How to prevent code from being injected into .net programs 01/18 Update SLTechnology News&Howtos

How to prevent code from being injected into .net programs

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Shulou(Shulou.com)06/03 Report--

This article focuses on ".net programs how to prevent code from being injected", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how .net programs prevent code from being injected.

Do the following three steps, believe that the program will be safer, and the maintenance of the entire site will become easier.

1. Data verification class:

ParameterCheck.cs

The copy code is as follows:

Public class parameterCheck {

Public static bool isEmail (string emailString) {

Return System.Text.RegularExpressions.Regex.IsMatch (emailString, "['\\ wicked -] + (\\. ['\\ wicked -] +) * @ ['\\ wicked -] + (\\. ['\\ wicked -] +) *\. [a-zA-Z] {2jue 4}")

}

Public static bool isInt (string intString) {

Return System.Text.RegularExpressions.Regex.IsMatch (intString, "^ (\ d {5} -\ d {4}) | (\ d {5}) $")

}

Public static bool isUSZip (string zipString) {

Return System.Text.RegularExpressions.Regex.IsMatch (zipString, "^-[0-9] + $| ^ [0-9] + $")

}

II. Web.config

In your Web.config file, add a tag below:

The copy code is as follows:

Where key is followed by a value of "OrderId-int32", etc., where "-" is preceded by the name of the parameter, such as: OrderId, and followed by int32, which represents the data type.

III. Global.asax

Add the following paragraph to Global.asax:

The copy code is as follows:

Protected void Application_BeginRequest (Object sender, EventArgs e) {

String [] safeParameters = System.Configuration.ConfigurationSettings.AppSettings ["safeParameters"] .ToString () .Split (',')

For (int I = 0; I < safeParameters.Length; iTunes +) {

String parameterName = roomParameters [I] .split ('-') [0]

String parameterType = roomParameters [I] .split ('-') [1]

IsValidParameter (parameterName, parameterType)

}

Public void isValidParameter (string parameterName, string parameterType) {

String parameterValue = Request.QueryString [parameterName]

If (parameterValue = = null) return

If (parameterType.Equals ("int32")) {

If (! parameterCheck.isInt (parameterValue)) Response.Redirect ("parameterError.aspx")

}

Else if (parameterType.Equals ("double")) {

If (! parameterCheck.isDouble (parameterValue)) Response.Redirect ("parameterError.aspx")

}

Else if (parameterType.Equals ("USzip")) {

If (! parameterCheck.isUSZip (parameterValue)) Response.Redirect ("parameterError.aspx")

}

Else if (parameterType.Equals ("email")) {

If (! parameterCheck.isEmail (parameterValue)) Response.Redirect ("parameterError.aspx")

}

When we need to modify in the future, we only need to modify the above three files, the maintenance of the whole system will greatly improve efficiency, of course, you can add other variable parameters and data types according to your own needs.

At this point, I believe you have a deeper understanding of ".net programs how to prevent code from being injected". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.