web项目:漏洞修复(3)_spring过滤器第一种方案
1.新增SystemFilter.java (可在replaceString()方法中添加或减少需要过滤的元素)
package com.*.*.filter;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.util.ValueStack;
/**
* 过滤器
*
*/
public class SystemFilter implements Filter {
private static Pattern SCRIPT_PATTERN = Pattern.compile("<script.*>.*<\\/script\\s*>");
private static Pattern HTML_PATTERN = Pattern.compile("<[^>]+>");
private static Pattern SQL_PATTERN1 = Pattern.compile("/((\\%3D)|(=))[^\\n]*((\\%27)|(\\��)|(\\-\\-)|(\\%3B)|(:))/ix");
private static Pattern SQL_PATTERN2 = Pattern.compile("/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix");
private static Pattern SQL_PATTERN3 = Pattern.compile("/((\\%27)|(\\'))union/ix");
@Override
public void init(FilterConfig config) throws ServletException {}
/**
* 全面过滤参数
*
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
httpRequest.setCharacterEncoding("utf-8");
//全面过滤
Map<String,Object> attrsClear = new HashMap<String,Object>(httpRequest.getParameterMap());
for(String obj:attrsClear.keySet()){
Object o = attrsClear.get(obj);
String value = ((String[]) o)[0];
if(!"content".equals(obj)){
if(isKeySqlFunctions(obj)){
attrsClear.put(obj,"");
}else{
attrsClear.put(obj, replaceString(value));
}
}
}
HttpServletRequest wrapRequest=new ParameterRequestWrapper(httpRequest,attrsClear);
chain.doFilter(wrapRequest, response);
}
@Override
public void destroy() {}
/**
*
* 方法名: isKeySqlFunctions
* @return
*/
private boolean isKeySqlFunctions(String key){
boolean isSqlFunction=false;
if(key.contains("drop")
|| key.contains("insert")
|| key.contains("update")
|| key.contains("delete")
|| key.contains("select")
|| key.contains("__")
)
{
isSqlFunction=true;
}
return isSqlFunction;
}
/**
* 对Value进行过滤
* @param oldValue
* @return
*/
public String replaceString(String oldValue) {
System.out.println("-------------------------"+oldValue);
String newValue = oldValue;
// 过滤html标签
Matcher mHtml = HTML_PATTERN.matcher(newValue);
if (mHtml.find()) {
newValue = "";
}
// 过滤script脚本
Matcher m = SCRIPT_PATTERN.matcher(newValue);
if (m.find()) {
newValue = "";
}
Matcher msql1 = SQL_PATTERN1.matcher(newValue);
if (msql1.find()) {
newValue = "";
}
Matcher msql2 = SQL_PATTERN2.matcher(newValue);
if (msql2.find()) {
newValue = "";
}
Matcher msql3= SQL_PATTERN3.matcher(newValue);
if (msql3.find()) {
newValue = "";
}
// 过滤<>
newValue = newValue.replaceAll("&","&" );
newValue = newValue.replaceAll("<","<");
newValue = newValue.replaceAll(">",">");
newValue = newValue.replaceAll(""","\"");
newValue = newValue.replaceAll("<", "");
newValue = newValue.replaceAll(">", "");
//其他过滤
newValue = newValue.replaceAll("ScRipt", "");
newValue = newValue.replaceAll("script", "");
newValue = newValue.replaceAll("WEB-INF", "");
newValue = newValue.replaceAll("../", "");
newValue = newValue.replaceAll("./", "");
newValue = newValue.replaceAll("%20", "");
newValue = newValue.replaceAll(".java", "");
newValue = newValue.replaceAll(".xml", "");
newValue = newValue.replaceAll(".class", "");
newValue = newValue.replaceAll("alert", "");
newValue = newValue.replaceAll("(POST)", "");
newValue = newValue.replaceAll("%3E", "");
newValue = newValue.replaceAll("%27", "");
newValue = newValue.replaceAll("%2", "");
newValue = newValue.replaceAll("||", "");
// 过滤sql转换函数
newValue = newValue.replaceAll("chr[(] ", "");
newValue = newValue.replaceAll("chr [(] ", "");
newValue = newValue.replaceAll("ascii [(] ", "");
newValue = newValue.replaceAll("ascii[(] ", "");
// 过滤sql函数
newValue = newValue.replaceAll("create ", "");
newValue = newValue.replaceAll("truncate ", "");
newValue = newValue.replaceAll("drop ", "");
newValue = newValue.replaceAll("insert ", "");
newValue = newValue.replaceAll("delete ", "");
newValue = newValue.replaceAll("select ", "");
newValue = newValue.replaceAll("lock table ", "");
newValue = newValue.replaceAll("update ", "");
// System.out.println("---------------------nenwenwnenwn----"+newValue);
return newValue;
}
}
2.新增ParameterRequestWrapper.java (无需任何改动)
package com.*.*.filter;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
*
* 类名: ParameterRequestWrapper.java
*/
@SuppressWarnings("unchecked")
public class ParameterRequestWrapper extends HttpServletRequestWrapper {
private Map params;
public ParameterRequestWrapper(HttpServletRequest request, Map newParams) {
super(request);
this.params = newParams;
}
public Map getParameterMap() {
return params;
}
public Enumeration getParameterNames() {
Vector l = new Vector(params.keySet());
return l.elements();
}
public String[] getParameterValues(String name) {
Object v = params.get(name);
if (v == null) {
return null;
} else if (v instanceof String[]) {
return (String[]) v;
} else if (v instanceof String) {
return new String[] { (String) v };
} else {
return new String[] { v.toString() };
}
}
public String getParameter(String name) {
Object v = params.get(name);
if (v == null) {
return null;
} else if (v instanceof String[]) {
String[] strArr = (String[]) v;
if (strArr.length > 0) {
return strArr[0];
} else {
return null;
}
} else if (v instanceof String) {
return (String) v;
} else {
return v.toString();
}
}
}
3.进行we.xml过滤器配置
添加配置节点
<filter>
<description>过滤器</description>
<filter-name>systemFilter</filter-name>
<filter-class>com.*.*.*.SystemFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>systemFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>