1.修复方案,过滤引起Log Forging漏洞的敏感字符的公共方法
/** * Log Forging漏洞校验 * @param logs * @return */ public static String vaildLog(String logs) { List<String> list=new ArrayList<String>(); list.add("%0d"); list.add("%0a"); list.add("%0A"); list.add("%0D"); list.add("\r"); list.add("\n"); String normalize = Normalizer.normalize(logs, Normalizer.Form.NFKC); for (String str : list) { normalize=normalize.replace(str, ""); } return normalize; }
原文:https://blog.csdn.net/weixin_41796956/article/details/82907733 版权声明:本文为博主原创文章,转载请附上博文链接!
|