2. it
  3. Java拦截器处理XSS漏洞

Java拦截器处理XSS漏洞

mac2024-06-24  52
漏洞WEB漏洞-链接注入-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(编码)-A3 跨站脚本(XSS)WEB漏洞-错误信息跨站-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(Base64)-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(img-onload)-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(img-src)-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(tab)-A3 跨站脚本(XSS)WEB漏洞-跨站脚本攻击漏洞(onload)-A3 跨站脚本(XSS)WEB漏洞-框架钓鱼-A1 注入WEB漏洞-盲注漏洞(数字或-2)-A1 注入WEB漏洞-盲注漏洞(Cookie内数字)-A1 注入WEB漏洞-盲注漏洞(搜索逻辑)-A1 注入WEB漏洞-盲注漏洞(字符Like)-A1 注入

添加过滤器过滤参数 在项目中添加重写后的拦截器(根据需求还得改)/XssHttpServletRequestWrapper.java 在项目中添加过滤器/XssFilter.java 在web.xml配置:

<filter> <filter-name>XssSqlFilter</filter-name> <!-- 文件路径 --> <filter-class>com.mingsoft.cms.util.XssFilter</filter-class> </filter> <filter-mapping> <filter-name>XssSqlFilter</filter-name> <!-- 拦截请求路径 --> <url-pattern>/cms/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
XssFilter.java
package com.mingsoft.cms.util; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; /** * * @author lijinlong * */ public class XssFilter implements Filter { FilterConfig filterConfig = null; public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { this.filterConfig = null; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //调用重写后的请求 chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response); } }
XssHttpServletRequestWrapper.java
package com.mingsoft.cms.util; import java.util.HashMap; import java.util.Map; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; /** * * @author lijinlong * */ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper{ public XssHttpServletRequestWrapper(HttpServletRequest servletRequest) { super(servletRequest); } @Override public Map<String, String[]> getParameterMap(){ Set<String> names = super.getParameterMap().keySet(); Map<String, String[]> parameterMap = new HashMap<String, String[]>(names.size()); for (String name : names) { String [] values = getParameterValues(name); String [] newValues = new String [values.length]; for(int i=0;i<values.length;i++) { newValues[i] = cleanXSS(values[i]); } parameterMap.put(name, newValues); values = null; newValues = null; } return parameterMap; } /** * 重写getParameterValues方法 */ @Override public String[] getParameterValues(String parameter) { String[] values = super.getParameterValues(parameter); // 如果参数为空那就直接返回空 if (values == null) { return null; } //如果不为空,那就获取参数的长度 int count = values.length; String[] encodedValues = new String[count]; //将每个参数的值都进行过滤 for (int i = 0; i < count; i++) { encodedValues[i] = cleanXSS(values[i]); } return encodedValues; } /** * 重写getParameter */ @Override public String getParameter(String parameter) { String value = super.getParameter(parameter); //如果为空返回空 if (value == null) { return null; } //不为空返回过滤后的 return cleanXSS(value); } /** * 重写getHeader */ @Override public String getHeader(String name) { //如果为空返回空 String value = super.getHeader(name); if (value == null) return null; //不为空返回过滤后的 return cleanXSS(value); } /** * 过滤 * @param value * @return */ private String cleanXSS(String value) { String inj_str = "\" ) \' \\* % < > &"; String inj_stra[] = inj_str.split(" "); for (int i = 0; i < inj_stra.length; i++) { value = value.replaceAll("[" + inj_stra[i] + "]", ""); } String badStr = "and exec execute insert select delete update count drop chr mid master truncate " + "char declare sitename net user xp_cmdshell or like and exec execute insert create drop " + "table from grant use group_concat column_name " + "information_schema.columns table_schema union where select delete update order by count " + "chr mid master truncate char declare or like";//过滤掉的sql关键字,可以手动添加 String badStrs[] = badStr.split(" "); for (int i = 0; i < badStrs.length; i++) { value = value.replaceAll(badStrs[i].toLowerCase(), ""); value = value.replaceAll(badStrs[i].toUpperCase(), ""); } value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;"); value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;"); value = value.replaceAll("'", "& #39;"); value = value.replaceAll("eval\\((.*)\\)", ""); value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); value = value.replaceAll("script", ""); value = value.replaceAll("iframe", ""); value = value.replaceAll("img", ""); return value; } }
最新回复(0)