fix(XML解析相关功能): 修复使用SAXReader导致的xxe攻击漏洞

修复使用SAXReader导致的xxe攻击漏洞
This commit is contained in:
song-tianyang 2022-02-23 14:07:36 +08:00 committed by 刘瑞斌
parent d119ec6e05
commit d08d0c2158
3 changed files with 14 additions and 3 deletions

View File

@ -30,6 +30,7 @@ import io.metersphere.controller.request.ScheduleRequest;
import io.metersphere.dto.ScheduleDao; import io.metersphere.dto.ScheduleDao;
import io.metersphere.i18n.Translator; import io.metersphere.i18n.Translator;
import io.metersphere.job.sechedule.ApiTestJob; import io.metersphere.job.sechedule.ApiTestJob;
import io.metersphere.performance.parse.EngineSourceParserFactory;
import io.metersphere.service.FileService; import io.metersphere.service.FileService;
import io.metersphere.service.ScheduleService; import io.metersphere.service.ScheduleService;
import io.metersphere.track.service.TestCaseService; import io.metersphere.track.service.TestCaseService;
@ -465,7 +466,7 @@ public class APITestService {
//获取要转化的文件 //获取要转化的文件
List<String> attachmentFilePathList = new ArrayList<>(); List<String> attachmentFilePathList = new ArrayList<>();
try { try {
Document doc = DocumentHelper.parseText(jmx);// 获取可续保保单列表报文模板 Document doc = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(jmx.getBytes("utf-8")));
Element root = doc.getRootElement(); Element root = doc.getRootElement();
Element rootHashTreeElement = root.element("hashTree"); Element rootHashTreeElement = root.element("hashTree");
List<Element> innerHashTreeElementList = rootHashTreeElement.elements("hashTree"); List<Element> innerHashTreeElementList = rootHashTreeElement.elements("hashTree");

View File

@ -34,6 +34,14 @@ public class EngineSourceParserFactory {
public static Document getDocument(InputStream source) throws DocumentException { public static Document getDocument(InputStream source) throws DocumentException {
SAXReader reader = new SAXReader(); SAXReader reader = new SAXReader();
try {
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
}catch (Exception e){
LogUtil.error(e);
}
if (!IS_TRANS) { if (!IS_TRANS) {
reader.setXMLFilter(EngineSourceParserFactory.getFilter()); reader.setXMLFilter(EngineSourceParserFactory.getFilter());
} }

View File

@ -1,9 +1,11 @@
package io.metersphere.xmind.parser; package io.metersphere.xmind.parser;
import io.metersphere.performance.parse.EngineSourceParserFactory;
import org.dom4j.*; import org.dom4j.*;
import org.json.JSONObject; import org.json.JSONObject;
import org.json.XML; import org.json.XML;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -32,7 +34,7 @@ public class XmindLegacy {
//去除自由风格主题 //去除自由风格主题
xmlContent = xmlContent.replaceAll("<topics type=\"detached\">", ""); xmlContent = xmlContent.replaceAll("<topics type=\"detached\">", "");
Document document = DocumentHelper.parseText(xmlContent);// 读取XML文件,获得document对象 Document document = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(xmlContent.getBytes("utf-8")));// 读取XML文件,获得document对象
Element root = document.getRootElement(); Element root = document.getRootElement();
List<Node> topics = root.selectNodes("//topic"); List<Node> topics = root.selectNodes("//topic");
@ -41,7 +43,7 @@ public class XmindLegacy {
xmlComments = xmlComments.replace("xmlns=\"urn:xmind:xmap:xmlns:comments:2.0\"", ""); xmlComments = xmlComments.replace("xmlns=\"urn:xmind:xmap:xmlns:comments:2.0\"", "");
// 添加评论到content中 // 添加评论到content中
Document commentDocument = DocumentHelper.parseText(xmlComments); Document commentDocument = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(xmlComments.getBytes("utf-8")));
List<Node> commentsList = commentDocument.selectNodes("//comment"); List<Node> commentsList = commentDocument.selectNodes("//comment");
for (Node topic : topics) { for (Node topic : topics) {