[英]Server Side Request Forgery vulnerability
I have a RESTful service controller that requests another RESTful service我有一个 RESTful 服务控制器,它请求另一个 RESTful 服务
@ResponseBody
@RequestMapping(value = "/headerparameters/{instanceId}", method = RequestMethod.DELETE)
public RestContainerFormBean passivizeHeaderParameter(@PathVariable String instanceId) throws GenericException, IOException {
String url = proactiveURL + "/customerheaders/" + instanceId;
if(isSecurityCheckOK(url)){
ResponseEntity<CustomerHeaderParameterBean> response = restTemplate.exchange(url, HttpMethod.DELETE, new HttpEntity<>(new HttpHeaders()), CustomerHeaderParameterBean.class);
CustomerHeaderParameterBean result = response.getBody();
setButtonActivity(result);
l10nOfValue(result);
return new RestContainerFormBean(result);
} else{
throw new IOException();
}
}
This code can not pass SonarQube policy.此代码无法通过 SonarQube 策略。
Refactor this code to not construct the URL from tainted,
重构此代码以不构造受污染的 URL,
User provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted.
用户提供的数据,例如 URL 参数、POST 数据负载或 cookie,应始终被视为不受信任和受污染。 A remote server making requests to URLs based on tainted data could enable attackers to make arbitrary requests to the internal network or to the local file system.
远程服务器根据受污染的数据向 URL 发出请求,可能使攻击者能够向内部网络或本地文件系统发出任意请求。
The problem could be mitigated in any of the following ways:
可以通过以下任何一种方式缓解该问题:
Validate the user provided data based on a whitelist and reject input not matching.
根据白名单验证用户提供的数据并拒绝不匹配的输入。 Redesign the application to not send requests based on user provided data.
重新设计应用程序,使其不根据用户提供的数据发送请求。
How can I pass the policy by sticking on REST conventions ?如何通过坚持 REST 约定来传递策略?
使用 UriComponentsBuilder 对 URL 进行编码,而不是使用原始 URL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.