SpringBoot 安全漏洞之XSS注入攻击(jsoup版本)

Posted 在奋斗的大道

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringBoot 安全漏洞之XSS注入攻击(jsoup版本)相关的知识,希望对你有一定的参考价值。

1. 跨站点脚本编制

  风险:可能会窃取或操纵客户会话和 cookie,它们可能用于模仿合法用户,从而使黑客能够以该用户身份查看或变更用户记录以及执行事务。
  原因:未对用户输入正确执行危险字符清理。
  固定值:查看危险字符注入的可能解决方案。

2. pom.xml添加依赖 

<dependency>
	<groupId>org.jsoup</groupId>
	<artifactId>jsoup</artifactId>
	<version>1.11.3</version>
</dependency>

3. 添加Xss包装类

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.jsoup.Jsoup;
import org.jsoup.safety.Whitelist;

/**
 * Xss包装类
 * 
 * @author zzg
 *
 */

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public static final Logger log= LoggerFactory.getLogger(XssHttpServletRequestWrapper .class);

	/**
	 * 构造请求对象
	 * 
	 * @param request
	 */
	public XssHttpServletRequestWrapper(HttpServletRequest request) {
		super(request);
	}

	/**
	 * 获取头部参数
	 * 
	 * @param v 参数值
	 */
	@Override
	public String getHeader(String v) {
		String header = super.getHeader(v);
		if (header == null || "".equals(header)) {
			return header;
		}
		return Jsoup.clean(super.getHeader(v), Whitelist.relaxed());
	}

	/**
	 * 获取参数
	 * 
	 * @param v 参数值
	 */
	@Override
	public String getParameter(String v) {
		String param = super.getParameter(v);
		if (param == null || "".equals(param)) {
			return param;
		}
		return Jsoup.clean(super.getParameter(v), Whitelist.relaxed());
	}

	/**
	 * 获取参数值
	 * 
	 * @param v 参数值
	 */
	@Override
	public String[] getParameterValues(String v) {
		String[] values = super.getParameterValues(v);
		if (values == null) {
			return values;
		}
		int length = values.length;
		String[] resultValues = new String[length];
		for (int i = 0; i < length; i++) {
			// 过滤特殊字符
			resultValues[i] = Jsoup.clean(values[i], Whitelist.relaxed()).trim();
			if (!(resultValues[i]).equals(values[i])) {
				log.debug("XSS过滤器 => 过滤前:{} => 过滤后:{}", values[i], resultValues[i]);
			}
		}
		return resultValues;
	}
}

4. 配置文件添加配置

security.xss.excludes=/login, /logout, /images/*, /jquery/*, /layui/*

5. 添加XSS过滤器

import java.io.IOException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Component;
import org.springframework.beans.factory.annotation.Value;

/**
 * Xss过滤器
 * 
 * @author zzg
 *
 */
@Component
@WebFilter(filterName = "XssFilter", urlPatterns = "/*")
public class XssFilter implements Filter {

	/**
	 * 过滤器配置对象
	 */
	FilterConfig filterConfig = null;

	/**
	 * 是否启用
	 */
	private boolean enable = true;


	/**
	 * 忽略的URL
	 */
    @Value("${security.xss.excludes}")
	private String excludes;


	/**
	 * 初始化
	 */
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		this.filterConfig = filterConfig;
	}

	/**
	 * 拦截
	 */
	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;

		// 不启用或者已忽略的URL不拦截
		if (!enable || isExcludeUrl(request.getServletPath())) {
			filterChain.doFilter(servletRequest, servletResponse);
			return;
		}
		XssHttpServletRequestWrapper xssHttpServletRequestWrapper = new XssHttpServletRequestWrapper(request);
		filterChain.doFilter(xssHttpServletRequestWrapper, servletResponse);
	}

	/**
	 * 销毁
	 */
	@Override
	public void destroy() {
		this.filterConfig = null;
	}

	/**
	 * 判断是否为忽略的URL
	 * 
	 * @param urlPath URL路径
	 * @return true-忽略,false-过滤
	 */
	private boolean isExcludeUrl(String url) {
		if (excludes == null || excludes.isEmpty()) {
			return false;
		}
        List<String> urls = Arrays.asList(excludes.split(","));
		return urls .stream().map(pattern -> Pattern.compile("^" + pattern)).map(p -> p.matcher(url))
				.anyMatch(Matcher::find);
	}
}

以上是关于SpringBoot 安全漏洞之XSS注入攻击(jsoup版本)的主要内容,如果未能解决你的问题,请参考以下文章

SpringBoot 如何防护 XSS 攻击 ??

渗透测试之XSS漏洞:记一次模拟注入攻击

web安全之XSS注入

安全之防sql注入,xss攻击,CSRF攻击

Web攻防之XSS,CSRF,SQL注入

Web攻防之XSS,CSRF,SQL注入(转)