Recently Struts2 is exposed to an important vulnerability, this vulnerability affects all versions of struts2.0-struts2.3, can directly cause the server to be remotely controlled thereby causing data leakage, the impact of the site to e-commerce, banks, portals, the majority of government.
Official Description:
s2-016:https://cwiki.apache.org/confluence/display/ww/s2-016
s2-017:https://cwiki.apache.org/confluence/display/ww/s2-017
Official recommended FIX: Upgrade to the latest version struts-2.3.15.1
However, the existing system upgrades, which can lead to instability and incompatibility with other frameworks such as spring, are often expensive.
In view of this I have compiled a version of the existing struts can not be upgraded, there is a perfect solution to these two vulnerabilities,
Share the following:
-------------------------
1th step. Download Http://jskfs.googlecode.com/files/struts2_ (016_017) _bug_repair.rar.
2nd. Unzip, copy all the files in the SRC directory into the SRC directory of your project, compile the
(In this case, struts is version 2.0.9, the actual project needs to be adjusted according to the Struts version).
The application server will first load classes in the class directory and automatically overwrite the classes in the jar package.
3rd step. config Com.htht.commonweb.listener.MyServletContextListener in Web. xml
< listener>
< listener-class>org.hdht.commonweb.listener.myservletcontextlistener</listener-class>
</listener>
The 4th step is to restart the service and complete the repair.
@ Copyright, reproduced please indicate the source. Http://blog.csdn.net/jzshmyt
Attached: Javaeebugrepair.java, full package see struts2_ (016_017) _bug_repair.rar extract Directory
-------------------------package com.htht.commonweb;
Import Java.util.Map;
Import Ognl. Methodaccessor;
Import Ognl. Methodfailedexception;
Import Ognl. Ognlruntime;
/**
* @author Yanjianzhong (yjz_ok@163.com) 2013/08/08
* Copyright, reproduced please indicate the source. Http://blog.csdn.net/jzshmyt
* DOWNLOAD:HTTP://JSKFS.GOOGLECODE.COM/FILES/STRUTS2_ (016_017) _bug_repair.rar
*/
public class javaeebugrepair{
/*
* Official Description:
* s2-016:https://cwiki.apache.org/confluence/display/ww/s2-016
* S2_016 Bug Repair
*/
private static s2_0xx s2_016 = new s2_0xx ();
/*
* Modify OGNL. Ognl#parseexpression, call the check_s2_016 method
* public static Object parseexpression (String expression) throws Ognlexception
* {
*//modify Point begin
* if (javaeebug.check_s2_016 (expression)) {
* Return NULL
* }
*//modify Point End
* try {
* Ognlparser parser = new Ognlparser (new StringReader (expression));
* return parser.toplevelexpression ();
*} catch (ParseException e) {
* Throw new expressionsyntaxexception (expression, e);
*} catch (Tokenmgrerror e) {
* Throw new expressionsyntaxexception (expression, e);
* }
* }
*/
public static Boolean repair_s2_016 (String expression) {
return S2_016.check (expression);
}
/*
* Called in the listener of any servlet/struts/spring frame
*/
public static void initrepair_s2_016 () {
Ognlruntime.setmethodaccessor (Runtime. class, New Nomethodaccessor ());
Ognlruntime.setmethodaccessor (System. class, New Nomethodaccessor ());
Ognlruntime.setmethodaccessor (Processbuilder. class, New Nomethodaccessor ());
Ognlruntime.setmethodaccessor (Ognlruntime. class, New Nomethodaccessor ());
s2_016 = new s2_0xx () {
public boolean check (String expression) {
String evalmethod[] = {"Runtime", "Processbuilder", "New File"};
String methodstring = null;
methodstring = Expression.tolowercase ();
for (int i = 0; i < evalmethod.length; i++) {
if (Methodstring.indexof (Evalmethod[i].tolowercase ()) >-1) {
System.out.print ("| OGNL Executing malicious statement | "+ methodstring +" | See this message, please contact Security engineer ... ");
return true;
}
}
return false;
}
};
}
/*
* s2-017:https://cwiki.apache.org/confluence/display/ww/s2-017
* S2_017 Bug Repair
*/
private static s2_0xx s2_017 = new s2_0xx ();
/*
* Call by Org.apache.struts2.dispatcher.mapper.defaultactionmapper#handlespecialparameters
* Repair Example:
* public void Handlespecialparameters (HttpServletRequest request, actionmapping Mapping)
* {
* Set uniqueparameters = new HashSet ();
* Map Parametermap = Request.getparametermap ();
* Iterator Iterator = Parametermap.keyset (). Iterator ();
* while (Iterator.hasnext ()) {
* String key = (string) iterator.next ();
*
* IF ((Key.endswith (". X")) | | (Key.endswith (". Y"))) {
* key = key.substring (0, Key.length ()-2);
* }
*//modify Point begin
* IF (javaeebug.check_s2_017 (key)) {
* return;
* }
*//modify Point End
* IF (!uniqueparameters.contains (key)) {
* Parameteraction parameteraction = (parameteraction) this.prefixTrie.get (key);
*
* if (parameteraction! = null) {
* Parameteraction.execute (key, mapping);
* Uniqueparameters.add (key);
* BREAK;
* }
* }
* }
* }
*/
public static Boolean repair_s2_017 (String key) {
return S2_017.check (key);
}
/*
* Called in the listener of any servlet/struts/spring frame
*/
public static void initrepair_s2_017 () {
s2_017 = new s2_0xx () {
public boolean check (String key) {
Return (Key.contains ("redirect:")) | | (Key.contains ("redirectaction:")) | | (Key.contains ("Action:"));
}
};
}
}
/**
* The base class for vulnerability verification repair
Description
* Bug fix code implementation logic, non-intrusive design.
* When initrepair_s2_016 is not called in listener, initrepair_s2_017 is initialized for the vulnerability call,
* Maintain OGNL and defaultactionmapper before restoring source equivalent logic.
*
*/
Class S2_0XX {
public boolean check (String key) {
return false;
}
}
Class Nomethodaccessor implements Methodaccessor {
Public Nomethodaccessor () {
}
@Override
Public Object Callstaticmethod (Map context, Class Targetclass,
String methodName, object[] args) throws Methodfailedexception {
throw new Methodfailedexception ("Do not Run", methodName, NULL);
}
@Override
public Object Callmethod (Map context, Object target, String methodName,
Object[] args) throws Methodfailedexception {
TODO auto-generated Method Stub
throw new Methodfailedexception ("Do not Run", methodname,null);
}
}
Accessories |
Dimensions |
Download Struts2-016-017-bug-repair.zip |
8.22 KB |