Web恶意内容入侵分析及应对措施之四

王朝厨房·作者佚名  2007-01-05
宽屏版  字体: |||超大  

第四步:过滤动态输出内容中的特殊字符

在实际应用中,判断哪些字符或者字符组合可能导致攻击是不明确的。因此,直接选择安全的字符集要比排除不信任的字符集更方便。例如,如果用户需要在一个表单项中填写他的年龄,开发者就可以直接地限定这个表单项的取值为数字0到9的组合,而不需要再接受其他字符。这样处理后,将大大地降低未知攻击的可能性。

过滤处理可以作为数据输入的一部分、数据输出的一部分或者两者兼而有之。当作为数据输出的一部分时,建议在数据呈现给用户前对之进行过滤处理。如果处理正确,就可以确保所有的动态内容被过滤成为纯净的东西。

下面分别列出用C++、JavaScript以及Perl语言编写的过滤代码,你可以根据实际情况选择其中一种:

C++

BYTE IsBadChar[] = {

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0xFF,0xFF,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0xFF,0xFF,0x00,0xFF,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

0x00,0x00,0x00

};

DWORD FilterBuffer(BYTE * pString,DWORD cChLen){

BYTE * pBad = pString;

BYTE * pGood = pString;

DWORD i=0;

if (!pString) return 0;

for (i=0;pBad[i];i++){

if (!IsBadChar[pBad[i]]) *pGood++ = pBad[i];

};

return pGood-pString;

}

JavaScript

function RemoveBad(InStr){

InStr = InStr.replace(/

InStr = InStr.replace(/\>/g,"");

InStr = InStr.replace(/\"/g,"");

InStr = InStr.replace(/\'/g,"");

InStr = InStr.replace(/\%/g,"");

InStr = InStr.replace(/\;/g,"");

InStr = InStr.replace(/\(/g,"");

InStr = InStr.replace(/\)/g,"");

InStr = InStr.replace(/\&/g,"");

InStr = InStr.replace(/\+/g,"");

return InStr;

}

Perl

#! The first function takes the negative approach.

#! Use a list of bad characters to filter the data

sub FilterNeg {

local( $fd ) = @_;

$fd =~ s/[\<\>\"\'\%\;\)\(\&\+]//g;

return( $fd ) ;

}

#! The second function takes the positive approach.

#! Use a list of good characters to filter the data

sub FilterPos {

local( $fd ) = @_;

$fd =~ tr/A-Za-z0-9\ //dc;

return( $fd ) ;

}

$Data = "This is a test string<script>";

$Data = &FilterNeg( $Data );

print "$Data\n";

$Data = "This is a test string<script>";

$Data = &FilterPos( $Data );

print "$Data\n";

第五步:检查Cookies值

攻击者还可能将恶意内容写入cookie中,因此,Web开发者应该仔细地检查接受的cookie值,并使用上面提及的过滤技术以验证它们是否包含了恶意内容。

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
© 2005- 王朝网络 版权所有