Secure Code Warrior_.Net Core 資安練習_NoSQL注入

 

有害的程式碼

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

namespace SecureSoft.Data.Repositories { using System.Collections.Generic; using System.Threading.Tasks; using MongoDB.Bson; using MongoDB.Driver; using SecureSoft.Domain; using SecureSoft.Domain.Repositories; public class MobileRepository : IMongoRepository<Mobile> { private readonly IMongoDatabase database; public MobileRepository(IMongoDatabase database) { this.database = database; } private IMongoCollection<Mobile> Phones => this.database.GetCollection<Mobile>("Phones"); public async Task<List<Mobile>> GetAll( int? minPrice, int? maxPrice, string name) { var builder = new FilterDefinitionBuilder<Mobile>(); var filter = builder.Empty; if (!string.IsNullOrWhiteSpace(name)) { filter = filter & builder.Regex( "Name", new BsonRegularExpression(name)); } if (minPrice.HasValue) { filter = filter & builder.Gte("Price", minPrice.Value); } if (maxPrice.HasValue) { filter = filter & builder.Lte("Price", maxPrice.Value); } return await this.Phones.Find(filter).ToListAsync(); } public async Task<Mobile> Get(string id) { var command = "{$where: \"function() {return this._id == '" + id + "'}\"}"; return await this.Phones.Find(command).FirstOrDefaultAsync(); } public async Task<string> Create(Mobile phone) { await this.Phones.InsertOneAsync(phone); return phone.Id; } public async Task Update(Mobile phone) { await this.Phones.ReplaceOneAsync( new BsonDocument("_id", new ObjectId(phone.Id)), phone); } public async Task Delete(string id) { await this.Phones.DeleteOneAsync( new BsonDocument("_id", new ObjectId(id))); } } }

解決方案

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77

namespace SecureSoft.Data.Repositories { using System.Collections.Generic; using System.Threading.Tasks; using MongoDB.Bson; using MongoDB.Driver; using SecureSoft.Domain; using SecureSoft.Domain.Repositories; public class MobileRepository : IMongoRepository<Mobile> { private readonly IMongoDatabase database; public MobileRepository(IMongoDatabase database) { this.database = database; } private IMongoCollection<Mobile> Phones => this.database.GetCollection<Mobile>("Phones"); public async Task<List<Mobile>> GetAll( int? minPrice, int? maxPrice, string name) { var builder = new FilterDefinitionBuilder<Mobile>(); var filter = builder.Empty; if (!string.IsNullOrWhiteSpace(name)) { filter = filter & builder.Regex( "Name", new BsonRegularExpression(name)); } if (minPrice.HasValue) { filter = filter & builder.Gte("Price", minPrice.Value); } if (maxPrice.HasValue) { filter = filter & builder.Lte("Price", maxPrice.Value); } return await this.Phones.Find(filter).ToListAsync(); } public async Task<Mobile> Get(string id) { return await this.Phones .Find(new BsonDocument("_id", new ObjectId(id))) .FirstOrDefaultAsync(); } public async Task<string> Create(Mobile phone) { await this.Phones.InsertOneAsync(phone); return phone.Id; } public async Task Update(Mobile phone) { await this.Phones.ReplaceOneAsync( new BsonDocument("_id", new ObjectId(phone.Id)), phone); } public async Task Delete(string id) { await this.Phones.DeleteOneAsync( new BsonDocument("_id", new ObjectId(id))); } } }