checkmarx扫描常见问题修复方案

最新推荐文章于 2025-01-27 15:45:56 发布

夏日娃

最新推荐文章于 2025-01-27 15:45:56 发布

阅读量1.1k

点赞数 11

CC 4.0 BY-SA版权

分类专栏： java 文章标签：安全 java

本文链接：https://blog.csdn.net/u011625492/article/details/142526100

java 专栏收录该内容

14 篇文章

订阅专栏

1.Missing X Frame Options

response.addHeader("X-FRAME-OPTIONS","SAMEORIGIN");

2.Missing Content Security Policy

response.setHeader("Strict-Transport-Security","max-age=31622400;includeSubDomains; preload")

3.Missing HSTS Header

response.setHeader("Strict-Transport-Security","max-age=31622400;includeSubDomains; preload");

4.Escape False

import org.springframework.web.util.HtmlUtils;

 HtmlUtils.htmlEscape(str)

5.Version Disclosure(java servlet)

//清除java servlet版本信息
response.setHeader("X-Powered-By", "");

6.Session Cookie Not Marked as Secure

<!---调整tomcat服务器 web.xml配置->
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
  <secure>true</secure>
</cookie-config>
</session-config>

7.Heap Inspection

//不要使用String类型存储敏感数据(比如 密码，账户等)
//第一种（把一个char[]数组转为String中直接使用String方法或new String可能有漏洞）：
char[] decryptChars = DecryptString(splits[1]);//splits是一个String[]
resultValue = String.valueOf(decryptChars);//该行引发漏洞，返回值resultValue是字符串
//resultValue = new String(decryptChars);//同上，该方法同样引发漏洞
Arrays.fill(decryptChars,' ');
if (resultValue == null) {
     throw new Exception("解密字符串失败！");
}

//修改后
char[] decryptChars = DecryptString(splits[1]);
StringBuffer sb = new StringBuffer();
for (int i = 0;i < decryptChars.length;i++){
    sb.append(decryptChars[i]);
}
Arrays.fill(decryptChars,' ');
if (sb.length()==0){
    throw new Exception("解密字符串失败！");
}


//第二种（把一个byte[]转换为char[]）：
byte[] bytes = HexToByte(sEncrypted);//sEncrypted是一个字符串
byte[] deBytes = DecryptStream(bytes);//加密
sDecryptChar = new String(deBytes,"ISO-8859-1");//引发漏洞，sDecryptChar是一个char[]
//修改后
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
 
byte[] bytes = HexToByte(sEncrypted);
byte[] deBytes = DecryptStream(bytes);
Charset cs = Charset.forName("ISO-8859-1");
ByteBuffer bb = ByteBuffer.allocate(deBytes.length);
bb.put(bytes).flip();
CharBuffer cb = cs.decode(bb);
sDecryptChar = cb.array();

8.XSS问题

 //使用 使用 escape 和 unescape函数转换获取的字符串
  var userName=escape(document.getElementById('userName').value);
  document.getElementById('userName').innerHtml=unescape(userName);
  
   //解决拼接字符串问题
	var srcjson='{"colName":"' + obj.colName
			+ '","colType":"' + obj.colType + '","colLen":"' + obj.colLen
			+ '","colComments":"' + obj.colComments + '"}'
	var  textVal=obj.colName+ "【" + obj.colType + ", " + obj.colLen + "】"
	srcjson=escape(srcjson);
	textVal=escape(textVal);
	jQuery("<option></option>").val(unescape(srcjson)).text(unescape(textVal)).appendTo("#cols");
	$("#tt tr:last").remove();
  
  //使用 自定义标签 functions 进行HTTML输出替换
  ${f:h(pageContext.request.contextPath)
  
  //使用 encodeURIComponent和 decodeURIComponent 转换href地址字符
  var oldUrl = encodeURIComponent(window.location.href);
  var newUrl=decodeURIComponent(oldUrl);
  
 //使用标签输出路径
 <c:url value='/xx/xx/common.js'/>
 
 //使用标签输出内容
 <c:out value="${(page.number*page.size)+(i.index+1)}" escapeXml="true">

9.Unchecked Input for loop condition

//判断参数，设置循环最大值
	int lineNum = Integer.valueOf(form.getLineNum());
	if(lineNum>100000){
				lineNum=100000;
				totalCount = 100000;
			}else{
				totalCount = lineNum;
			}

10.Frameable Login Page

 //设置响应头
 response.setHeader("Strict-Transport-Security", "max-age=31536000;includeSubDomains");
 response.setHeader("X-Frame-Options", "SAMEORIGIN");

11.Improper Restriction of Stored XXE Ref

//对于 DocumentBuilder 解析器
   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
   factory.setFeature("http://apache.org/xml/features/disabllow-doctype-decl",true);
  //对于SAXParser 解析器
  SAXParserFactory factory = SAXParserFactory.newInstance();
  saxReader.setFeature("http://xml.org/sax/features/external-gengeral-entities",false);

12. HttpOnly Cookies in Config

//在web.xml 配置文件中加入
  <session-config>
    <cookie-config>
      <http-only>true></http-only>
	  </session-config>
  </cookie-config>

13.Privacy Violation

//1.不要在输出日志的信息中记录 密码，账户等用户敏感的数据
//2.不要在代码中使用 Ststem.out.println() 输出敏感数据
//例如以下代码：
  Ststem.out.println(user.getPassword());
  log.info(user.getPassword())

14.HTTP Response Splitting

//针对需要想response header 中写入数据的情况，需要对输出的信息进行过滤特殊字符(\r,\n,%0D,%0A,<,>,')
//代码如下：
response.setContentType("application/vnd.ms-excel");
response.setHeader("Content-Disposition","attacgnebt;filename="+filename+".xml")
需要对filename 过滤特殊字符

15.Input Path Not Canonicalized

//建议使用 Canonicalized 的路径(文件路径规范化)
//代码如下：
 //修改前：
 outSteam=new FileOutputStream(tmpUploadPath+tmpFileName);
 //修改后：
 String outPath=tmpUploadPath+tmpFileName;
 outSteam=new FileOutputStream(new File(outPath).getCanonicalPath());

16.Use of hard coded Cryptographic Key

//不能使用硬编码秘钥
 //修改前：
 public static final String password = "123456"';
 //修改后：
public static final String password = PropertiesUtil.getPropertiesValue("CONFIG_KEY","META-INF/spring/application.properties");