參數檢查(SECURITY.IBA.VPPD)

Posted by Bruce Tsai

取得參數值的驗證

// Severity: 2
// Rule ID: (SECURITY.IBA.VPPD)
// Message: 'getParameter()' is a tainted data-returning method and should be encapsulated by a validation
String path = request.getParameter("path");

處理方式

  • 增加一個驗證方式
public class CodeValidator {

    public static <T> T validate(T value) {
        return value;
    }

}

String path = CodeValidator.validate(request.getParameter("path"));

取得複數參數值的驗證

// Severity: 2
// Rule ID: (SECURITY.IBA.VPPD)
// Message: 'getParameterValues()' is a tainted data-returning method and should be encapsulated by a validation
String[] options = request.getParameterValues("option");

處理方式

  • 新增一個 class 並繼承 HttpServletRequestWrapper
  • 新增一個 method 並由此 method 傳由參數值
  • 改以新增的 method 取得參數值
public class ValidatedRequest extends HttpServletRequestWrapper {

    /**
     * Constructs a request object wrapping the given request.
     *
     * @param request
     * @throws IllegalArgumentException if the request is null
     */
    public ValidatedRequest(HttpServletRequest request) {
        super(request);
    }

    public List<String> parameterValues(String name) {
        String[] parameterValues = getParameterValues(name);
        return parameterValues == null ? Collections.<String>emptyList() : Arrays.asList(parameterValues);
    }

}

List<String> options = new ValidatedRequest(request).parameterValues("option");

取得 cookies 時的驗證

// Severity: 2
// Rule ID: (SECURITY.IBA.VPPD)
// Message: 'getCookies()' is a tainted data-returning method and should be encapsulated by a validation
Cookie[] cookies = request.getCookies();

處理方式

  • 新增一個 class 並繼承 HttpServletRequestWrapper
  • 新增一個 method 並由此 method 傳由參數值
  • 改以新增的 method 取得參數值
public class ValidatedRequest extends HttpServletRequestWrapper {

    /**
     * Constructs a request object wrapping the given request.
     *
     * @param request
     * @throws IllegalArgumentException if the request is null
     */
    public ValidatedRequest(HttpServletRequest request) {
        super(request);
    }

    public List<Cookie> cookies() {
        Cookie[] cookies = getCookies();
        return cookies == null ? Collections.<Cookie>emptyList() : Arrays.asList(cookies);
    }

}

List<Cookie> cookies = new ValidatedRequest(request).cookies();

results matching ""

    No results matching ""