fortify扫描java_亲测有效的几种fortify扫描安全漏洞的解决方案

1、Header Manipulation:过滤请求头中的参数

public static String getFilePath(String path){

String regex = "[`~!@#$%^&*()\\+\\=||{}|:\"?>

Pattern pa = new Patternpile(regex);

Matcher ma = pa.matcher(path);

if(ma.find()){

path = ma.replaceAll("").trim();

}

path = path.replace("\\","/");

path = pathj.replace("../","");

return path;

}

2、Cross-Site Scripting:

(1)Reflected:由于这个错误java和jsp中都有，附上公共java方法和公共js方法中的代码

java:

final static List list = new ArrayList();

static{

list.add("

list.add(">");

list.add("(");

list.add(")");

list.add("&");

list.add("?");

list.add(";");

}

public static String Filter(String output){

String encode = Normalizer.normalize(output,Normalizer.Form.NFKC);

for(int i=;i

encode = encode.replace(list.get(i),"");

}

return encode

}

js:

charFilter(str:String){

let charArray = ["","(",")","&","?",";"];

let encode = str.normalize("NFKC");

for(let i=0;i

encode = encode.replace(charArray[i],"");

}

return encode;

}

原文：https://wwwblogs/luchangzhu/p/14301977.html