问题描述

以下是 checkmarx 问题的详细信息无限制的文件上传

Following are checkmarx issue details Unrestricted File Upload

源对象:req(第 39 行)

Source Object : req (Line No - 39)

目标对象:getInputStream(第-41行)

target Object : getInputStream (Line No -41)

    public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter
{

    //...
38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)
39            throws AuthenticationException, IOException, ServletException
40    {
41        Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class);

        return getAuthenticationManager().authenticate(
                new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList()));
    }
    //...
}

request 对象在 checkmarx 工具中突出显示 -

request objects get highlighted in checkmarx tool -

如何正确验证、过滤、转义和/或编码用户可控输入以通过 Checkmarx 扫描?

How do I properly validate, filter, escape, and/or encode user-controllable input to pass a Checkmarx scan?

推荐答案

这对我有用 - checkmarx 通过了这个高漏洞

This worked for me - checkmarx pass this high vulnerability

我使用了@reflexdemon ans 和@tgdavies 评论的组合

I used combination of @reflexdemon ans and @tgdavies comment

@Override
public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res)
        throws IOException
{
    int len = req.getContentLength();
    len = Integer.parseInt(Encode.forHtml(String.valueOf(len)));
    String type = req.getContentType();
    type =  Encode.forHtml(type);
    Entitlements creds;
    if(len == INPUT_LENGTH && type.equals(MIMETYPE_TEXT_PLAIN_UTF_8)) {
        creds = new ObjectMapper().readValue(req.getReader().lines().collect(Collectors.joining(System.lineSeparator())), Entitlements.class);
    }else{
        creds = new Entitlements();
    }

    return getAuthenticationManager().authenticate(
            new UsernamePasswordAuthenticationToken(creds.getId(), "", Collections.emptyList()));
}