forked from zsdlove/Fortify
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Header操作:SMTP
60 lines (60 loc) · 2.41 KB
/
Header操作:SMTP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SMTP头部操作,SMTP报头中存在从数据库直接获取的字符串,造成垃圾邮件分发攻击。
<b>修复建议</b>
1、在操作SMTP报头时,所有写入该区域的值必须去除\r和\n字符(%0d%0a、%0D%0A)。
2、创建一份安全字符白名单或正则表达式,只接受完全由这些受认可的字符组成的输入出现在SMTP响应头文件中,例如SMTP头部只允许传入字母和数字。
<b>修复示例</b>
如:
<pre>
public void risk(HttpServletRequest request, HttpServletResponse response,
org.apache.log4j.Logger logger) {
try {
String subject = request.getParameter("subject");
String body = request.getParameter("body");
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress("[email protected]"));
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse("[email protected]"));
message.setSubject("[Contact us query] " + subject);
message.setText(body);
Transport.send(message);
} catch (SQLException e) {
logger.warn(“Exception”, e);
}
}
</pre>
修复为:
<pre>
public void fix(HttpServletRequest request, HttpServletResponse response,
org.apache.log4j.Logger logger) {
try {
String subject = request.getParameter("subject");
String body = request.getParameter("body");
body = body.replace("\r", "");
body = body.replace("\n", "");
subject = subject.replace("\r", "");
subject = subject.replace("\n", "");
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress("[email protected]"));
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse("[email protected]"));
message.setSubject("[Contact us query] " + subject);
message.setText(body);
Transport.send(message);
} catch (SQLException e) {
logger.warn(“Exception”, e);
}
}
</pre>
或:
<pre>
public void fix(HttpServletRequest request, HttpServletResponse response) {
String subject = request.getParameter("subject");
String body = request.getParameter("body");
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress("[email protected]"));
message.setRecipients(Message.RecipientType.TO, InternetAddress.parse("[email protected]"));
message.setSubject("[Contact us query] " + subject);
message.setText(body);
if (Pattern.matches("[0-9A-Za-z]+", subject) && Pattern.matches("[0-9A-Za-z]+", body)) {
Transport.send(message);
}
}
</pre>