Gitinn Home Verkennen Help
Registreren Inloggen
u159145
/
youlaPay
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

微信XXE漏洞解决方案

小柒2012 6 jaren geleden
bovenliggende
be9c1ecff8
commit
4f57f381b4
2 gewijzigde bestanden met toevoegingen van 88 en 23 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 65 0
      src/main/java/com/itstyle/modules/weixinpay/util/XMLUtil.java
  2. 23 23
      src/main/resources/zfbinfo.properties

+ 65 - 0
src/main/java/com/itstyle/modules/weixinpay/util/XMLUtil.java
Bestand weergeven 

@@ -8,10 +8,16 @@ import java.util.Iterator;
 
 import java.util.List;

 import java.util.Map;

 

+import javax.xml.parsers.DocumentBuilder;

+import javax.xml.parsers.DocumentBuilderFactory;

+import javax.xml.parsers.ParserConfigurationException;

+

 import org.jdom.Document;

 import org.jdom.Element;

 import org.jdom.JDOMException;

 import org.jdom.input.SAXBuilder;

+import org.w3c.dom.Node;

+import org.w3c.dom.NodeList;

 /**

  * XML解析

  * 创建者 科帮网

@@ -29,6 +35,8 @@ public class XMLUtil {
 
 	 */

 	@SuppressWarnings({ "rawtypes", "unchecked" })

 	public static Map doXMLParse(String strxml) throws JDOMException, IOException {

+		//过滤关键词,防止XXE漏洞攻击

+	    strxml = filterXXE(strxml);

 		strxml = strxml.replaceFirst("encoding=\".*\"", "encoding=\"UTF-8\"");

 

 		if (null == strxml || "".equals(strxml)) {

@@ -90,5 +98,62 @@ public class XMLUtil {
 
 

 		return sb.toString();

 	}

+	/**

+	 * 通过DOCTYPE和ENTITY来加载本地受保护的文件、替换掉即可

+	 * 漏洞原理:https://my.oschina.net/u/574353/blog/1841103

+     * 防止 XXE漏洞 注入实体攻击

+     * 过滤 过滤用户提交的XML数据

+     * 过滤关键词:<!DOCTYPE和<!ENTITY,或者SYSTEM和PUBLIC。

+    */

+	public static String filterXXE(String xmlStr){

+	    xmlStr = xmlStr.replace("DOCTYPE", "").replace("SYSTEM", "").replace("ENTITY", "").replace("PUBLIC", "");

+	     return xmlStr;

+	}

+	

+	/**

+	 * 微信给出的 XXE漏洞方案

+	 * https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=23_5

+	 * @param strXML

+	 * @return

+	 * @throws Exception

+	 */

+	@SuppressWarnings({ "rawtypes", "unchecked" })

+	public static Map doXMLParse2(String strXML) throws Exception {

+	   Map m = new HashMap<>();

+	   DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

+	   String FEATURE = null;

+	   try {

+	      FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";

+	      documentBuilderFactory.setFeature(FEATURE, true);

+

+	      FEATURE = "http://xml.org/sax/features/external-general-entities";

+	      documentBuilderFactory.setFeature(FEATURE, false);

+

+	      FEATURE = "http://xml.org/sax/features/external-parameter-entities";

+	      documentBuilderFactory.setFeature(FEATURE, false);

+

+	      FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd";

+	      documentBuilderFactory.setFeature(FEATURE, false);

+

+	      documentBuilderFactory.setXIncludeAware(false);

+	      documentBuilderFactory.setExpandEntityReferences(false);

+	   } catch (ParserConfigurationException e) {

+	      e.printStackTrace();

+	   }

+	   DocumentBuilder documentBuilder= documentBuilderFactory.newDocumentBuilder();

+	   InputStream stream = new ByteArrayInputStream(strXML.getBytes("UTF-8"));

+	   org.w3c.dom.Document doc = documentBuilder.parse(stream);

+	   doc.getDocumentElement().normalize();

+	   NodeList nodeList = doc.getDocumentElement().getChildNodes();

+	   for (int idx=0; idx<nodeList.getLength(); ++idx) {

+	      Node node = nodeList.item(idx);

+	      if (node.getNodeType() == Node.ELEMENT_NODE) {

+	         org.w3c.dom.Element element = (org.w3c.dom.Element) node;

+	         m.put(element.getNodeName(), element.getTextContent());

+	      }

+	   }

+	   stream.close();

+	   return m;

+	}

 

 }

+ 23 - 23
src/main/resources/zfbinfo.properties
Bestand weergeven 

@@ -1,24 +1,24 @@
 
-# 支付宝网关名、partnerId和appId 欢迎关注https://blog.52itstyle.com/
 
-open_api_domain = https://openapi.alipay.com/gateway.do
 
-mcloud_api_domain = http://mcloudmonitor.com/gateway.do
 
-#此处请填写你的PID
 
-pid =XXXXXXXXXXXXXXXX
 
-#此处请填写你当面付的APPID 
-appid =XXXXXXXXXXXXXXXX
 
-
 
-# RSA私钥、公钥和支付宝公钥
 
-private_key = XXXXXXXXXXXXXXXX
 
-public_key = XXXXXXXXXXXXXXXX
 
-alipay_public_key = XXXXXXXXXXXXXXXX
 
-
 
-# 当面付最大查询次数和查询间隔(毫秒)
 
-max_query_retry = 5
 
-query_duration = 5000
 
-
 
-# 当面付最大撤销次数和撤销间隔(毫秒)
 
-max_cancel_retry = 3
 
-cancel_duration = 2000
 
-
 
-# 交易保障线程第一次调度延迟和调度间隔(秒)
 
-heartbeat_delay = 5
 
+# \u652f\u4ed8\u5b9d\u7f51\u5173\u540d\u3001partnerId\u548cappId \u6b22\u8fce\u5173\u6ce8https://blog.52itstyle.com/

+open_api_domain = https://openapi.alipay.com/gateway.do

+mcloud_api_domain = http://mcloudmonitor.com/gateway.do

+#\u6b64\u5904\u8bf7\u586b\u5199\u4f60\u7684PID

+pid =XXXXXXXXXXXXXXXX

+#\u6b64\u5904\u8bf7\u586b\u5199\u4f60\u5f53\u9762\u4ed8\u7684APPID 

+appid =XXXXXXXXXXXXXXXX

+

+# RSA\u79c1\u94a5\u3001\u516c\u94a5\u548c\u652f\u4ed8\u5b9d\u516c\u94a5

+private_key = XXXXXXXXXXXXXXXX

+public_key = XXXXXXXXXXXXXXXX

+alipay_public_key = XXXXXXXXXXXXXXXX

+

+# \u5f53\u9762\u4ed8\u6700\u5927\u67e5\u8be2\u6b21\u6570\u548c\u67e5\u8be2\u95f4\u9694\uff08\u6beb\u79d2\uff09

+max_query_retry = 5

+query_duration = 5000

+

+# \u5f53\u9762\u4ed8\u6700\u5927\u64a4\u9500\u6b21\u6570\u548c\u64a4\u9500\u95f4\u9694\uff08\u6beb\u79d2\uff09

+max_cancel_retry = 3

+cancel_duration = 2000

+

+# \u4ea4\u6613\u4fdd\u969c\u7ebf\u7a0b\u7b2c\u4e00\u6b21\u8c03\u5ea6\u5ef6\u8fdf\u548c\u8c03\u5ea6\u95f4\u9694\uff08\u79d2\uff09

+heartbeat_delay = 5

 heartbeat_duration = 900