1. A cross-site vulnerability is detected in the target URL, and a frame injection vulnerability in the target URL is detected.
solution:
The first step: web.xml registration listener
<filter> <filter-name>XssFilter</filter-name> <filter-class>com.weichai.common.filter.XssFilter</filter-class> </filter> <filter-mapping> <filter-name>XssFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
Step 2: Create a listener implementation class
import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import java.io.IOException; public class XssFilter implements Filter { FilterConfig filterConfig = null; @Override public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { chain.doFilter(new XssHttpServletRequestWrapperNew( (HttpServletRequest) request), response); } @Override public void destroy() { this.filterConfig = null; } }
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import java.text.CharacterIterator; import java.text.StringCharacterIterator; import java.util.regex.Pattern; public class XssHttpServletRequestWrapperNew extends HttpServletRequestWrapper{ HttpServletRequest orgRequest = null; public XssHttpServletRequestWrapperNew(HttpServletRequest request) { super(request); orgRequest = request; } /** * Override the getParameter method, and filter the parameter name and parameter value by xss. * If you need to get the original value, get it through super.getParameterValues(name) * getParameterNames, getParameterValues and getParameterMap may also need to be overridden */ @Override public String getParameter(String name) { String value = super.getParameter(xssEncode(name)); if (value != null) { value = xssEncode(value); value = HTMLEncode(value); } return value; } /** * Escape some special characters */ public static String HTMLEncode(String aText){ final StringBuilder result = new StringBuilder(); final StringCharacterIterator iterator = new StringCharacterIterator(aText); char character = iterator.current(); while (character != CharacterIterator.DONE ){ if (character == '<') { result.append("<"); } else if (character == '>') { result.append(">"); } else if (character == '&') { result.append("&"); } else if (character == '\"') { result.append("""); } else { result.append(character); } character = iterator.next(); } return result.toString(); } /** * Override the getHeader method, and filter the parameter name and parameter value by xss. If you need to get the original value, get it through super.getHeaders(name) * getHeaderNames may also need to be overridden */ @Override public String getHeader(String name) { String value = super.getHeader(xssEncode(name)); if (value != null) { value = xssEncode(value); } return value; } /** * Directly replace half-width characters that easily cause xss vulnerabilities with full-width characters * At present, xssProject requires the injection code to be parsed only if the start tag and end tag (such as <script></script>) match correctly, otherwise an error will be reported; therefore, you can only replace xssProject with a custom implementation * @param s * @return */ private static String xssEncode(String s) { if (s == null || s.isEmpty()) { return s; } String result = stripXSS(s); if (null != result) { result = escape(result); } return result; } public static String escape(String s) { StringBuilder sb = new StringBuilder(s.length() + 16); for (int i = 0; i < s.length(); i++) { char c = s.charAt(i); switch (c) { case '>': sb.append('>');// full-width greater than sign break; case '<': sb.append('<');// full-width less than sign break; case '\'': sb.append(''');// full-width single quotes break; case '\"': sb.append('"');// full-width double quotes break; case '\\': sb.append('\');// full-width slash break; case '%': sb.append('%'); // full-width colon break; default: sb.append(c); break; } } return sb.toString(); } private static String stripXSS(String value) { if (value != null) { // Avoid null characters value = value.replaceAll("", ""); // Avoid anything between script tags Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid anything in a src='...' type of expression scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome </script> tag scriptPattern = Pattern.compile("</script>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome <script ...> tag scriptPattern = Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid eval(...) expressions scriptPattern = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid expression(...) expressions scriptPattern = Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); // Avoid javascript:... expressions scriptPattern = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid vbscript:... expressions scriptPattern = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Avoid onload= expressions scriptPattern = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("<iframe>(.*?)</iframe>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); scriptPattern = Pattern.compile("</iframe>", Pattern.CASE_INSENSITIVE); value = scriptPattern.matcher(value).replaceAll(""); // Remove any lonesome <script ...> tag scriptPattern = Pattern.compile("<iframe(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); value = scriptPattern.matcher(value).replaceAll(""); } return value; } /** * Get the original request * * @return */ public HttpServletRequest getOrgRequest() { return orgRequest; } /** * Static method to get the most original request * * @return */ public static HttpServletRequest getOrgRequest(HttpServletRequest req) { if (req instanceof XssHttpServletRequestWrapperNew) { return ((XssHttpServletRequestWrapperNew) req).getOrgRequest(); } return req; } }
2. Multiple Input Validation Vulnerabilities in Apache Geronimo Application Server
solution:
When this problem occurs, the version of Tomcat applied is 7.0.551. The solution is to upgrade the version of tomcat to version 7.0.79, which is the latest version in the 7 series. Please download the specific software from the Apache official website.