java基础漏洞学习----整数溢出漏洞+硬编码漏洞+不安全的随机数生成器
java基础漏洞学习----整数溢出漏洞+硬编码漏洞+不安全的随机数生成器
整数溢出漏洞
public class NumberLearning {
public static void main(String[] args){
System.out.println(Integer.MAX_VALUE+1);
System.out.println(Integer.MIN_VALUE-1);
}
}
硬编码漏洞
在进行数据库连接等操作的时候,经常会在db.properties写入明文的数据库用户名和密码
在编写程序的时候尽量对密码进行硬编码,而是采用对密码进行模糊化或先经过hash处理再转储,或在外部资源文件中进行处理
这里采用对username和password进行加密(测试)
db.properties
driver=com.mysql.cj.jdbc.Driver
url=jdbc:mysql://localhost:3306/security
username=cm9vdA==
password=cm9vdA==
主代码
import java.io.FileInputStream;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Base64;
import java.util.Properties;
public class DBConfig {
private static final String PROPERTIES_FILE = "F:/db.properties";
private static final String DRIVER_KEY = "driver";
private static final String URL_KEY = "url";
private static final String USERNAME_KEY = "username";
private static final String PASSWORD_KEY = "password";
public static void main(String[] args) {
Properties properties = new Properties();
try {
properties.load(new FileInputStream(PROPERTIES_FILE));
String driver = properties.getProperty(DRIVER_KEY);
String url = properties.getProperty(URL_KEY);
String encryptedUsername = properties.getProperty(USERNAME_KEY);
String encryptedPassword = properties.getProperty(PASSWORD_KEY);
// 解密用户名和密码
String username = decrypt(encryptedUsername);
String password = decrypt(encryptedPassword);
// 使用配置信息进行数据库连接
Connection connection = null;
try {
Class.forName(driver);
connection = DriverManager.getConnection(url, username, password);
// 执行查询
String query = "SELECT * FROM users WHERE id = ?";
try (PreparedStatement statement = connection.prepareStatement(query)) {
statement.setInt(1, 2);
try (ResultSet resultSet = statement.executeQuery()) {
while (resultSet.next()) {
int id = resultSet.getInt("id");
String name = resultSet.getString("username");
// 处理查询结果
System.out.println("ID: " + id + ", Username: " + name);
}
}
}
} catch (ClassNotFoundException | SQLException e) {
e.printStackTrace();
} finally {
if (connection != null) {
try {
connection.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
} catch (IOException e) {
e.printStackTrace();
}
}
private static String decrypt(String encryptedString) {
// 进行解密操作,这里假设使用Base64进行加密
byte[] decodedBytes = Base64.getDecoder().decode(encryptedString);
return new String(decodedBytes);
}
}
不安全的随机数生成器
三种随机数生成器
1.Random
本质上是系统当前时间,且如果种子相同的话,生成的随机数就相同
2.Math
3.SecureRandom
种子是不可预知的,产生非确定性输出
import java.util.Random;
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
public class RandomLearning {
public static void main(String[] args) throws NoSuchAlgorithmException {
System.out.println("Random随机数");
Random random1 = new Random(1);
for(int i=0;i<5;i++){
System.out.print(random1.nextInt(10)+" ");
}
System.out.println();
Random random2 = new Random(1);
for(int i=0;i<5;i++){
System.out.print(random2.nextInt(10)+" ");
}
System.out.println();
System.out.println("Math随机数");
int randomNumber = (int) (Math.random() * 100);
for(int i=0;i<5;i++){
System.out.print(randomNumber+" ");
}
System.out.println();
System.out.println("SecureRandom随机数");
SecureRandom secureRandom1 = SecureRandom.getInstance("SHA1PRNG");
for(int i=0;i<5;i++){
System.out.print(secureRandom1.nextInt(10)+" ");
}
System.out.println();
SecureRandom secureRandom2 = SecureRandom.getInstance("SHA1PRNG");
for(int i=0;i<5;i++){
System.out.print(secureRandom2.nextInt(10)+" ");
}
}
}