103125
}
104126

105127
bool EnableSqlManager::uniqueIDExisted(const QString &key)
106128
{
107-
QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
108-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
109-
return m_sqlQuery.value(0).toInt() > 0;
129+
QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":param");
130+
if(!m_sqlQuery.prepare(sql)) return false;
131+
m_sqlQuery.bindValue(":param", QVariant(key));
132+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
133+
return m_sqlQuery.value(0).toInt() > 0;
110134
}
111135
return false;
112136
}
113137

114138
bool EnableSqlManager::uniqueIDExistedEX(const QString &key)
115139
{
116-
QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
117-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
118-
return m_sqlQuery.value(0).toInt() > 0;
119-
}
120-
return false;
140+
return uniqueIDExisted(key);
121141
}
122142

123143
bool EnableSqlManager::isUniqueIdEnabled(const QString &key)
124144
{
125-
QString sql = QString("SELECT enable FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(key);
126-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
127-
return m_sqlQuery.value(0).toBool();
145+
QString sql = QString("SELECT enable FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(":key");
146+
if(!m_sqlQuery.prepare(sql)) return false;
147+
m_sqlQuery.bindValue(":key", QVariant(key));
148+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
149+
return m_sqlQuery.value(0).toInt() > 0;
128150
}
129151
return false;
130152
}
@@ -169,8 +191,10 @@ QString EnableSqlManager::authorizedInfo()
169191

170192
QString EnableSqlManager::authorizedPath(const QString &unique_id)
171193
{
172-
QString sql = QString("SELECT path FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_AUTHORIZED).arg(unique_id);
173-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
194+
QString sql = QString("SELECT path FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_AUTHORIZED).arg(":unique_id");
195+
if(!m_sqlQuery.prepare(sql)) return "";
196+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
197+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
174198
return m_sqlQuery.value(0).toString();
175199
}
176200
return "";
@@ -221,42 +245,57 @@ void EnableSqlManager::removePathUniqueIDList(QList<QPair<QString, QString> > &l
221245

222246
void EnableSqlManager::insertWakeupData(const QString &unique_id, const QString &path, bool wakeup)
223247
{
224-
QString sql = QString("INSERT INTO %1 (unique_id, path, wakeup) VALUES ('%2', '%3', '%4');").arg(DB_TABLE_WAKEUP).arg(unique_id).arg(path).arg(wakeup);
225-
if (!m_sqlQuery.exec(sql)) {
248+
QString sql = QString("INSERT INTO %1 (unique_id, path, wakeup) VALUES (%2, %3, %4);").arg(DB_TABLE_WAKEUP).arg(":unique_id").arg(":path").arg(":wakeup");
249+
if(!m_sqlQuery.prepare(sql)) return;
250+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
251+
m_sqlQuery.bindValue(":path", QVariant(path));
252+
m_sqlQuery.bindValue(":wakeup", QVariant(wakeup));
253+
254+
if (!m_sqlQuery.exec()) {
226255
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
227256
}
228257
}
229258

230259
bool EnableSqlManager::isWakeupUniqueIdExisted(const QString &unique_id)
231260
{
232-
QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
233-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
261+
QString sql = QString("SELECT COUNT(*) FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
262+
if(!m_sqlQuery.prepare(sql)) return false;
263+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
264+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
234265
return m_sqlQuery.value(0).toInt() > 0;
235266
}
236267
return false;
237268
}
238269

239270
void EnableSqlManager::updateWakeData(const QString &unique_id, const QString &path, bool wakeup)
240271
{
241-
QString sql = QString("UPDATE %1 SET path='%2', wakeup='%3' WHERE unique_id='%4';").arg(DB_TABLE_WAKEUP).arg(path).arg(wakeup).arg(unique_id);
242-
if (!m_sqlQuery.exec(sql)) {
272+
QString sql = QString("UPDATE %1 SET path=%2, wakeup=%3 WHERE unique_id=%4;").arg(DB_TABLE_WAKEUP).arg(":path").arg(":wakeup").arg(":unique_id");
273+
if(!m_sqlQuery.prepare(sql)) return;
274+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
275+
m_sqlQuery.bindValue(":path", QVariant(path));
276+
m_sqlQuery.bindValue(":wakeup", QVariant(wakeup));
277+
if (!m_sqlQuery.exec()) {
243278
qCInfo(appLog) << m_sqlQuery.lastError();
244279
}
245280
}
246281

247282
QString EnableSqlManager::wakeupPath(const QString &unique_id)
248283
{
249-
QString sql = QString("SELECT path FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
250-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next()) {
284+
QString sql = QString("SELECT path FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
285+
if(!m_sqlQuery.prepare(sql)) return "";
286+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
287+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
251288
return m_sqlQuery.value(0).toString();
252289
}
253290
return "";
254291
}
255292

256293
bool EnableSqlManager::isWakeup(const QString &unique_id)
257294
{
258-
QString sql = QString("SELECT wakeup FROM %1 WHERE unique_id='%2';").arg(DB_TABLE_WAKEUP).arg(unique_id);
259-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next())
295+
QString sql = QString("SELECT wakeup FROM %1 WHERE unique_id=%2;").arg(DB_TABLE_WAKEUP).arg(":unique_id");
296+
if(!m_sqlQuery.prepare(sql)) return false;
297+
m_sqlQuery.bindValue(":unique_id", QVariant(unique_id));
298+
if (m_sqlQuery.exec() && m_sqlQuery.next())
260299
return m_sqlQuery.value(0).toBool();
261300
return false;
262301
}
@@ -265,23 +304,29 @@ void EnableSqlManager::insertNetworkWakeup(const QString &logical_name, bool wak
265304
{
266305
// 先判断是否已经存在
267306
QString sqlAdd;
268-
QString sqlExist = QString("SELECT wakeup FROM %1 WHERE logical_name='%2';").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name);
269-
if (m_sqlQuery.exec(sqlExist) && m_sqlQuery.next()) {
270-
sqlAdd = QString("UPDATE %1 SET wakeup='%2' WHERE logical_name='%3';").arg(DB_TABLE_NETWORK_WAKEUP).arg(wake).arg(logical_name);
307+
QString sqlExist = QString("SELECT wakeup FROM %1 WHERE logical_name=%2;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name");
308+
if(!m_sqlQuery.prepare(sqlExist)) return;
309+
m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
310+
if (m_sqlQuery.exec() && m_sqlQuery.next()) {
311+
sqlAdd = QString("UPDATE %1 SET wakeup=%2 WHERE logical_name=%3;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":wake").arg(":logical_name");
271312
} else {
272-
sqlAdd = QString("INSERT INTO %1 (logical_name, wakeup) VALUES ('%2', '%3');").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name).arg(wake);
313+
sqlAdd = QString("INSERT INTO %1 (logical_name, wakeup) VALUES (%2, %3);").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name").arg(":wake");
273314
}
274315

275-
276-
if (!m_sqlQuery.exec(sqlAdd)) {
316+
if(!m_sqlQuery.prepare(sqlAdd)) return;
317+
m_sqlQuery.bindValue(":wake", QVariant(wake));
318+
m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
319+
if (!m_sqlQuery.exec()) {
277320
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
278321
}
279322
}
280323

281324
bool EnableSqlManager::isNetworkWakeup(const QString &logical_name)
282325
{
283-
QString sql = QString("SELECT wakeup FROM %1 WHERE logical_name='%2';").arg(DB_TABLE_NETWORK_WAKEUP).arg(logical_name);
284-
if (m_sqlQuery.exec(sql) && m_sqlQuery.next())
326+
QString sql = QString("SELECT wakeup FROM %1 WHERE logical_name=%2;").arg(DB_TABLE_NETWORK_WAKEUP).arg(":logical_name");
327+
if(!m_sqlQuery.prepare(sql)) return false;
328+
m_sqlQuery.bindValue(":logical_name", QVariant(logical_name));
329+
if (m_sqlQuery.exec() && m_sqlQuery.next())
285330
return m_sqlQuery.value(0).toBool();
286331
return false;
287332
}
@@ -300,13 +345,14 @@ void EnableSqlManager::setMonitorWorkingFlag(const bool &flag)
300345
QString sqlAdd;
301346
QString sqlExist = QString("SELECT working_flag FROM %1 WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV);
302347
if (m_sqlQuery.exec(sqlExist) && m_sqlQuery.next()) {
303-
sqlAdd = QString("UPDATE %1 SET working_flag='%2' WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV).arg(flag);
348+
sqlAdd = QString("UPDATE %1 SET working_flag=%2 WHERE monitor_name='usb';").arg(DB_TABLE_MONITOR_DEV).arg(":flag");
304349
} else {
305-
sqlAdd = QString("INSERT INTO %1 (monitor_name, working_flag) VALUES ('usb', '%2');").arg(DB_TABLE_MONITOR_DEV).arg(flag);
350+
sqlAdd = QString("INSERT INTO %1 (monitor_name, working_flag) VALUES ('usb', %2);").arg(DB_TABLE_MONITOR_DEV).arg(":flag");
306351
}
307352

308-
309-
if (!m_sqlQuery.exec(sqlAdd)) {
353+
if(!m_sqlQuery.prepare(sqlAdd)) return;
354+
m_sqlQuery.bindValue(":flag", QVariant(flag));
355+
if (!m_sqlQuery.exec()) {
310356
qCInfo(appLog) << Q_FUNC_INFO << m_sqlQuery.lastError();
311357
}
312358
}

deepin-devicemanager-server/deepin-devicecontrol/src/enablecontrol/enablesqlmanager.h

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class EnableSqlManager : public QObject
4141
* @param hclass 类型
4242
* @param name 名称
4343
*/
44-
void insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString strDriver = "");
44+
void insertDataToRemoveTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, const QString &strDriver = "");
4545

4646
/**
4747
* @brief removeDateFromRemoveTable 从数据库里面删除数据
@@ -53,7 +53,7 @@ class EnableSqlManager : public QObject
5353
* @brief insertDataToAuthorizedTable 将数据插入remove表格
5454
* @param key
5555
*/
56-
void insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString strDriver = "");
56+
void insertDataToAuthorizedTable(const QString &hclass, const QString &name, const QString &path, const QString &unique_id, bool exist, const QString &strDriver = "");
5757

5858
/**
5959
* @brief removeDataFromAuthorizedTable 从数据库里面删除数据
@@ -66,13 +66,6 @@ class EnableSqlManager : public QObject
6666
*/
6767
void updateDataToAuthorizedTable(const QString &unique_id, const QString &path);
6868

69-
/**
70-
* @brief updateDataToAuthorizedTable
71-
* @param unique_id
72-
* @param enable
73-
*/
74-
void updateDataToAuthorizedTable(const QString &unique_id, bool enable);
75-
7669
/**
7770
* @brief clearEnableFromAuthorizedTable 清空数据库里面 enable = 1 数据
7871
*/

0 commit comments

Comments
 (0)