We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
对用户输入数据绑定到对象时如不做限制,可能造成攻击者恶意覆盖用户数据
脆弱代码:
@javax.persistence.Entity class UserEntity { @Id @GeneratedValue(strategy = GenerationType.IDENTITY) private Long id; private String username; private String password; private Long role; } @Controller class UserController { @PutMapping("/user/") @ResponseStatus(value = HttpStatus.OK) public void update(UserEntity user) { // 攻击者可以构造恶意user对象,将id字段构造为管理员id,将password字段构造为弱密码 // 如果鉴权不完整,接口读取恶意user对象的id字段后会覆盖管理员的password字段成为弱密码 userService.save(user); } }
解决方案:
@Controller class UserController { @InitBinder public void initBinder(WebDataBinder binder, WebRequest request){ // 对允许绑定的字段设置白名单,阻止其他所有字段 binder.setAllowedFields(["role"]); } }
@Controller class UserController { @InitBinder public void initBinder(WebDataBinder binder, WebRequest request){ // 对不允许绑定的字段设置黑名单,允许其他所有字段 binder.setDisallowedFields(["username","password"]); } }
The text was updated successfully, but these errors were encountered:
熊猫师傅666
Sorry, something went wrong.
师傅太强了,学习!
师傅强
No branches or pull requests
对用户输入数据绑定到对象时如不做限制,可能造成攻击者恶意覆盖用户数据
脆弱代码:
解决方案:
The text was updated successfully, but these errors were encountered: