Checkmarx - 如何验证和清理 HttpServletRequest .getInputStream 以通过 checkmarx 扫描
以下是 checkmarx 问题的详细信息无限制的文件上传
Following are checkmarx issue details Unrestricted File Upload
源对象:req(第 39 行)
Source Object : req (Line No - 39)
目标对象:getInputStream(第-41行)
target Object : getInputStream (Line No -41)
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter
{
//...
38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)
39 throws AuthenticationException, IOException, ServletException
40 {
41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList()));
}
//...
}
request 对象在 checkmarx 工具中突出显示 -
request objects get highlighted in checkmarx tool -
如何正确验证、过滤、转义和/或编码用户可控输入以通过 Checkmarx 扫描?
How do I properly validate, filter, escape, and/or encode user-controllable input to pass a Checkmarx scan?
推荐答案
这对我有用 - checkmarx 通过了这个高漏洞
This worked for me - checkmarx pass this high vulnerability
我使用了@reflexdemon ans 和@tgdavies 评论的组合
I used combination of @reflexdemon ans and @tgdavies comment
@Override
public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)
throws IOException
{
int len = req.getContentLength();
len = Integer.parseInt(Encode.forHtml(String.valueOf(len)));
String type = req.getContentType();
type = Encode.forHtml(type);
Entitlements creds;
if(len == INPUT_LENGTH && type.equals(MIMETYPE_TEXT_PLAIN_UTF_8)) {
creds = new ObjectMapper().readValue(req.getReader().lines().collect(Collectors.joining(System.lineSeparator())), Entitlements.class);
}else{
creds = new Entitlements();
}
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList()));
}
相关文章