web项目:漏洞修复(3)_spring过滤器(1)
来源:互联网 发布:加权余量法 知乎 编辑:程序博客网 时间:2024/06/08 12:25
web项目:漏洞修复(3)_spring过滤器第一种方案
1.新增SystemFilter.java (可在replaceString()方法中添加或减少需要过滤的元素)
package com.*.*.filter;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.util.ValueStack;
/**
* 过滤器
*
*/
public class SystemFilter implements Filter {
private static Pattern SCRIPT_PATTERN = Pattern.compile("<script.*>.*<\\/script\\s*>");
private static Pattern HTML_PATTERN = Pattern.compile("<[^>]+>");
private static Pattern SQL_PATTERN1 = Pattern.compile("/((\\%3D)|(=))[^\\n]*((\\%27)|(\\��)|(\\-\\-)|(\\%3B)|(:))/ix");
private static Pattern SQL_PATTERN2 = Pattern.compile("/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix");
private static Pattern SQL_PATTERN3 = Pattern.compile("/((\\%27)|(\\'))union/ix");
@Override
public void init(FilterConfig config) throws ServletException {}
/**
* 全面过滤参数
*
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
httpRequest.setCharacterEncoding("utf-8");
//全面过滤
Map<String,Object> attrsClear = new HashMap<String,Object>(httpRequest.getParameterMap());
for(String obj:attrsClear.keySet()){
Object o = attrsClear.get(obj);
String value = ((String[]) o)[0];
if(!"content".equals(obj)){
if(isKeySqlFunctions(obj)){
attrsClear.put(obj,"");
}else{
attrsClear.put(obj, replaceString(value));
}
}
}
HttpServletRequest wrapRequest=new ParameterRequestWrapper(httpRequest,attrsClear);
chain.doFilter(wrapRequest, response);
}
@Override
public void destroy() {}
/**
*
* 方法名: isKeySqlFunctions
* @return
*/
private boolean isKeySqlFunctions(String key){
boolean isSqlFunction=false;
if(key.contains("drop")
|| key.contains("insert")
|| key.contains("update")
|| key.contains("delete")
|| key.contains("select")
|| key.contains("__")
)
{
isSqlFunction=true;
}
return isSqlFunction;
}
/**
* 对Value进行过滤
* @param oldValue
* @return
*/
public String replaceString(String oldValue) {
System.out.println("-------------------------"+oldValue);
String newValue = oldValue;
// 过滤html标签
Matcher mHtml = HTML_PATTERN.matcher(newValue);
if (mHtml.find()) {
newValue = "";
}
// 过滤script脚本
Matcher m = SCRIPT_PATTERN.matcher(newValue);
if (m.find()) {
newValue = "";
}
Matcher msql1 = SQL_PATTERN1.matcher(newValue);
if (msql1.find()) {
newValue = "";
}
Matcher msql2 = SQL_PATTERN2.matcher(newValue);
if (msql2.find()) {
newValue = "";
}
Matcher msql3= SQL_PATTERN3.matcher(newValue);
if (msql3.find()) {
newValue = "";
}
// 过滤<>
newValue = newValue.replaceAll("&","&" );
newValue = newValue.replaceAll("<","<");
newValue = newValue.replaceAll(">",">");
newValue = newValue.replaceAll(""","\"");
newValue = newValue.replaceAll("<", "");
newValue = newValue.replaceAll(">", "");
//其他过滤
newValue = newValue.replaceAll("ScRipt", "");
newValue = newValue.replaceAll("script", "");
newValue = newValue.replaceAll("WEB-INF", "");
newValue = newValue.replaceAll("../", "");
newValue = newValue.replaceAll("./", "");
newValue = newValue.replaceAll("%20", "");
newValue = newValue.replaceAll(".java", "");
newValue = newValue.replaceAll(".xml", "");
newValue = newValue.replaceAll(".class", "");
newValue = newValue.replaceAll("alert", "");
newValue = newValue.replaceAll("(POST)", "");
newValue = newValue.replaceAll("%3E", "");
newValue = newValue.replaceAll("%27", "");
newValue = newValue.replaceAll("%2", "");
newValue = newValue.replaceAll("||", "");
// 过滤sql转换函数
newValue = newValue.replaceAll("chr[(] ", "");
newValue = newValue.replaceAll("chr [(] ", "");
newValue = newValue.replaceAll("ascii [(] ", "");
newValue = newValue.replaceAll("ascii[(] ", "");
// 过滤sql函数
newValue = newValue.replaceAll("create ", "");
newValue = newValue.replaceAll("truncate ", "");
newValue = newValue.replaceAll("drop ", "");
newValue = newValue.replaceAll("insert ", "");
newValue = newValue.replaceAll("delete ", "");
newValue = newValue.replaceAll("select ", "");
newValue = newValue.replaceAll("lock table ", "");
newValue = newValue.replaceAll("update ", "");
// System.out.println("---------------------nenwenwnenwn----"+newValue);
return newValue;
}
}
2.新增ParameterRequestWrapper.java (无需任何改动)
package com.*.*.filter;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
*
* 类名: ParameterRequestWrapper.java
*/
@SuppressWarnings("unchecked")
public class ParameterRequestWrapper extends HttpServletRequestWrapper {
private Map params;
public ParameterRequestWrapper(HttpServletRequest request, Map newParams) {
super(request);
this.params = newParams;
}
public Map getParameterMap() {
return params;
}
public Enumeration getParameterNames() {
Vector l = new Vector(params.keySet());
return l.elements();
}
public String[] getParameterValues(String name) {
Object v = params.get(name);
if (v == null) {
return null;
} else if (v instanceof String[]) {
return (String[]) v;
} else if (v instanceof String) {
return new String[] { (String) v };
} else {
return new String[] { v.toString() };
}
}
public String getParameter(String name) {
Object v = params.get(name);
if (v == null) {
return null;
} else if (v instanceof String[]) {
String[] strArr = (String[]) v;
if (strArr.length > 0) {
return strArr[0];
} else {
return null;
}
} else if (v instanceof String) {
return (String) v;
} else {
return v.toString();
}
}
}
3.进行we.xml过滤器配置
添加配置节点
<filter>
<description>过滤器</description>
<filter-name>systemFilter</filter-name>
<filter-class>com.*.*.*.SystemFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>systemFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
- web项目:漏洞修复(3)_spring过滤器(1)
- web项目:漏洞修复(3)_spring过滤器(2)
- web项目:漏洞修复(1)
- web项目:漏洞修复(3)_struts2拦截器
- web项目:漏洞修复(2)_tomcat配置
- 15_Spring整合web项目
- web漏洞修复
- web安全验收漏洞修复总结【java项目心血结晶】
- XSS漏洞修复----过滤器(亲测可用)
- [web安全] 上传漏洞之修复漏洞
- Web漏洞检测及修复
- apache漏洞修复(绿盟科技漏洞)
- apache漏洞修复(绿盟科技漏洞)
- hdwiki 5.0漏洞修复(补充中。。)
- Web项目的保安——Filter(过滤器)
- SSH问题总结(1)_Spring注入问题
- 每天记录一点点--漏洞修复02(后续补充,以漏洞修复XX为版本)
- web漏洞详解及修复建议
- Android中集成讯飞语音,语音转文字以及文字转语音操作
- Codeforces 864E (Codeforces Round #436 (Div. 2)) E. Fire 背包输出路径
- STM8 如何自制BootLoader并实现在线升级
- bootstrap后台 uniform.default.css 使用checkbox 默认选不中问题
- Spring4.x:Spring Aware
- web项目:漏洞修复(3)_spring过滤器(1)
- 【WEB】JS面试题涉及基础知识总结(二)
- 实现ViewPager动态添加和删除页面
- android 问题整理
- JAVA基础语法
- Activiti配置Oracle不能自动创建表/流程启动是表或试图不存在的问题
- java设计模式-代理模式
- Android对apk源码的修改--反编译+源码修改+重新打包+签名【附HelloWorld的修改实例】
- 页面侧滑