Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
H
hp-smart
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
platform
hp-smart
Commits
d68dcb4a
Commit
d68dcb4a
authored
Mar 12, 2024
by
wuwenlong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
反射性XSS注入
parent
a7ba3511
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
119 additions
and
0 deletions
+119
-0
XSSFilter.java
src/main/java/com/baosight/hpjx/xss/XSSFilter.java
+119
-0
No files found.
src/main/java/com/baosight/hpjx/xss/XSSFilter.java
0 → 100644
View file @
d68dcb4a
package
com
.
baosight
.
hpjx
.
xss
;
import
javax.servlet.*
;
import
javax.servlet.http.Cookie
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletRequestWrapper
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.Enumeration
;
import
java.util.List
;
import
java.util.Vector
;
public
class
XSSFilter
implements
Filter
{
public
void
init
(
FilterConfig
filterConfig
)
throws
ServletException
{
}
public
void
destroy
()
{
}
@Override
public
void
doFilter
(
ServletRequest
servletRequest
,
ServletResponse
servletResponse
,
FilterChain
filterChain
)
throws
IOException
,
ServletException
{
if
(
servletRequest
instanceof
HttpServletRequest
)
{
String
method
=
((
HttpServletRequest
)
servletRequest
).
getMethod
();
if
(
"GET"
.
equalsIgnoreCase
(
method
))
{
filterChain
.
doFilter
(
new
XssHttpServletRequestWrapper
((
HttpServletRequest
)
servletRequest
),
servletResponse
);
}
else
{
filterChain
.
doFilter
(
servletRequest
,
servletResponse
);
}
}
else
{
filterChain
.
doFilter
(
servletRequest
,
servletResponse
);
}
}
private
String
getServiceName
(
HttpServletRequest
request
)
{
return
request
.
getRequestURI
();
}
/**
* xss
**/
class
XssHttpServletRequestWrapper
extends
HttpServletRequestWrapper
{
public
XssHttpServletRequestWrapper
(
HttpServletRequest
servletRequest
)
{
super
(
servletRequest
);
}
//cookie中危险字符过滤
public
Cookie
[]
getCookies
()
{
HttpServletRequest
request
=
(
HttpServletRequest
)
getRequest
();
Cookie
[]
cookies
=
request
.
getCookies
();
if
(
cookies
!=
null
&&
cookies
.
length
>
0
)
{
List
<
Cookie
>
cookieList
=
new
ArrayList
<>();
for
(
Cookie
cookie
:
cookies
)
{
String
cookieKey
=
cookie
.
getName
();
String
cookieVal
=
cookie
.
getValue
();
Cookie
filteredCookie
=
new
Cookie
(
cookieKey
,
cleanXSS
(
cookieVal
));
cookieList
.
add
(
filteredCookie
);
}
return
cookieList
.
toArray
(
new
Cookie
[
cookieList
.
size
()]);
}
else
{
return
cookies
;
}
}
@Override
public
String
[]
getParameterValues
(
String
parameter
)
{
String
[]
values
=
super
.
getParameterValues
(
parameter
);
if
(
values
==
null
)
{
return
null
;
}
int
count
=
values
.
length
;
String
[]
encodedValues
=
new
String
[
count
];
for
(
int
i
=
0
;
i
<
count
;
i
++)
{
encodedValues
[
i
]
=
cleanXSS
(
values
[
i
]);
}
return
encodedValues
;
}
//增加参数key枚举处理
@Override
public
Enumeration
<
String
>
getParameterNames
(){
Vector
<
String
>
newParas
=
new
Vector
<>();
Enumeration
paramNames
=
super
.
getParameterNames
();
while
(
paramNames
.
hasMoreElements
())
{
String
paramName
=
(
String
)
paramNames
.
nextElement
();
String
afterCleanXss
=
cleanXSS
(
paramName
);
newParas
.
add
(
afterCleanXss
);
}
return
newParas
.
elements
();
}
@Override
public
String
getParameter
(
String
parameter
)
{
String
value
=
super
.
getParameter
(
parameter
);
if
(
value
==
null
)
{
return
null
;
}
return
cleanXSS
(
value
);
}
private
String
cleanXSS
(
String
value
)
{
if
(
value
!=
null
)
{
//
value
=
value
.
replaceAll
(
"<"
,
"<"
).
replaceAll
(
">"
,
">"
);
value
=
value
.
replaceAll
(
"\\("
,
"("
).
replaceAll
(
"\\)"
,
")"
);
;
value
=
value
.
replaceAll
(
"eval\\((.*)\\)"
,
""
);
value
=
value
.
replaceAll
(
"[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']"
,
"\"\""
);
value
=
value
.
replaceAll
(
"script"
,
""
);
}
return
value
;
}
}
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment