728x90 반응형 Secure Coding11 서블릿 메소드 예외 처리 취약점 서블릿 메소드 예외 처리 취약점 Noncompliant Code Example public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String ip = request.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); // Noncompliant; getByName(String) throws UnknownHostException //... } Compliant Solution public void doGet(HttpServletRequest request, HttpServletResponse .. 2021. 9. 17. 로깅 인젝션 공격 로깅 인젝션 공격 Noncompliant Code Example protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String param1 = req.getParameter("param1"); Logger.info("Param1: " + param1 + " " + Logger.getName()); // Noncompliant // ... } Compliant Solution protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String param1 = req.getParamete.. 2021. 9. 17. 서버측 요청 위조 공격 서버측 요청 위조 공격 Noncompliant Code Example protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { URL url = new URL(req.getParameter("url")); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); // Noncompliant } Compliant Solution protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String urlWhiteListed = " 2021. 9. 17. HTTP 응답 헤더 인젝션 HTTP 응답 헤더 인젝션 Noncompliant Code Example protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String value = req.getParameter("value"); resp.addHeader("X-Header", value); // Noncompliant } Compliant Solution protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String value = req.getParameter("value"); String whitelist .. 2021. 9. 17. OS 명령 삽입 공격 OS 명령 삽입 공격 Noncompliant Code Example import java.io.IOException; import javax.servlet.http.HttpServletRequest; public void runUnsafe(HttpServletRequest request) throws IOException { String cmd = request.getParameter("command"); String arg = request.getParameter("arg"); Runtime.getRuntime().exec(cmd+" "+arg); // Noncompliant } Compliant Solution import java.io.IOException; import javax.servlet.h.. 2021. 9. 17. XPath 인젝션 공격 XPath 인젝션 공격 Noncompliant Code Example public boolean authenticate(javax.servlet.http.HttpServletRequest request, javax.xml.xpath.XPath xpath, org.w3c.dom.Document doc) throws XPathExpressionException { String user = request.getParameter("user"); String pass = request.getParameter("pass"); String expression = "/users/user[@name='" + user + "' and @pass='" + pass + "']"; // Unsafe // An attacker .. 2021. 9. 17. 데이터베이스에 연결 시 암호 보안 데이터베이스에 연결 시 암호 보안 Noncompliant Code Example Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); Compliant Solution String password = System.getProperty("database.password"); Connection conn = DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", password); 2021. 9. 17. 데이터베이스 쿼리 인젝션 공격 데이터베이스 쿼리 인젝션 공격 Noncompliant Code Example public boolean authenticate(javax.servlet.http.HttpServletRequest request, java.sql.Connection connection) throws SQLException { String user = request.getParameter("user"); String pass = request.getParameter("pass"); String query = "SELECT * FROM users WHERE user = '" + user + "' AND pass = '" + pass + "'"; // Unsafe // If the special value "foo' OR 1=1.. 2021. 9. 17. Reflected cross-site scripting (XSS) 공격 Reflected cross-site scripting (XSS) 공격 Noncompliant Code Example protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String name = req.getParameter("name"); PrintWriter out = resp.getWriter(); out.write("Hello " + name); // Noncompliant } Compliant Solution protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String .. 2021. 9. 17. 역직렬화 인젝셕 역직렬화 인젝셕 Noncompliant Code Example public class RequestProcessor { protected void processRequest(HttpServletRequest request) { ServletInputStream sis = request.getInputStream(); ObjectInputStream ois = new ObjectInputStream(sis); Object obj = ois.readObject(); // Noncompliant } } Compliant Solution public class SecureObjectInputStream extends ObjectInputStream { // Constructor here @Override pro.. 2021. 9. 17. 이전 1 2 다음 728x90 반응형