存儲(chǔ)型跨站腳本漏洞校驗(yàn):將用戶輸入的數(shù)據(jù)輸出時(shí)睁本,未對(duì)其中的特殊字符進(jìn)行過濾及轉(zhuǎn)義诀黍,使客戶端瀏覽器將攻擊者提供的數(shù)據(jù)當(dāng)作代碼執(zhí)行赊抖。
攻擊者可利用該漏洞在客戶端執(zhí)行任意JavaScript腳本。
package cn.tongmap.utility;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* 存儲(chǔ)型跨站腳本漏洞校驗(yàn)
* @author lxzqz
*
*/
public class XssUtil {
private static Pattern[] patterns = new Pattern[] {
Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE),
Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'",Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"",Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("</script>", Pattern.CASE_INSENSITIVE),
Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE),
Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE),
Pattern.compile("[\\s\'\"]+", Pattern.CASE_INSENSITIVE),
Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("alert(.*?)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("<", Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile(">", Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("(<(script|onerror|iframe|embed|frame|frameset|object|img|applet|body|html|style|layer|link|ilayer|meta|bgsound))") };
/**
* 校驗(yàn)參數(shù)是否存在xss漏洞可疑
*
* @param value 需要校驗(yàn)的字符
* @return 返回值:true 表示存在xss漏洞,false:不存在
*/
public static boolean check(String value) {
boolean isXss = false;
if (value != null) {
for (Pattern scriptPattern : patterns) {
Matcher matcher = scriptPattern.matcher(value);
if (matcher.find()) {
isXss = true;
break;
}
}
}
return isXss;
}
}
