服务器端请求伪造漏洞
Server Side Request Forgery vulnerability
我有一个 RESTful 请求另一个 RESTful 服务的服务控制器
@ResponseBody
@RequestMapping(value = "/headerparameters/{instanceId}", method = RequestMethod.DELETE)
public RestContainerFormBean passivizeHeaderParameter(@PathVariable String instanceId) throws GenericException, IOException {
String url = proactiveURL + "/customerheaders/" + instanceId;
if(isSecurityCheckOK(url)){
ResponseEntity<CustomerHeaderParameterBean> response = restTemplate.exchange(url, HttpMethod.DELETE, new HttpEntity<>(new HttpHeaders()), CustomerHeaderParameterBean.class);
CustomerHeaderParameterBean result = response.getBody();
setButtonActivity(result);
l10nOfValue(result);
return new RestContainerFormBean(result);
} else{
throw new IOException();
}
}
此代码无法通过 SonarQube 策略。
Refactor this code to not construct the URL from tainted,
User provided data, such as URL parameters, POST data payloads, or
cookies, should always be considered untrusted and tainted. A remote
server making requests to URLs based on tainted data could enable
attackers to make arbitrary requests to the internal network or to the
local file system.
The problem could be mitigated in any of the following ways:
Validate the user provided data based on a whitelist and reject input
not matching. Redesign the application to not send requests based on
user provided data.
如何通过坚持 REST 约定来通过政策?
使用 UriComponentsBuilder 编码 URL 而不是使用原始 URL。
我有一个 RESTful 请求另一个 RESTful 服务的服务控制器
@ResponseBody
@RequestMapping(value = "/headerparameters/{instanceId}", method = RequestMethod.DELETE)
public RestContainerFormBean passivizeHeaderParameter(@PathVariable String instanceId) throws GenericException, IOException {
String url = proactiveURL + "/customerheaders/" + instanceId;
if(isSecurityCheckOK(url)){
ResponseEntity<CustomerHeaderParameterBean> response = restTemplate.exchange(url, HttpMethod.DELETE, new HttpEntity<>(new HttpHeaders()), CustomerHeaderParameterBean.class);
CustomerHeaderParameterBean result = response.getBody();
setButtonActivity(result);
l10nOfValue(result);
return new RestContainerFormBean(result);
} else{
throw new IOException();
}
}
此代码无法通过 SonarQube 策略。
Refactor this code to not construct the URL from tainted,
User provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. A remote server making requests to URLs based on tainted data could enable attackers to make arbitrary requests to the internal network or to the local file system.
The problem could be mitigated in any of the following ways:
Validate the user provided data based on a whitelist and reject input not matching. Redesign the application to not send requests based on user provided data.
如何通过坚持 REST 约定来通过政策?
使用 UriComponentsBuilder 编码 URL 而不是使用原始 URL。