struts2 高危漏洞修复_JAVA_编程开发_程序员俱乐部

中国优秀的程序员网站程序员频道CXYCLUB技术地图
热搜:
更多>>
 
您所在的位置: 程序员俱乐部 > 编程开发 > JAVA > struts2 高危漏洞修复

struts2 高危漏洞修复

 2013/7/23 12:40:59  sblig  程序员俱乐部  我要评论(0)
  • 摘要:1./***过滤器*/publicvoiddoFilter(ServletRequestreq,ServletResponseresp,FilterChainchain)throwsIOException,ServletException{HttpServletRequestrequest=(HttpServletRequest)req;Stringurl=request.getQueryString();if(StringUtils.isEmpty(url)||!pattern
  • 标签:修复 漏洞 struts

1.
class="java" name="code">
 /**
     * 过滤器
     */
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
        throws IOException, ServletException
    {
        
        HttpServletRequest request = (HttpServletRequest)req;
        String url = request.getQueryString();

        
        if (StringUtils.isEmpty(url) || !pattern.matcher(URLDecoder.decode(url, "utf-8")).matches())
        {
            chain.doFilter(req, resp);
        }
        else
        {
            HttpServletResponse res = (HttpServletResponse)resp;
            res.setStatus(403);
            res.getOutputStream().write("403".getBytes());
            res.getOutputStream().close();
            return;
        }
    }
// 初始化
    public void init(FilterConfig cfg)
        throws ServletException
    {
        
        String redirects= (new StringBuilder(".*(")).append(cfg.getInitParameter("redirects"))
            .append(").*")
            .toString();
        pattern = Pattern.compile(redirects);
    }
    private Pattern pattern;


2.web.xml
<filter>
       <filter-name>SafeFilter</filter-name>
       <filter-class>com.SafeFilter</filter-class>
       <init-param>
           <param-name>redirects</param-name>
           <param-value>redirect:|action:|redirectAction:</param-value>
       </init-param>
</filter>
<filter-mapping>
       <filter-name>SafeFilter</filter-name>
       <url-pattern>/*</url-pattern>
</filter-mapping>
发表评论
用户名: 匿名