java.net.url在代码扫描期间提供安全漏洞
我有以下方法来检查传入URL是否有效,并且基于此方法,我需要重定向到错误页面。
/*
* This method is used to validate the URL and return a response
*/
private static int isValidUrl(String qrUrl) {
int code = 0;
try {
URL url = new URL(qrUrl);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("GET");
connection.connect();
code = connection.getResponseCode();
logger.info("Response code is {} for the url", code);
} catch(MalformedURLException e) {
logger.error("A MalformedURLException Occured in QR Code servlet during URL Validation", e);
} catch (IOException e) {
logger.error("An IOException Occured in QR Code servlet during URL Validation", e);
}
return code;
}
以下代码为中等安全漏洞(描述: 在代码扫描期间,攻击者可以使用此Web服务器请求来揭示内部服务和文件系统)。我该如何修复?
I have the below method to check an incoming url is valid or not and based on this i need to redirect to error page.
/*
* This method is used to validate the URL and return a response
*/
private static int isValidUrl(String qrUrl) {
int code = 0;
try {
URL url = new URL(qrUrl);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("GET");
connection.connect();
code = connection.getResponseCode();
logger.info("Response code is {} for the url", code);
} catch(MalformedURLException e) {
logger.error("A MalformedURLException Occured in QR Code servlet during URL Validation", e);
} catch (IOException e) {
logger.error("An IOException Occured in QR Code servlet during URL Validation", e);
}
return code;
}
The below line of code is giving medium security vulnerability(Description:
This web server request could be used by an attacker to expose internal services and filesystem) during code scan. How can I fix it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论