67,512
社区成员
发帖
与我相关
我的任务
分享针对Struct2远程执行漏洞做的一个过滤器乱码问题
package com.achievo.framework.server.core.filter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class BugFilter
implements Filter
{
private List<String> keywords = new ArrayList();
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
if (!isBugInvade(req)) { //如果bug入侵
chain.doFilter(request, response);
} else {
res.reset();
res.setContentType("text/html; charset=UTF-8");
res.getWriter().println("检测到入侵");
}
}
private boolean isBugInvade(HttpServletRequest request)
{
String queryString = request.getQueryString();
if (queryString != null) {
for (String keyword : this.keywords) {
if (queryString.indexOf(keyword) != -1) {
return true;
}
}
}
Enumeration e = request.getParameterNames();
String parName;
while (e.hasMoreElements()) {
parName = (String)e.nextElement();
for (String keyword : this.keywords) {
if (parName.indexOf(keyword) != -1) {
return true;
}
}
}
return false;
}
public void init(FilterConfig fConfig) throws ServletException
{
this.keywords.add("getWriter");
this.keywords.add("FileOutputStream");
this.keywords.add("getRuntime");
this.keywords.add("getRequest");
this.keywords.add("getProperty");
this.keywords.add("\\u0023");
this.keywords.add("\\43");
}
}
web.xml配置
<filter>
<filter-name>bugFilter</filter-name>
<filter-class>com.achievo.framework.server.core.filter.BugFilter</filter- class>
</filter>
<filter-mapping>
<filter-name>bugFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
不明白为什么保存中文就出乱码了~ 求大神解答我这个小菜鸟。
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class BugFilter
implements Filter
{
private List<String> keywords = new ArrayList();
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException
{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
if (!isBugInvade(req)) { //如果bug入侵
chain.doFilter(request, response);
} else {
res.reset();
res.setContentType("text/html; charset=UTF-8");
res.getWriter().println("检测到入侵");
}
}
private boolean isBugInvade(HttpServletRequest request)
{
String queryString = request.getQueryString();
if (queryString != null) {
for (String keyword : this.keywords) {
if (queryString.indexOf(keyword) != -1) {
return true;
}
}
}
Enumeration e = request.getParameterNames();
String parName;
while (e.hasMoreElements()) {
parName = (String)e.nextElement();
for (String keyword : this.keywords) {
if (parName.indexOf(keyword) != -1) {
return true;
}
}
}
return false;
}
public void init(FilterConfig fConfig) throws ServletException
{
this.keywords.add("getWriter");
this.keywords.add("FileOutputStream");
this.keywords.add("getRuntime");
this.keywords.add("getRequest");
this.keywords.add("getProperty");
this.keywords.add("\\u0023");
this.keywords.add("\\43");
}
}
web.xml配置
<filter>
<filter-name>bugFilter</filter-name>
<filter-class>com.achievo.framework.server.core.filter.BugFilter</filter- class>
</filter>
<filter-mapping>
<filter-name>bugFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
不明白为什么保存中文就出乱码了~ 求大神解答我这个小菜鸟。
...全文
请发表友善的回复…
发表回复
aidong2008 2012-11-16
- 打赏
- 举报
- -看来大家都Happy的过周末去了。跟之前的Filter冲突了,已解决。
