国内响应式网站模板,wordpress区块编辑器,西宁站 网站,东莞网站建设 汇卓XSS概述
跨站脚本攻击(Cross Site Scripting)#xff0c;缩写为XSS。恶意攻击者往Web页面里插入恶意Script代码#xff0c;当用户浏览该页之时#xff0c;嵌入其中Web里面的Script代码会被执行#xff0c;从而达到恶意攻击用户的目的。
Servlet的方式
1、继承HttpServle…XSS概述
跨站脚本攻击(Cross Site Scripting)缩写为XSS。恶意攻击者往Web页面里插入恶意Script代码当用户浏览该页之时嵌入其中Web里面的Script代码会被执行从而达到恶意攻击用户的目的。
Servlet的方式
1、继承HttpServletRequestWrapper实现对请求参数的过滤
/*** xss请求适配器*/
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {public XssHttpServletRequestWrapper(HttpServletRequest request) {super(request);}/*** 对数组参数进行特殊字符过滤*/Overridepublic String[] getParameterValues(String name) {String[] values super.getParameterValues(name);if (values null) {return null;}int count values.length;String[] encodedValues new String[count];for (int i 0; i count; i) {encodedValues[i] cleanXSS(values[i]);}return encodedValues;}/*** 对参数中特殊字符进行过滤*/Overridepublic String getParameter(String name) {String value super.getParameter(name);if (value null) {return null;}return cleanXSS(value);}/*** 获取attribute,特殊字符过滤*/Overridepublic Object getAttribute(String name) {Object value super.getAttribute(name);if (value ! null value instanceof String) {cleanXSS((String) value);}return value;}/*** 对请求头部进行特殊字符过滤*/Overridepublic String getHeader(String name) {String value super.getHeader(name);if (value null) {return null;}return cleanXSS(value);}/*** 转义字符,使用该方法存在一定的弊端* * param value* return*/private String cleanXSS2(String value) {// 移除特殊标签value value.replaceAll(, lt;).replaceAll(, gt;);value value.replaceAll(\\(, #40;).replaceAll(\\), #41;);value value.replaceAll(, #39;);value value.replaceAll(eval\\((.*)\\), );value value.replaceAll([\\\\\\][\\s]*javascript:(.*)[\\\\\\], \\);value value.replaceAll(script, );return value;}private String cleanXSS(String value) {if (value ! null) {//推荐使用ESAPI库来避免脚本攻击,value ESAPI.encoder().canonicalize(value);// 避免空字符串value value.replaceAll( , );// 避免script 标签Pattern scriptPattern Pattern.compile(script(.*?)/script, Pattern.CASE_INSENSITIVE);value scriptPattern.matcher(value).replaceAll();// 避免src形式的表达式scriptPattern Pattern.compile(src[\r\n]*[\r\n]*\\\(.*?)\\\,Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();scriptPattern Pattern.compile(src[\r\n]*[\r\n]*\\\(.*?)\\\,Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();// 删除单个的 /script 标签scriptPattern Pattern.compile(/script, Pattern.CASE_INSENSITIVE);value scriptPattern.matcher(value).replaceAll();// 删除单个的script ... 标签scriptPattern Pattern.compile(script(.*?),Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();// 避免 eval(...) 形式表达式scriptPattern Pattern.compile(eval\\((.*?)\\),Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();// 避免 e-xpression(...) 表达式scriptPattern Pattern.compile(e-xpression\\((.*?)\\),Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();// 避免 javascript: 表达式scriptPattern Pattern.compile(javascript:, Pattern.CASE_INSENSITIVE);value scriptPattern.matcher(value).replaceAll();// 避免 vbscript:表达式scriptPattern Pattern.compile(vbscript:, Pattern.CASE_INSENSITIVE);value scriptPattern.matcher(value).replaceAll();// 避免 οnlοad 表达式scriptPattern Pattern.compile(onload(.*?),Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);value scriptPattern.matcher(value).replaceAll();}return value;}}2、实现Filter实现XSS过滤器
/*** xss过滤器*/
public class XssFilter implements Filter {FilterConfig filterConfig null;Overridepublic void init(FilterConfig filterConfig) throws ServletException {this.filterConfig filterConfig;}Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {//对请求进行拦截,防xss处理chain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) request), response);}Overridepublic void destroy() {this.filterConfig null;}
}3、注入XSS过滤器两种方式 第一种方式配置web.xml
!-- xss过滤器 --
filterfilter-nameXssSqlFilter/filter-namefilter-classcn.aric.xss.XssFilter/filter-class
/filter
filter-mappingfilter-nameXssSqlFilter/filter-nameurl-pattern/*/url-patterndispatcherREQUEST/dispatcherdispatcherFORWARD/dispatcher
/filter-mapping1234567891011第二种方式注解
/*** 注入Xss过滤器(注解方式)*/
public class WebInitializer implements WebApplicationInitializer{Overridepublic void onStartup(ServletContext servletContext) throws ServletException {//添加监听器servletContext.addListener(RequestContextListener.class);//添加过滤器Dynamic xssFilterRegistration servletContext.addFilter(XssFilter, XssFilter.class);//添加映射规则xssFilterRegistration.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST,DispatcherType.FORWARD,DispatcherType.INCLUDE), false, /*);}}Spring整合的方式
1、使用spring的HtmlUtils,可以使用StringEscapeUtils 中的过滤方法
/*** 解决XSS跨站脚本攻击和sql注入攻击,使用spring的HtmlUtils,可以使用StringEscapeUtils 中的过滤方法*/
public class XssSpringHttpServletRequestWrapper extends HttpServletRequestWrapper{public XssSpringHttpServletRequestWrapper(HttpServletRequest request) {super(request);}/*** 对数组参数进行特殊字符过滤*/Overridepublic String[] getParameterValues(String name) {String[] values super.getParameterValues(name);String[] newValues new String[values.length];for (int i 0; i values.length; i) {//spring的HtmlUtils进行转义newValues[i] HtmlUtils.htmlEscape(values[i]);}return newValues;}/*** 拦截参数,并对其进行字符转义*/Overridepublic String getParameter(String name) {return HtmlUtils.htmlEscape(name);}/*** 拦截参数,并对其进行字符转义*/Overridepublic Object getAttribute(String name) {return HtmlUtils.htmlEscape(name);}}2、实现XSS过滤器
/*** spring方式xss过滤器*/
public class XssSpringFilter implements Filter{Overridepublic void init(FilterConfig filterConfig) throws ServletException {}Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {HttpServletRequest req (HttpServletRequest) request;chain.doFilter(new XssSpringHttpServletRequestWrapper(req), response);}Overridepublic void destroy() {}3、配置XSS过滤器
!-- spring方式的xss过滤器 --
filterfilter-namexssSpringFilter/filter-namefilter-classcn.aric.xss.XssSpringHttpServletRequestWrapper/filter-class
/filter
filter-mappingfilter-namexssSpringFilter/filter-nameurl-pattern/*/url-pattern
/filter-mapping123456789
