问题描述
以下是 checkmarx 问题的详细信息无限制的文件上传
Following are checkmarx issue details Unrestricted File Upload
源对象:req(第 39 行)
Source Object : req (Line No - 39)
目标对象:getInputStream(第-41行)
target Object : getInputStream (Line No -41)
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return getAuthenticationManager().authenticate( new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList())); } //... }
request 对象在 checkmarx 工具中突出显示 -
request objects get highlighted in checkmarx tool -
如何正确验证、过滤、转义和/或编码用户可控输入以通过 Checkmarx 扫描?
How do I properly validate, filter, escape, and/or encode user-controllable input to pass a Checkmarx scan?
推荐答案
这对我有用 - checkmarx 通过了这个高漏洞
This worked for me - checkmarx pass this high vulnerability
我使用了@reflexdemon ans 和@tgdavies 评论的组合
I used combination of @reflexdemon ans and @tgdavies comment
@Override public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) throws IOException { int len = req.getContentLength(); len = Integer.parseInt(Encode.forHtml(String.valueOf(len))); String type = req.getContentType(); type = Encode.forHtml(type); Entitlements creds; if(len == INPUT_LENGTH && type.equals(MIMETYPE_TEXT_PLAIN_UTF_8)) { creds = new ObjectMapper().readValue(req.getReader().lines().collect(Collectors.joining(System.lineSeparator())), Entitlements.class); }else{ creds = new Entitlements(); } return getAuthenticationManager().authenticate( new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList())); }