CN116432174A - High-risk sql request detection method, device and storage medium - Google Patents
High-risk sql request detection method, device and storage medium Download PDFInfo
- Publication number
- CN116432174A CN116432174A CN202310417313.6A CN202310417313A CN116432174A CN 116432174 A CN116432174 A CN 116432174A CN 202310417313 A CN202310417313 A CN 202310417313A CN 116432174 A CN116432174 A CN 116432174A
- Authority
- CN
- China
- Prior art keywords
- sql request
- sql
- risk
- request
- preset key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 45
- 238000000034 method Methods 0.000 claims abstract description 23
- 238000004590 computer program Methods 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 5
- 230000000903 blocking effect Effects 0.000 claims description 3
- 230000009977 dual effect Effects 0.000 claims description 3
- 238000007639 printing Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000009440 infrastructure construction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a high-risk sql request detection method, a device and a storage medium, relating to the technical field of information security, comprising the steps of acquiring the sql request by utilizing an interceptor; identifying preset key fields and query conditions in the sql request; determining the type of the sql request according to the preset key field and the query condition; and intercepting the sql request when the type of the sql request is high-risk sql. The high-risk sql detection device and method based on the interceptor, the preset key field of the high-risk sql and the query condition detects and identifies the high-risk sql, has the advantage of high detection efficiency, solves the technical problem of low detection efficiency of the high-risk sql request in the prior art, can intercept the high-risk sql, and is very convenient to use.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a high-risk sql request detection method, a high-risk sql request detection device and a storage medium.
Background
A Database (Database) is a repository for organizing, storing, and managing data according to a data structure, and may be simply referred to as an electronic file cabinet, and a user may perform operations such as adding, intercepting, updating, and deleting data in a file. With the rapid development of internet technology and information technology, database-based information systems have been widely used in information infrastructure construction in the fields of finance, medical treatment, education, and the like.
In actual use, a user accesses and manipulates the database through the structured query language (Structured Query Language, SQL). However, the high-risk sql may cause faults such as full table query, full table update, lock table, database downtime, server pressure overload, data confusion, data loss, etc.
At present, a test method is generally adopted, wherein in the development stage of the sql request, scanning detection is carried out based on a configuration file, and the problem of low detection efficiency exists.
Disclosure of Invention
The main purpose of the invention is that: the invention provides a high-risk sql request detection method, a device and a storage medium, and aims to solve the technical problem of low high-risk sql request detection efficiency in the prior art.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a high-risk sql request detection method, the method comprising:
acquiring the sql request by using an interceptor;
identifying preset key fields and query conditions in the sql request;
determining the type of the sql request according to the preset key field and the query condition;
and intercepting the sql request when the type of the sql request is high-risk sql.
Optionally, in the above method for detecting high-risk sql request, the step of determining the type of the sql request according to the preset key field and the query condition includes:
if the preset key fields in the sql request have select and from, the table name is not dual, and a where condition and a limit condition do not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has update and a where condition does not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has delete and a where condition does not exist, determining that the sql request is a high-risk sql.
Optionally, in the high-risk sql request detection method, after the step of acquiring the sql request by using an interceptor, the method further includes:
judging whether the sql request is a slow query or not, and intercepting the sql request if the sql request is the slow query.
Optionally, in the high-risk sql request detection method, the method further includes:
acquiring return data, wherein the return data is target data returned by a database in response to an sql request;
and when the returned data is larger than a threshold value, determining that the returned data is a large object, and intercepting the returned data.
Optionally, in the high-risk sql request detection method, after the step of acquiring the sql request by using an interceptor, the method further includes:
and if the sql request is in the preset white list, sending the sql request to a database.
Optionally, in the high-risk sql request detection method, the method further includes:
when the type of the sql request is a high-risk sql, a warn-level log is printed, or,
an error level log is printed, and an alert message is generated, or,
printing an error level log, generating alarm information and blocking the current sql request.
In a second aspect, the present invention provides a high-risk sql request detection apparatus, the apparatus comprising:
the acquisition module is used for acquiring the sql request by utilizing an interceptor;
the identification module is used for identifying preset key fields and query conditions in the sql request;
the judging module is used for determining the type of the sql request according to the preset key field and the query condition by a user;
and the interception module is used for intercepting the sql request when the type of the sql request is high-risk sql.
In a third aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by one or more processors, implements a high risk sql request detection method as described above.
The one or more technical schemes provided by the invention can have the following advantages or at least realize the following technical effects:
the invention provides a high-risk sql request detection method, a device and a storage medium, wherein the sql request is acquired by utilizing an interceptor; identifying preset key fields and query conditions in the sql request; determining the type of the sql request according to the preset key field and the query condition; when the type of the sql request is high-risk sql, the sql request is intercepted, the high-risk sql is detected and identified based on a interceptor, a preset key field of the high-risk sql and query conditions, the high-risk sql detection method has the advantage of high detection efficiency, the technical problem of low detection efficiency of the high-risk sql request in the prior art is solved, the high-risk sql can be intercepted, and the use is very convenient.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings may be obtained from the drawings provided without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a first embodiment of a high risk sql request detection method of the present invention;
fig. 2 is a schematic functional block diagram of a first embodiment of the high-risk sql request detection apparatus according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, in the present disclosure, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances. In addition, the technical solutions of the embodiments may be combined with each other, but it is based on the fact that those skilled in the art can implement the combination of the technical solutions, when the technical solutions contradict each other or cannot be implemented, the combination of the technical solutions should be considered as not existing and not falling within the protection scope of the present invention.
Example 1
Referring to the flow chart of fig. 1, a first embodiment of the high-risk sql request detection method of the present invention is provided, and the high-risk sql request detection method of the present embodiment is described in detail below with reference to the flow chart shown in fig. 1. The method may comprise the steps of:
step S100: the sql request is obtained with an interceptor.
Specifically, the interceptor may be a mybatis interceptor, and the interception of the sql request is completed based on mybatis.
Step S300: preset key fields and query conditions in the sql request are identified.
Specifically, the preset key field may be a keyword or a keyword, such as select, from, update or delete; the select statement is used to select data from the table; from statements specify select statement queries and tables or views related to the queries; the update statement is used for updating original data in the table; the delete statement is used to delete a record in the table; query conditions include a sphere condition, a limit condition, and the like.
Step S400: and determining the type of the sql request according to the preset key field and the query condition.
Specifically, the types of sql requests may include high-risk sql and normal sql;
in one example, whether the sql request is a high-risk sql is determined according to a preset key field and a query condition, and if the high-risk sql is not the high-risk sql, the sql is determined to be a common sql request.
Step S500: and intercepting the sql request when the type of the sql request is high-risk sql.
Specifically, when the type of the sql request is high-risk sql, intercepting the sql request; when the type of the sql request is not high-risk sql, the sql request is permitted to be sent to the database so as to complete corresponding functions, such as adding, intercepting, updating, deleting and the like, on the data in the file.
Optionally, in the high-risk sql request detection method, step S100 may include:
step S101: if the preset key fields in the sql request have select and from, the table name is not dual, and a where condition and a limit condition do not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has update and a where condition does not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has delete and a where condition does not exist, determining that the sql request is a high-risk sql.
Optionally, after step S100, the method further includes:
step S201: judging whether the sql request is a slow query or not, and intercepting the sql request if the sql request is the slow query.
Specifically, if the sql request with the response time exceeding the threshold value is a slow query, whether the sql request is a slow query can be judged through the response time of the sql request, if the sql request is a slow query, the sql request is intercepted, so that the occupation of MySQL memory is avoided, the performance is influenced, the DDL operation is blocked, and the user experience is poor.
Optionally, the method further comprises:
step S202: acquiring return data, wherein the return data is target data returned by a database in response to an sql request;
and when the returned data is larger than a threshold value, determining that the returned data is a large object, and intercepting the returned data.
In one example, when the number of record lines returned by the database is greater than a threshold value, determining that the returned data is a large object, generating large object alarm information when the returned data is the large object, and transmitting the alarm information to a user.
Optionally, after step S100, the method further includes:
step S203: and if the sql request is in the preset white list, sending the sql request to a database.
Specifically, the FullScanWhiteList annotation can be used, the developer adds the annotation on the Mapper which does not need to use the sql interception, and the interceptor can release all the sql interception and detection of the Mapper.
Optionally, the method further comprises:
step 600: when the type of the sql request is a high-risk sql, a warn-level log is printed, or,
an error level log is printed, and an alert message is generated, or,
printing an error level log, generating alarm information and blocking the current sql request.
According to the high-risk sql request detection method provided by the embodiment, the sql request is acquired by utilizing an interceptor; identifying preset key fields and query conditions in the sql request; determining the type of the sql request according to the preset key field and the query condition; when the type of the sql request is high-risk sql, the sql request is intercepted, the high-risk sql is detected and identified based on a interceptor, a preset key field of the high-risk sql and query conditions, the high-risk sql detection method has the advantage of high detection efficiency, the technical problem of low detection efficiency of the high-risk sql request in the prior art is solved, the high-risk sql can be intercepted, and the use is very convenient.
Example two
Based on the same inventive concept, referring to fig. 2, a first embodiment of the high-risk sql request detection apparatus of the present invention is provided, and the high-risk sql request detection apparatus provided in the present embodiment is described in detail below with reference to a functional block diagram shown in fig. 2, where the apparatus may include:
the acquisition module is used for acquiring the sql request by utilizing an interceptor;
the identification module is used for identifying preset key fields and query conditions in the sql request;
the judging module is used for determining the type of the sql request according to the preset key field and the query condition by a user;
and the interception module is used for intercepting the sql request when the type of the sql request is high-risk sql.
It should be noted that, the functions that can be achieved by each module in the high-risk sql request detection apparatus and the corresponding achieved technical effects provided in this embodiment may refer to descriptions of specific implementations in each embodiment of the high-risk sql request detection method of the present invention, and for brevity of description, no further description is given here.
Example five
Based on the same inventive concept, the present embodiment provides a computer readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic memory, a magnetic disk, an optical disk, a server, etc., on which a computer program is stored, which computer program is executable by one or more processors, and which computer program, when executed by the processors, can implement all or part of the steps of the various embodiments of the high risk sql request detection method of the present invention.
It should be noted that, the foregoing reference numerals of the embodiments of the present invention are only for describing the embodiments, and do not represent the advantages and disadvantages of the embodiments. The above embodiments are only optional embodiments of the present invention, and not limiting the scope of the present invention, and all equivalent structures or equivalent processes using the descriptions of the present invention and the accompanying drawings or direct or indirect application in other related technical fields are included in the scope of the present invention.
Claims (8)
1. A high-risk sql request detection method, the method comprising:
acquiring the sql request by using an interceptor;
identifying preset key fields and query conditions in the sql request;
determining the type of the sql request according to the preset key field and the query condition;
and intercepting the sql request when the type of the sql request is high-risk sql.
2. The method for detecting high-risk sql requests according to claim 1, wherein the step of determining the type of the sql request according to the preset key field and the query condition comprises:
if the preset key fields in the sql request have select and from, the table name is not dual, and a where condition and a limit condition do not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has update and a where condition does not exist, determining that the sql request is a high-risk sql.
And if the preset key field in the sql request has delete and a where condition does not exist, determining that the sql request is a high-risk sql.
3. The high-risk sql request detection method according to claim 2, wherein after the step of acquiring the sql request with an interceptor, the method further comprises:
judging whether the sql request is a slow query or not, and intercepting the sql request if the sql request is the slow query.
4. The high-risk sql request detection method of claim 3, further comprising:
acquiring return data, wherein the return data is target data returned by a database in response to an sql request;
and when the returned data is larger than a threshold value, determining that the returned data is a large object, and intercepting the returned data.
5. The high-risk sql request detection method of claim 4, wherein after the step of obtaining the sql request with an interceptor, the method further comprises:
and if the sql request is in the preset white list, sending the sql request to a database.
6. The high-risk sql request detection method of claim 5, further comprising:
when the type of the sql request is a high-risk sql, a warn-level log is printed, or,
an error level log is printed, and an alert message is generated, or,
printing an error level log, generating alarm information and blocking the current sql request.
7. A high-risk sql request detection apparatus, the apparatus comprising:
the acquisition module is used for acquiring the sql request by utilizing an interceptor;
the identification module is used for identifying preset key fields and query conditions in the sql request;
the judging module is used for determining the type of the sql request according to the preset key field and the query condition by a user;
and the interception module is used for intercepting the sql request when the type of the sql request is high-risk sql.
8. A computer readable storage medium, wherein a computer program is stored on the storage medium, which when executed by one or more processors, implements the high risk sql request detection method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310417313.6A CN116432174A (en) | 2023-04-18 | 2023-04-18 | High-risk sql request detection method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310417313.6A CN116432174A (en) | 2023-04-18 | 2023-04-18 | High-risk sql request detection method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116432174A true CN116432174A (en) | 2023-07-14 |
Family
ID=87081219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310417313.6A Pending CN116432174A (en) | 2023-04-18 | 2023-04-18 | High-risk sql request detection method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116432174A (en) |
-
2023
- 2023-04-18 CN CN202310417313.6A patent/CN116432174A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108446407B (en) | Database auditing method and device based on block chain | |
| CN110447035B (en) | User content obfuscation in structured user data files | |
| GB2595800A (en) | Managing data objects for graph-based data structures | |
| US8341651B2 (en) | Integrating enterprise search systems with custom access control application programming interfaces | |
| US10191789B2 (en) | Tracing system operations across remote procedure linkages to identify request originators | |
| US7603397B1 (en) | Detecting and managing missing parents between primary and secondary data stores | |
| WO2019153592A1 (en) | User authority data management device and method, and computer readable storage medium | |
| CN109492053B (en) | Method and device for accessing data | |
| US7571158B2 (en) | Updating content index for content searches on networks | |
| US7599971B1 (en) | Detecting and managing missing parents between primary and secondary data stores for content addressed storage | |
| US9514176B2 (en) | Database update notification method | |
| CN110032568B (en) | Data structure reading and updating method and device, and electronic equipment | |
| US9514170B1 (en) | Priority queue using two differently-indexed single-index tables | |
| CN109450969B (en) | Method and device for acquiring data from third-party data source server and server | |
| US10049113B2 (en) | File scanning method and apparatus | |
| US20230205755A1 (en) | Methods and systems for improved search for data loss prevention | |
| CN110990346A (en) | File data processing method, device, equipment and storage medium based on block chain | |
| EP4213042A1 (en) | Merging and unmerging entity representations via resolver trees | |
| CN111371757B (en) | Malicious communication detection method and device, computer equipment and storage medium | |
| CN115357590A (en) | Recording method and device for data change, electronic device and storage medium | |
| US20160004850A1 (en) | Secure download from internet marketplace | |
| US11500837B1 (en) | Automating optimizations for items in a hierarchical data store | |
| EP3260997A1 (en) | Method and system for enforcing user policy on database records | |
| WO2023093444A1 (en) | File leakage detection method and apparatus | |
| CN116432174A (en) | High-risk sql request detection method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |