AJ-Report Java代码审计从0开始学习指南<\/h1>

1. 审计环境准备<\/h2>

1.1 基础工具配置<\/h3>

IDE选择<\/strong>：PyCharm\/IntelliJ IDEA（建议使用IntelliJ IDEA进行Java审计）<\/li>
Java环境<\/strong>：JDK 8+（推荐JDK 11）<\/li>
构建工具<\/strong>：Maven 3.6+<\/li>

调试工具<\/strong>：Arthas、JD-GUI、JADX<\/li> <\/ul>
1.2 项目导入步骤<\/h3>

克隆AJ-Report源码仓库<\/li>
使用Maven导入项目依赖<\/li>
配置数据库连接（MySQL 5.7+）<\/li>
启动项目并验证基础功能<\/li> <\/ol>
2. 项目结构分析<\/h2>
2.1 核心目录结构<\/h3>
src\/main\/java\/com\/anji\/plus\/ ├── gaea │ ├── core \/\/ 核心框架代码 │ ├── exception \/\/ 异常处理 │ ├── security \/\/ 安全相关 │ └── util \/\/ 工具类 ├── report │ ├── controller \/\/ 控制器层 │ ├── service \/\/ 服务层 │ ├── dao \/\/ 数据访问层 │ └── entity \/\/ 实体类 └── config \/\/ 配置类 <\/code><\/pre> 2.2 常见问题解决<\/h3> com.anji.plus.gaea..module.<\/em>.dao飘红问题<\/strong>：检查Maven依赖是否完整<\/li> 确认子模块是否被正确导入<\/li> 执行mvn clean install<\/code>重新构建<\/li> 检查IDE的Maven配置是否正确<\/li> <\/ul> <\/li> <\/ul> 3. 代码审计核心要点<\/h2> 3.1 SQL注入审计<\/h3> MyBatis审计重点<\/strong>：<\/p> 检查XML映射文件中${}<\/code>的使用<\/li> 审计动态SQL拼接（<if><\/code>, <foreach><\/code>等标签）<\/li> 验证参数是否使用#{}<\/code>预编译<\/li> <\/ul> <\/li> JPA审计重点<\/strong>：<\/p> 检查@Query<\/code>注解中的原生SQL<\/li> 审计JpaRepository<\/code>自定义方法实现<\/li> 验证Specification<\/code>构建的查询条件<\/li> <\/ul> <\/li> <\/ol> 3.2 XSS漏洞审计<\/h3> 输入输出审计<\/strong>：<\/p> 检查Controller层参数是否使用@RequestBody<\/code>\/@RequestParam<\/code><\/li> 验证返回数据是否经过转义（如使用Thymeleaf的th:text<\/code>）<\/li> <\/ul> <\/li> 响应头检查<\/strong>：<\/p> 确认是否设置X-XSS-Protection<\/code><\/li> 检查Content-Type<\/code>是否正确（避免text\/html）<\/li> <\/ul> <\/li> <\/ol> 3.3 权限控制审计<\/h3> Spring Security配置<\/strong>：<\/p> 检查WebSecurityConfigurerAdapter<\/code>配置<\/li> 验证URL权限控制是否完善<\/li> 审计@PreAuthorize<\/code>注解使用情况<\/li> <\/ul> <\/li> 功能权限审计<\/strong>：<\/p> 检查关键操作是否进行权限验证<\/li> 审计越权访问风险（水平\/垂直越权）<\/li> <\/ul> <\/li> <\/ol> 4. 典型漏洞案例分析<\/h2> 4.1 未授权访问漏洞<\/h3> \/\/ 错误示例：缺少权限注解 <\/span><\/span><\/span><\/span>@GetMapping<\/span>(<\/span>"\/api\/report\/export"<\/span>)<\/span> <\/span><\/span>public<\/span> void<\/span> exportReport<\/span>(<\/span>HttpServletResponse response)<\/span> {<\/span> <\/span><\/span> \/\/ 导出报表逻辑 <\/span><\/span><\/span><\/span>}<\/span> <\/span><\/span> <\/span><\/span>\/\/ 修复方案：添加权限控制 <\/span><\/span><\/span><\/span>@PreAuthorize<\/span>(<\/span>"hasRole('REPORT_EXPORT')"<\/span>)<\/span> <\/span><\/span>@GetMapping<\/span>(<\/span>"\/api\/report\/export"<\/span>)<\/span> <\/span><\/span>public<\/span> void<\/span> exportReport<\/span>(<\/span>HttpServletResponse response)<\/span> {<\/span> <\/span><\/span> \/\/ 导出报表逻辑 <\/span><\/span><\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>4.2 SQL注入案例<\/h3> \/\/ 错误示例：使用字符串拼接SQL <\/span><\/span><\/span><\/span>@Query<\/span>(<\/span>value =<\/span> "SELECT * FROM report WHERE name = '"<\/span> +<\/span> "#{name}"<\/span> +<\/span> "'"<\/span>,<\/span> nativeQuery =<\/span> true<\/span>)<\/span> <\/span><\/span>List<<\/span>Report><\/span> findByName<\/span>(<\/span>String name);<\/span> <\/span><\/span> <\/span><\/span>\/\/ 修复方案：使用参数化查询 <\/span><\/span><\/span><\/span>@Query<\/span>(<\/span>value =<\/span> "SELECT * FROM report WHERE name = ?1"<\/span>,<\/span> nativeQuery =<\/span> true<\/span>)<\/span> <\/span><\/span>List<<\/span>Report><\/span> findByName<\/span>(<\/span>String name);<\/span> <\/span><\/span><\/code><\/pre>4.3 文件上传漏洞<\/h3> \/\/ 错误示例：未校验文件类型和内容 <\/span><\/span><\/span><\/span>@PostMapping<\/span>(<\/span>"\/upload"<\/span>)<\/span> <\/span><\/span>public<\/span> String upload<\/span>(<\/span>@RequestParam<\/span>(<\/span>"file"<\/span>)<\/span> MultipartFile file)<\/span> {<\/span> <\/span><\/span> String fileName =<\/span> file.<\/span>getOriginalFilename<\/span>();<\/span> <\/span><\/span> file.<\/span>transferTo<\/span>(<\/span>new<\/span> File(<\/span>"\/uploads\/"<\/span> +<\/span> fileName));<\/span> <\/span><\/span> return<\/span> "success"<\/span>;<\/span> <\/span><\/span>}<\/span> <\/span><\/span> <\/span><\/span>\/\/ 修复方案：添加安全检查 <\/span><\/span><\/span><\/span>@PostMapping<\/span>(<\/span>"\/upload"<\/span>)<\/span> <\/span><\/span>public<\/span> String upload<\/span>(<\/span>@RequestParam<\/span>(<\/span>"file"<\/span>)<\/span> MultipartFile file)<\/span> {<\/span> <\/span><\/span> \/\/ 校验文件类型 <\/span><\/span><\/span><\/span> String contentType =<\/span> file.<\/span>getContentType<\/span>();<\/span> <\/span><\/span> if<\/span>(!<\/span>ALLOWED_TYPES.<\/span>contains<\/span>(<\/span>contentType))<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> IllegalArgumentException(<\/span>"Invalid file type"<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> \/\/ 校验文件内容 <\/span><\/span><\/span><\/span> byte<\/span>[]<\/span> bytes =<\/span> file.<\/span>getBytes<\/span>();<\/span> <\/span><\/span> if<\/span>(!<\/span>isSafeContent(<\/span>bytes))<\/span> {<\/span> <\/span><\/span> throw<\/span> new<\/span> IllegalArgumentException(<\/span>"Malicious content detected"<\/span>);<\/span> <\/span><\/span> }<\/span> <\/span><\/span> <\/span><\/span> \/\/ 使用随机文件名 <\/span><\/span><\/span><\/span> String fileName =<\/span> UUID.<\/span>randomUUID<\/span>()<\/span> +<\/span> getExtension(<\/span>file.<\/span>getOriginalFilename<\/span>());<\/span> <\/span><\/span> file.<\/span>transferTo<\/span>(<\/span>new<\/span> File(<\/span>"\/uploads\/"<\/span> +<\/span> fileName));<\/span> <\/span><\/span> return<\/span> "success"<\/span>;<\/span> <\/span><\/span>}<\/span> <\/span><\/span><\/code><\/pre>5. 审计工具链推荐<\/h2> 静态分析工具<\/strong>：<\/p> SpotBugs（查找常见编码问题）<\/li> Dependency-Check（依赖安全检查）<\/li> Semgrep（自定义规则扫描）<\/li> <\/ul> <\/li> 动态分析工具<\/strong>：<\/p> Burp Suite（接口测试）<\/li> OWASP ZAP（自动化扫描）<\/li> JMeter（压力测试）<\/li> <\/ul> <\/li> 代码审计辅助<\/strong>：<\/p> CodeQL（高级语义分析）<\/li> Find Security Bugs（安全漏洞扫描）<\/li> <\/ul> <\/li> <\/ol> 6. 审计报告编写要点<\/h2> 漏洞描述<\/strong>：<\/p> 清晰说明漏洞类型和位置<\/li> 提供完整的请求\/响应示例<\/li> <\/ul> <\/li> 风险评级<\/strong>：<\/p> 根据CVSS标准评估风险等级<\/li> 说明漏洞可能造成的影响<\/li> <\/ul> <\/li> 修复建议<\/strong>：<\/p> 提供具体的代码修复方案<\/li> 建议的安全配置调整<\/li> <\/ul> <\/li> <\/ol> 7. 持续学习资源<\/h2> 官方文档<\/strong>：<\/p> OWASP Top 10<\/li> Spring Security官方文档<\/li> MyBatis安全指南<\/li> <\/ul> <\/li> 实战平台<\/strong>：<\/p> OWASP WebGoat<\/li> DVWA<\/li> Juice Shop<\/li> <\/ul> <\/li> 社区资源<\/strong>：<\/p> 奇安信攻防社区<\/li> 先知社区<\/li> Seebug Paper<\/li> <\/ul> <\/li> <\/ol> 通过系统性地按照上述步骤进行审计，可以全面发现AJ-Report项目中的安全问题，并为其他Java项目的代码审计提供参考框架。<\/p>