摘要:接收前臺請求封裝的時,莫名傳到后臺就變成了。找了半天,一直以后是前臺的問題,一直在翻閱各種代碼。后來,請教大佬,大佬一聽到剛好少了后,靈光乍現,感覺是攔截器的原因,后來查閱,果不其然。全稱跨站腳本攻擊,是程序中最常見的漏洞。
接收前臺post請求封裝的"versionDescription":"eeeeee",時,莫名傳到后臺就變成"versionDeion":"eeeeee",了。
找了半天,一直以后是前臺的問題,一直在翻閱各種js代碼。 后來,請教大佬,大佬一聽到剛好少了script后,靈光乍現,感覺是攔截器的原因,后來查閱,果不其然。
XSS 全稱(Cross Site Scripting) 跨站腳本攻擊, 是Web程序中最常見的漏洞。指攻擊者在網頁中嵌入客戶端腳本(例如JavaScript), 當用戶瀏覽此網頁時,腳本就會在用戶的瀏覽器上執行,從而達到攻擊者的目的. 比如獲取用戶的Cookie,導航到惡意網站,攜帶木馬等
參考https://www.cnblogs.com/xuxiu...
參考 http://www.cnblogs.com/jiangs...
參考 https://blog.csdn.net/qq_3292...
參考 https://blog.csdn.net/u012114...
這是一個預防XSS注入的攔截器,web.xml配置如下:
xssFilter com.cashew.utils.XssFilter xssFilter /*
攔截器:
package com.sgcc.utils; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; import java.util.Locale; import java.util.Map; import java.util.Set; import java.util.Map.Entry; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; import net.sf.json.JSONObject; import org.apache.log4j.Logger; public class XssFilter implements Filter { Logger log = Logger.getLogger(this.getClass()); private static Pattern SCRIPT_PATTERN = Pattern .compile(".*"); private static Pattern HTML_PATTERN = Pattern.compile("<[^>]+>"); @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { // 獲得在下面代碼中要用的request,response,session對象 HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; // 設置cookie heetOnly Cookie[] cookies = request.getCookies(); if (cookies != null && cookies.length > 0) { Cookie cookie = cookies[0]; if (cookie != null) { // Servlet 2.5不支持在Cookie上直接設置HttpOnly屬性 String value = cookie.getValue(); StringBuilder builder = new StringBuilder(); builder.append("JSESSIONID=" + value + "; "); builder.append("Secure; "); builder.append("HttpOnly; "); Calendar cal = Calendar.getInstance(); cal.add(Calendar.MINUTE, 30); Date date = cal.getTime(); Locale locale = Locale.CHINA; SimpleDateFormat sdf = new SimpleDateFormat( "dd-MM-yyyy HH:mm:ss", locale); builder.append("Expires=" + sdf.format(date)); response.setHeader("Set-Cookie", builder.toString()); } } String method = request.getMethod(); if("POST".equalsIgnoreCase(method)){ if (getParameterMap(request)) { log.info("-----檢測到危險字符,終止請求"); response.setCharacterEncoding("UTF-8"); response.getWriter().write(JSONObject.fromObject(getFailedMap("檢測到疑似注入操作,終止請求")).toString()); return; } }else{ boolean isScri = this.filterHtmlStr(request); boolean isSql = this.filterSql(request); if (!isScri || !isSql) { log.info("檢測到危險字符,終止請求"); response.setCharacterEncoding("UTF-8"); response.getWriter().write(JSONObject.fromObject(getFailedMap("檢測到疑似注入操作,終止請求")).toString()); return; } } //chain.doFilter(servletRequest, servletResponse); chain.doFilter(new XSSRequestWrapper((HttpServletRequest) servletRequest), servletResponse); } @Override public void destroy() { // TODO Auto-generated method stub } /** * 方法說明 :通過獲取map的方法 */ @SuppressWarnings("rawtypes") private boolean getParameterMap(HttpServletRequest request) { Map map = request.getParameterMap(); boolean illegalStr = false; if (map != null) { Set set = map.entrySet(); Iterator iterator = set.iterator(); while (iterator.hasNext()) { Map.Entry entry = (Entry) iterator.next(); if (entry.getValue() instanceof String[]) { //System.out.println("==A==entry的key?? " + entry.getKey()); String[] values = (String[]) entry.getValue(); for (int i = 0; i < values.length; i++) { if(!entry.getKey().toString().equals("buildJsonSettings")){ if(!filterSqlFromSream(values[i]) || !filterHtmlStr(values[i])){ System.out.println("1====非法字符 key=" +entry.getKey().toString() + ";value=" + values[i]); illegalStr = true; break; } } } } else if (entry.getValue() instanceof String) { if(!filterSqlFromSream(entry.getValue().toString()) || !filterHtmlStr(entry.getValue().toString())){ System.out.println("2====非法字符 key=" +entry.getKey().toString() + ";value=" + entry.getValue().toString()); illegalStr = true; break; } } } } return illegalStr; } public boolean filterHtmlStr(String inputStr) { Matcher mHtml = HTML_PATTERN.matcher(inputStr); if (mHtml.find()) { log.info("1------------------------Html str:" + inputStr); return false; } Matcher m = SCRIPT_PATTERN.matcher(inputStr); if (m.find()) { log.info("1------------------------js str:" + inputStr); return false; } return true; } public boolean filterHtmlStr(HttpServletRequest request) { Map paramMap = request.getParameterMap(); String lowStr = null; Set > keSet = paramMap.entrySet(); for (Iterator > itr = keSet.iterator(); itr .hasNext();) { @SuppressWarnings("rawtypes") Map.Entry me = (Map.Entry) itr.next(); Object ov = me.getValue(); String[] value = new String[1]; if (ov instanceof String[]) { value = (String[]) ov; } else { value[0] = ov.toString(); } for (int k = 0; k < value.length; k++) { lowStr = value[k]; Matcher mHtml = HTML_PATTERN.matcher(lowStr); if (mHtml.find()) { log.info("2------------------------Html str:" + lowStr); return false; } Matcher m = SCRIPT_PATTERN.matcher(lowStr); if (m.find()) { log.info("2------------------------js str:" + lowStr); return false; } } } return true; } public boolean filterSql(HttpServletRequest request) { Enumeration params = request.getParameterNames(); String sql = ""; String name = ""; while (params.hasMoreElements()) { name = params.nextElement().toString(); log.info(String.format("name is [%s]", name)); String[] value = request.getParameterValues(name); for (int i = 0; i < value.length; i++) { sql += value[i] + " "; } } sql = sql.toLowerCase(); String badStr = ""|and|exec|execute|insert|select|delete|update|count|drop|*|chr|mid|truncate|" + "char|declare|sitename|net user|xp_cmdshell|or|like"|and|exec|execute|insert|create|drop|" + "table|from|grant|use|group_concat|column_name|" + "information_schema.columns|table_schema|union|where|order|by|count|*|" + "chr|mid|truncate|char|declare|or|like"; String[] badStrs = badStr.split("|"); String[] param = sql.split(" "); for (int j = 0; j < param.length; j++) for (int i = 0; i < badStrs.length; i++) { if (param[j].equalsIgnoreCase(badStrs[i])) { log.info(String.format("1------------查詢到SQL注入,輸入參數:[%s]", sql)); return false; } } return true; } public boolean filterSqlFromSream(String inputJson) { String sql = ""; try { sql = URLDecoder.decode(inputJson,"UTF-8"); } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } String badStr = ""|and|exec|execute|insert|select|delete|update|count|drop|*|chr|mid|truncate|" + "char|declare|sitename|net user|xp_cmdshell|or|like"|and|exec|execute|insert|create|drop|" + "table|from|grant|use|group_concat|column_name|" + "information_schema.columns|table_schema|union|where|order|by|count|*|" + "chr|mid|truncate|char|declare|or|like"; String[] badStrs = badStr.split("|"); String[] param = sql.split(" "); for (int j = 0; j < param.length; j++) for (int i = 0; i < badStrs.length; i++) { if (param[j].equalsIgnoreCase(badStrs[i])) { log.info(String.format("2------------查詢到SQL注入,輸入參數:[%s]", sql)); return false; } } return true; } public String checkSpecialWord(String str) { return Pattern .compile( "[`~!@#$%^&*()+=|{}":;",[].<>/?~!@#??%…???&*()—???+|{}【??????;:????????????,、?]") .matcher(str).replaceAll("").trim(); } private Map getFailedMap(String message) { Map ret = new HashMap (); ret.put("status", "failed"); ret.put("message", message); return ret; } class XSSRequestWrapper extends HttpServletRequestWrapper { public XSSRequestWrapper(HttpServletRequest request) { super(request); } public String getParameter(String name) { String value = super.getParameter(name); if (value != null) { value = cleanXSS(value); } return value; } public String[] getParameterValues(String name) { String[] values = super.getParameterValues(name); if (values != null) { for (int i = 0; i < values.length; i++) { values[i] = cleanXSS(values[i]); } } return values; } private String cleanXSS(String value) { value = value.replaceAll("<", "<").replaceAll(">", ">"); if(value.toLowerCase().contains("