存储型跨站脚本漏洞校验:将用户输入的数据输出时,未对其中的特殊字符进行过滤及转义,使客户端浏览器将攻击者提供的数据当作代码执行。
攻击者可利用该漏洞在客户端执行任意JavaScript脚本。
package cn.tongmap.utility;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* 存储型跨站脚本漏洞校验
* @author lxzqz
*
*/
public class XssUtil {
private static Pattern[] patterns = new Pattern[] {
Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE),
Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'",Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"",Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("</script>", Pattern.CASE_INSENSITIVE),
Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE),
Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE),
Pattern.compile("[\\s\'\"]+", Pattern.CASE_INSENSITIVE),
Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("alert(.*?)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("<", Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile(">", Pattern.MULTILINE | Pattern.DOTALL),
Pattern.compile("(<(script|onerror|iframe|embed|frame|frameset|object|img|applet|body|html|style|layer|link|ilayer|meta|bgsound))") };
/**
* 校验参数是否存在xss漏洞可疑
*
* @param value 需要校验的字符
* @return 返回值:true 表示存在xss漏洞,false:不存在
*/
public static boolean check(String value) {
boolean isXss = false;
if (value != null) {
for (Pattern scriptPattern : patterns) {
Matcher matcher = scriptPattern.matcher(value);
if (matcher.find()) {
isXss = true;
break;
}
}
}
return isXss;
}
}
