Index: ssts-tousse/src/main/java/com/forgon/disinfectsystem/tousse/imagefilemanager/service/ImageFileManagerImpl.java =================================================================== diff -u -r40811 -r40819 --- ssts-tousse/src/main/java/com/forgon/disinfectsystem/tousse/imagefilemanager/service/ImageFileManagerImpl.java (.../ImageFileManagerImpl.java) (revision 40811) +++ ssts-tousse/src/main/java/com/forgon/disinfectsystem/tousse/imagefilemanager/service/ImageFileManagerImpl.java (.../ImageFileManagerImpl.java) (revision 40819) @@ -45,6 +45,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections4.map.HashedMap; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.hibernate.Query; @@ -1178,6 +1179,9 @@ public JSONObject getImageAndVideoInfo(String objectId, String packingTaskId, String imageType, String videoType, String imageIds, String videoIds, String barcode) { // 查询objectId对象关联的图片数量和视频数量 + barcode = StringEscapeUtils.escapeSql(barcode); + imageType = StringEscapeUtils.escapeSql(imageType); + videoType = StringEscapeUtils.escapeSql(videoType); String imageHql = ""; String videoHql = ""; String barcodeSql = ""; Index: forgon-core/src/main/java/com/forgon/security/model/UserLogonRecord.java =================================================================== diff -u -r39239 -r40819 --- forgon-core/src/main/java/com/forgon/security/model/UserLogonRecord.java (.../UserLogonRecord.java) (revision 39239) +++ forgon-core/src/main/java/com/forgon/security/model/UserLogonRecord.java (.../UserLogonRecord.java) (revision 40819) @@ -1,5 +1,7 @@ package com.forgon.security.model; +import javax.persistence.Column; + import java.util.Date; import javax.persistence.Entity; @@ -69,6 +71,15 @@ * 登录客户端的ip */ private String ip; + + /** + * 登录时限制传入的密码最大长度,用于修复因长密码导致的拒绝方法攻击(DoS)QYSRMYY-79 + */ + public static Integer PASSWORD_MAX_LENGTH = 2000; + /** + * 登录时限制传入的用户名最大长度,用于修复因长用户名导致的拒绝方法攻击(DoS)QYSRMYY-79 + */ + public static Integer USERNAME_MAX_LENGTH = 2000; @Id @GeneratedValue(strategy = GenerationType.AUTO) @@ -88,6 +99,7 @@ this.userId = userId; } + @Column(length=500) public String getLogonName() { return logonName; } @@ -96,6 +108,7 @@ this.logonName = logonName; } + @Column(length=500) public String getPassword() { return password; } Index: forgon-core/src/main/java/com/forgon/xss/util/XSSFilterUtil.java =================================================================== diff -u -r40811 -r40819 --- forgon-core/src/main/java/com/forgon/xss/util/XSSFilterUtil.java (.../XSSFilterUtil.java) (revision 40811) +++ forgon-core/src/main/java/com/forgon/xss/util/XSSFilterUtil.java (.../XSSFilterUtil.java) (revision 40819) @@ -90,7 +90,7 @@ if(StringUtils.equals(name, "spell")){ //spell入参防止sql注入QYSRMYY-79 - value = StringEscapeUtils.escapeJavaScript(value); + value = StringEscapeUtils.escapeSql(value); } } Index: ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java =================================================================== diff -u -r40787 -r40819 --- ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40787) +++ ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40819) @@ -131,6 +131,9 @@ throws UsernameNotFoundException { //用于spring security认证的用户名 String authenticationUserName = username; + if(StringUtils.length(username) > UserLogonRecord.USERNAME_MAX_LENGTH){ + throw new DisabledException("登录用户名长度超过最大长度" + UserLogonRecord.USERNAME_MAX_LENGTH); + } try{ //尝试对用户名进行rsa解密 String decryptedUserName = RSAEncrypt.decrypt(username); @@ -188,6 +191,9 @@ //密码可能是rsa加密的密文(logon.jsp提交的为rsa公钥加密的密文),也可能是明文(其它页面或场景提交的情况) j_password = request.getParameter("j_password"); } + if(StringUtils.length(j_password) > UserLogonRecord.PASSWORD_MAX_LENGTH){ + throw new DisabledException("登录密码长度超过最大长度" + UserLogonRecord.PASSWORD_MAX_LENGTH); + } logger.debug("#######################3authenticationUserName=" + authenticationUserName); logger.debug("#######################3j_password=" + j_password); //用户名按转小写与数据库的用户转小写后进行查询