Unsecure implementation of the Struts2 file download function may cause file reading problems

Source: Internet
Author: User

File Reading problems caused by Insecure File Download functions are nothing to mention (the same for other languages). Generally,The external parameters are not safely referenced in the internal implementation path of the function (in short, the download path can be directly controlled by the external ).However, Struts2 provides dynamic parameter binding configuration for downloading file names, which makes this security problem more prone!
The result of using the baidu search engine key is: Struts2 file download,

In the top tutorial demo, you can see the configuration file:
<Result type = "stream">
<Param name = "contentType"> application/octet-stream </param>
<Param name = "inputName"> inputStream </param>
<Param name = "contentDisposition"> attachment; filename = "$ {fileName}" </param>
<Param name = "bufferSize"> 4096 </param>
</Result> download the dynamic parameter auto-fill configuration of the file name:
<Param name = "contentDisposition"> attachment; filename = "$ {fileName}" </param> code implementation:
Private String fileName;
 
Public void setFileName (String fileName ){
This. fileName = fileName;
}
 
Public String getFileName (){
Return fileName;
}
 
Public InputStream getInputStream () throws FileNotFoundException {
Return ServletActionContext. getServletContext (). getResourceAsStream ("/" + fileName );
// Return new FileInputStream ("c: //" + fileName );
} Ps: // Content-disposition is an extension of the MIME protocol. The MIME Protocol indicates how the MIME User Agent displays additional files. After dynamic parameter configuration, the attribute value of filename in action will be called, combined with the use of the automatic form filling feature of struts2 external parameters, this is definitely the implementation code of the simplest process (for normal developers, who will write a few more lines of code !), And this is a common function!




Note:
Return ServletActionContext. getServletContext (). getResourceAsStream ("/" + fileName); call the objects in the Servlet and use relative paths. You can only read files in this application!
And:
Return new FileInputStream ("absolute path" + fileName); When FileInputStream is used, the absolute path is used, causing Arbitrary File Reading!
// Strictly speaking, in addition to this security issue, this demo is well written and simple! However, it may also allow later users to implant "backdoors" in many applications "!
 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.