java、JSP 弱掃修正

簡易的寫出我的解法
詳細了解需自行查詢相關資訊

Log Forging

增加驗證黑名單字符

public static String checkLog(String log){
List list = new ArrayList();
list.add("%0d");
list.add("\r");
list.add("%0a");
list.add("\n");
String encode = Normalizer.normalize(log, Normalizer.Form.NFKC);
for (int i =0 ; i < list.size() ; i++){
encode-encode.replace(list.get(i),"");
}
return encode;
}

Open Redirect

非直接使用網址進行轉址
js

const allowlist = ['/index', '/sitemap'];
function redirect(url){
if (allowlist.indexOf(url) > -1) {
res.redirect(url);
} else {
res.redirect('/home');
}
}

Path Manipulation

使用白名單字符

public static String cleanString(String aString) {
     if (aString == null) return null;
     String cleanString = "";
     for (int i = 0; i < aString.length(); ++i) {
         cleanString += cleanChar(aString.charAt(i));
     }
     return cleanString;
 }
 private static char cleanChar(char aChar) {
     for (int i = 48; i < 58; ++i) {
         if (aChar == i) return (char) i;
     }
     for (int i = 65; i < 91; ++i) {
         if (aChar == i) return (char) i;
     }
     for (int i = 97; i < 123; ++i) {
         if (aChar == i) return (char) i;
     }
     switch (aChar) {
         case '/':
             return '/';
         case '.':
             return '.';
         case '-':
             return '-';
         case '_':
             return '_';
         case ' ':
             return ' ';
     }
     return '%';
 }

}

Insecure Randomness

修改為安全random

SecureRandom rand = new SecureRandom();
rand.setSeed((new Date()).getTime());
rand.nextInt(10);

Category: Mass Assignment: Insecure Binder Configuration

增加允許 與 不允許的聯繫

@InitBinder
public void initBinder(WebDataBinder binder) {
binder.setDisallowedFields(new String[] {});
}

Category: Cross-Site Scripting: Persistent

XSS 攻擊防止

pom

org.owasp.encoder encoder 1.2.2


jsp

<%@ taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>

//HTML
${e:forHtml(loginUsername)}
$1e:forHtml($2)$3
//script
let details=JSON.parse('${e:forJavaScript(contents)}');
let gsi=JSON.parse('${e:forJavaScript(gsi==null?"''":gsi)}'); //審核狀態檔
let pageindex=JSON.parse('${e:forJavaScript(pageindexset)}');

Category: Password Management: Password in Configuration File

在組態設定檔案中儲存純文字密碼可能會危及系統安全
進行加密

pom

com.github.ulisesbocchio jasypt-spring-boot-starter 2.1.2


application.properties

jasypt.encryptor.password=test
spring.datasource.username=ENC() 
spring.datasource.password=ENC()


Category: Privacy Violation: Autocomplete

<input name="password" type="password" " autocomplete="off"/>

Category: LDAP Injection

驗證輸入內容 白名單字符

public static String cleanString(String aString) {
if (aString == null) return null;
String cleanString = "";
for (int i = 0; i < aString.length(); ++i) {
cleanString += cleanChar(aString.charAt(i));
}
return cleanString;
}
private static char cleanChar(char aChar) {

    // 0 - 9
    for (int i = 48; i < 58; ++i) {
        if (aChar == i) return (char) i;
    }

    // 'A' - 'Z'
    for (int i = 65; i < 91; ++i) {
        if (aChar == i) return (char) i;
    }

    // 'a' - 'z'
    for (int i = 97; i < 123; ++i) {
        if (aChar == i) return (char) i;
    }

    // other valid characters
    switch (aChar) {
        case '*':
            return '*';
        case '(':
            return '(';
        case ')':
            return ')';
        case '.':
            return '.';
        case '&':
            return '&';
        case '-':
            return '-';
        case '_':
            return '_';
        case '[':
            return '[';
        case ']':
            return ']';
        case '`':
            return '`';
        case '~':
            return '~';
        case '|':
            return '|';
        case '@':
            return '@';
        case '$':
            return '$';
        case '%':
            return '%';
        case '^':
            return '^';
        case '?':
            return '?';
        case ':':
            return ':';
        case '{':
            return '{';
        case '}':
            return '}';
        case '!':
            return '!';
    }
    return '%';
}

Privacy Violation

請移除保密資料