安全开发原则与编码规范<\/h1>

第一章前言<\/h2>
软件安全开发生命周期(SDL，Security Development Lifecycle)是一个旨在帮助开发人员构建更安全软件的开发过程，其核心理念是将安全考虑集成在软件开发的每一个阶段：需求分析、设计、编码、测试和维护，以减少漏洞并提高系统安全性。<\/p>

第二章安全编码原则<\/h2>

2.1 上线前通用安全开发要求<\/h3>

使用经测试和可信的平台\/框架代码开发应用程序，并保持对所依赖的框架更新<\/li>
log4j等第三方组件应当升级至最高版本<\/li>
避免于页面中包含技术性注释语句、功能说明、个人信息或解释<\/li>
代码上线前应删除测试内容(测试页面、测试代码等)<\/li>
删除默认部署页面，禁止留存SVN\/Git相关文件、备份文件<\/li>
客户端应用(如移动APP)应使用混淆、签名、加固等措施<\/li>
禁止使用phpMyAdmin、Struts 1\/2、Fastjson组件<\/li>
禁止特殊组件(德鲁伊、Actuator、nacos等)对外网暴露<\/li>
禁止使用应用组件缺省账号和密码<\/li>

禁止swagger等接口文档对外开放<\/li> <\/ol>

2.2 输入验证<\/h3>

必须在后台服务完成数据校验<\/li>
判断输入是否符合预期的数据类型、长度、数据范围<\/li>
采用白名单形式进行输入校验<\/li>
对常见危险字符(<>'"%|;&\/\)结合业务场景过滤<\/li>
从框架层面进行全局处理，避免前后处理不一致<\/li>

内部服务传递的数据也应进行校验<\/li> <\/ol>

2.3 身份验证与会话管理<\/h3>

避免在URL中传递会话标识<\/li>
控制用户登录鉴权的Cookie应设置HttpOnly属性<\/li>
实现全站HTTPS后，Cookie应设置secure属性<\/li>
设置会话令牌有效期(建议公网系统不超过30分钟)<\/li>
用户注销时立即清理当前用户会话<\/li>
执行关键操作前应再次验证用户身份<\/li>

禁止userid、roleid等关键身份鉴别参数被外部控制<\/li> <\/ol>

2.4 注册\/登录\/忘记密码<\/h3>

2.4.1 自行实现功能安全要点<\/h4>

管理平台禁止自行实现注册功能<\/li>
2B业务系统注册需配有审核流程<\/li>
注册接口应使用短信或邮箱验证码<\/li>
限制用户名合法字符和长度；密码需满足复杂度要求<\/li>
登录失败时不应返回详细提示<\/li>
登录验证码每校验过一次应立即失效<\/li>
后台管理页面需记录成功登录用户名和IP、时间<\/li>
非常登录IP应进行多因素二次验证<\/li>
密码输入界面不应以明文显示<\/li>

校验手机号\/邮箱和验证码的关联性<\/li> <\/ol>

2.4.2 敏感\/核心业务必须采用登录态隔离<\/h4>

敏感业务需采用登录态隔离方案，通过统一登录平台下发业务私有凭证<\/li> <\/ol>

2.5 访问控制<\/h3>

游客身份不应使用预埋账号<\/li>
接口返回数据需遵循最小化原则<\/li>
限制登录尝试频率和次数<\/li>
新注册用户遵循权限最小化原则<\/li>
短信验证码应采用防爆破机制<\/li>
防止参数置空后进行全量数据查询<\/li>
用户个人页面或功能需严格权限控制<\/li>

确保只有授权用户才能访问敏感数据<\/li> <\/ol>

2.6 传输安全与加密<\/h3>

增删改操作使用POST方法提交<\/li>
所有Web页面和HTTP API接口必须通过HTTPS(TLS 1.2+)<\/li>

算法选择：

对称加密：AES-128+<\/li>
非对称加密：RSA-2048+、DSA-2048+、ECC-256+<\/li>

哈希算法：SHA-2(SHA-256)或SHA-3<\/li> <\/ul> <\/li> <\/ol>

2.7 数据保护<\/h3>

不在客户端明文保存敏感信息<\/li>
个人隐私敏感信息需加密存储并脱敏显示<\/li>
ID参数不能是数序数字(使用16位以上随机编码)<\/li>

涉及用户隐私、高价值信息的接口需做频率控制<\/li> <\/ol>

2.8 文件上传、下载<\/h3>

建议搭建本地文件服务器<\/li>
文件上传前需验证用户身份<\/li>
以白名单形式校验限制上传文件类型<\/li>
验证文件包头(content-type)信息是否匹配<\/li>
限制解压后的文件数量和总大小<\/li>
文件禁止保存在Web容器内<\/li>
第三方存储服务需检查权限配置<\/li>
禁止直传OSS存储，禁止密钥写入客户端<\/li>
对上传文件进行安全重命名(16位以上)<\/li>
验证下载文件名防止路径遍历<\/li>
不返回文件保存的绝对路径<\/li>
验证文件真实路径是否在允许范围内<\/li>

及时关闭字节\/字符流<\/li> <\/ol>

2.9 支付逻辑<\/h3>

支付接口需严格校验入参：

禁止用户修改订单金额<\/li>
禁止用户修改支付状态<\/li>
防止优惠券并发领取和重用<\/li>
优惠券id需采用安全随机算法生成(16位以上)<\/li>
判断优惠券归属<\/li>
服务端需对数量和金额设定合理上限<\/li>
防止金额四舍五入<\/li>
禁止商品数量为非整数<\/li>
禁止频繁注销注册重置体验日期<\/li>

禁止并发提现<\/li> <\/ul> <\/li> <\/ol>

2.10 异常处理与日志审计<\/h3>

精确捕获异常并恰当处理<\/li>
不将系统异常信息直接反馈给用户<\/li>
创建默认错误页面，使用通用错误消息<\/li>
不在日志中保存敏感信息<\/li>
对日志中的特殊元素进行过滤和验证<\/li>

留存相关网络日志不少于六个月<\/li> <\/ol>

2.11 编码相关<\/h3>

及时删除废弃的冗余代码<\/li>
不应存在永真和永假代码<\/li>
禁止将敏感信息写死在代码中<\/li>
禁止使用默认或易猜解的密钥<\/li>
禁止危险的方法或函数public<\/li>
遵守正确的行为次序<\/li>
防止边界操作发生越界<\/li>
防止遗漏边界值检查<\/li>

防止除零错误<\/li> <\/ol>

第三章安全编码示例<\/h2>

3.1 命令注入<\/h3>

错误示范<\/strong>：<\/p>

String command =<\/span> "ping "<\/span> +<\/span> args[<\/span>0<\/span>];<\/span> \/\/ 直接拼接用户输入
<\/span><\/span><\/span><\/span>Process process =<\/span> Runtime.<\/span>getRuntime<\/span>().<\/span>exec<\/span>(<\/span>command);<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
private<\/span> static<\/span> String sanitizeInput<\/span>(<\/span>String input)<\/span> {<\/span>
<\/span><\/span>    return<\/span> input.<\/span>replaceAll<\/span>(<\/span>"[;|&<>{}]"<\/span>,<\/span> ""<\/span>);<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span>String command =<\/span> "ping "<\/span> +<\/span> sanitizeInput(<\/span>args[<\/span>0<\/span>]);<\/span>
<\/span><\/span><\/code><\/pre>3.2 Cookie验证<\/h3>
错误示范<\/strong>：<\/p>
Cookie[]<\/span> cookies =<\/span> request.<\/span>getCookies<\/span>();<\/span>
<\/span><\/span>String userRole =<\/span> null<\/span>;<\/span>
<\/span><\/span>for<\/span> (<\/span>Cookie c :<\/span> cookies)<\/span> {<\/span>
<\/span><\/span>    if<\/span> (<\/span>c.<\/span>getName<\/span>().<\/span>equals<\/span>(<\/span>"role"<\/span>))<\/span> {<\/span>
<\/span><\/span>        userRole =<\/span> c.<\/span>getValue<\/span>();<\/span> \/\/ 直接从cookie读取角色
<\/span><\/span><\/span><\/span>    }<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
\/\/ 存储
<\/span><\/span><\/span><\/span>HttpSession session =<\/span> request.<\/span>getSession<\/span>();<\/span>
<\/span><\/span>session.<\/span>setAttribute<\/span>(<\/span>"userId"<\/span>,<\/span> "12345"<\/span>);<\/span>
<\/span><\/span>session.<\/span>setAttribute<\/span>(<\/span>"role"<\/span>,<\/span> "admin"<\/span>);<\/span>
<\/span><\/span>
<\/span><\/span>\/\/ 获取
<\/span><\/span><\/span><\/span>String role =<\/span> (<\/span>String)<\/span> session.<\/span>getAttribute<\/span>(<\/span>"role"<\/span>);<\/span>
<\/span><\/span><\/code><\/pre>3.3 内存溢出<\/h3>
错误示范<\/strong>：<\/p>
public<\/span> List<<\/span>ThirdPaySlave><\/span> selectByPayNoThird<\/span>(<\/span>String payNoThird)<\/span> {<\/span>
<\/span><\/span>    return<\/span> thirdPaySlaveMapper.<\/span>selectByPayNoThird<\/span>(<\/span>payNoThird);<\/span> \/\/ 未判空
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
if<\/span> (<\/span>StringUtils.<\/span>isBlank<\/span>(<\/span>payNoThird))<\/span> {<\/span>
<\/span><\/span>    return<\/span> new<\/span> ArrayList<>();<\/span> \/\/ 参数判空
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.4 整数溢出<\/h3>
错误示范<\/strong>：<\/p>
int<\/span> a =<\/span> 2147483647<\/span>;<\/span>
<\/span><\/span>int<\/span> b =<\/span> 1<\/span>;<\/span>
<\/span><\/span>int<\/span> sum =<\/span> a +<\/span> b;<\/span> \/\/ 溢出
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
long<\/span> a =<\/span> 2147483647L<\/span>;<\/span>
<\/span><\/span>long<\/span> b =<\/span> 1<\/span>;<\/span>
<\/span><\/span>long<\/span> sum =<\/span> a +<\/span> b;<\/span>
<\/span><\/span><\/code><\/pre>3.5 除零错误<\/h3>
错误示范<\/strong>：<\/p>
int<\/span> a =<\/span> 10<\/span>;<\/span>
<\/span><\/span>int<\/span> b =<\/span> 0<\/span>;<\/span>
<\/span><\/span>int<\/span> result =<\/span> a \/<\/span> b;<\/span> \/\/ 除零异常
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
try<\/span> {<\/span>
<\/span><\/span>    result =<\/span> a \/<\/span> b;<\/span>
<\/span><\/span>}<\/span> catch<\/span> (<\/span>ArithmeticException e)<\/span> {<\/span>
<\/span><\/span>    System.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>"Error: Division by zero"<\/span>);<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.6 边界值检查<\/h3>
错误示范<\/strong>：<\/p>
if<\/span> (<\/span>a <<\/span> b)<\/span> {<\/span>
<\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span> else<\/span> if<\/span> (<\/span>a ><\/span> b)<\/span> {<\/span>
<\/span><\/span>    \/\/ ... \/\/ 遗漏相等情况
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
if<\/span> (<\/span>a <<\/span> b)<\/span> {<\/span>
<\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span> else<\/span> if<\/span> (<\/span>a ><\/span> b)<\/span> {<\/span>
<\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span> else<\/span> {<\/span>
<\/span><\/span>    \/\/ 处理相等情况
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.7 随机数生成<\/h3>
错误示范<\/strong>：<\/p>
Random random =<\/span> new<\/span> Random();<\/span>
<\/span><\/span>for<\/span> (<\/span>int<\/span> i =<\/span> 0<\/span>;<\/span> i <<\/span> 16<\/span>;<\/span> i++)<\/span> {<\/span>
<\/span><\/span>    sb.<\/span>append<\/span>(<\/span>random.<\/span>nextInt<\/span>(<\/span>2<\/span>));<\/span> \/\/ 仅生成0或1
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
SecureRandom random =<\/span> new<\/span> SecureRandom();<\/span>
<\/span><\/span>byte<\/span>[]<\/span> bytes =<\/span> new<\/span> byte<\/span>[<\/span>16<\/span>];<\/span>
<\/span><\/span>random.<\/span>nextBytes<\/span>(<\/span>bytes);<\/span>
<\/span><\/span>for<\/span> (<\/span>byte<\/span> b :<\/span> bytes)<\/span> {<\/span>
<\/span><\/span>    sb.<\/span>append<\/span>(<\/span>Integer.<\/span>toHexString<\/span>((<\/span>b &<\/span> 0xFF<\/span>)<\/span> |<\/span> 0x100<\/span>).<\/span>substring<\/span>(<\/span>1<\/span>,<\/span>3<\/span>));<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.8 信息泄露<\/h3>
错误示范<\/strong>：<\/p>
catch<\/span> (<\/span>IOException e)<\/span> {<\/span>
<\/span><\/span>    e.<\/span>printStackTrace<\/span>();<\/span>
<\/span><\/span>    System.<\/span>out<\/span>.<\/span>println<\/span>(<\/span>"数据库密码："<\/span> +<\/span> dbPassword);<\/span> \/\/ 打印敏感信息
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
catch<\/span> (<\/span>IOException e)<\/span> {<\/span>
<\/span><\/span>    logger.<\/span>error<\/span>(<\/span>"账号密码逻辑处理异常"<\/span>,<\/span> e);<\/span> \/\/ 使用日志记录
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.9 并发控制<\/h3>
错误示范<\/strong>：<\/p>
public<\/span> void<\/span> increment<\/span>()<\/span> {<\/span>
<\/span><\/span>    count++;<\/span> \/\/ 非线程安全
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
public<\/span> synchronized<\/span> void<\/span> increment<\/span>()<\/span> {<\/span>
<\/span><\/span>    count++;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span>\/\/ 或
<\/span><\/span><\/span><\/span>private<\/span> static<\/span> Object lock =<\/span> new<\/span> Object();<\/span>
<\/span><\/span>synchronized<\/span> (<\/span>lock)<\/span> {<\/span>
<\/span><\/span>    count++;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.10 资源释放<\/h3>
错误示范<\/strong>：<\/p>
FileInputStream fis =<\/span> new<\/span> FileInputStream(<\/span>"file.txt"<\/span>);<\/span>
<\/span><\/span>\/\/ 使用后未关闭
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
try<\/span> (<\/span>FileInputStream fis =<\/span> new<\/span> FileInputStream(<\/span>"file.txt"<\/span>))<\/span> {<\/span>
<\/span><\/span>    \/\/ 使用资源
<\/span><\/span><\/span><\/span>}<\/span> \/\/ 自动关闭
<\/span><\/span><\/span><\/code><\/pre>3.11 危险方法暴露<\/h3>
错误示范<\/strong>：<\/p>
public<\/span> void<\/span> removeDatabase<\/span>(<\/span>String name)<\/span> {<\/span>
<\/span><\/span>    stmt.<\/span>execute<\/span>(<\/span>"DROP DATABASE "<\/span> +<\/span> name);<\/span> \/\/ 危险方法公开
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
private<\/span> void<\/span> removeDatabase<\/span>(<\/span>String name)<\/span> {<\/span> \/\/ 改为私有
<\/span><\/span><\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.12 操作顺序<\/h3>
错误示范<\/strong>：<\/p>
File file =<\/span> new<\/span> File(<\/span>"file.txt"<\/span>);<\/span>
<\/span><\/span>FileReader reader =<\/span> new<\/span> FileReader(<\/span>file);<\/span> \/\/ 先读取
<\/span><\/span><\/span><\/span>if<\/span> (<\/span>file.<\/span>canRead<\/span>())<\/span> {<\/span> \/\/ 后检查权限
<\/span><\/span><\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
if<\/span> (<\/span>file.<\/span>canRead<\/span>())<\/span> {<\/span> \/\/ 先检查权限
<\/span><\/span><\/span><\/span>    FileReader reader =<\/span> new<\/span> FileReader(<\/span>file);<\/span> \/\/ 后读取
<\/span><\/span><\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.13 压缩炸弹防护<\/h3>
错误示范<\/strong>：<\/p>
if<\/span> (<\/span>file.<\/span>length<\/span>()<\/span> ><\/span> MAX_SIZE)<\/span> {<\/span>
<\/span><\/span>    \/\/ ...
<\/span><\/span><\/span><\/span>}<\/span> else<\/span> {<\/span>
<\/span><\/span>    \/\/ 直接解压 \/\/ 未检查解压后大小
<\/span><\/span><\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
try<\/span> (<\/span>ZipInputStream zis =<\/span> new<\/span> ZipInputStream(<\/span>new<\/span> FileInputStream(<\/span>file)))<\/span> {<\/span>
<\/span><\/span>    ZipEntry entry;<\/span>
<\/span><\/span>    while<\/span> ((<\/span>entry =<\/span> zis.<\/span>getNextEntry<\/span>())<\/span> !=<\/span> null<\/span>)<\/span> {<\/span>
<\/span><\/span>        if<\/span> (<\/span>entry.<\/span>getSize<\/span>()<\/span> ><\/span> MAX_SIZE)<\/span> {<\/span>
<\/span><\/span>            continue<\/span>;<\/span> \/\/ 检查每个条目大小
<\/span><\/span><\/span><\/span>        }<\/span>
<\/span><\/span>        \/\/ 处理
<\/span><\/span><\/span><\/span>    }<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.14 数组越界<\/h3>
错误示范<\/strong>：<\/p>
int<\/span>[]<\/span> arr =<\/span> new<\/span> int<\/span>[<\/span>5<\/span>];<\/span>
<\/span><\/span>for<\/span> (<\/span>int<\/span> i =<\/span> 0<\/span>;<\/span> i <<\/span> 6<\/span>;<\/span> i++)<\/span> {<\/span> \/\/ 可能越界
<\/span><\/span><\/span><\/span>    arr[<\/span>i]<\/span> =<\/span> i;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
for<\/span> (<\/span>int<\/span> i =<\/span> 0<\/span>;<\/span> i <<\/span> arr.<\/span>length<\/span>;<\/span> i++)<\/span> {<\/span> \/\/ 使用length属性
<\/span><\/span><\/span><\/span>    arr[<\/span>i]<\/span> =<\/span> i;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.15 会话失效<\/h3>
错误示范<\/strong>：<\/p>
request.<\/span>getSession<\/span>().<\/span>setMaxInactiveInterval<\/span>(-<\/span>1<\/span>);<\/span> \/\/ 会话永不过期
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
request.<\/span>getSession<\/span>().<\/span>setMaxInactiveInterval<\/span>(<\/span>30<\/span> *<\/span> 60<\/span>);<\/span> \/\/ 30分钟过期
<\/span><\/span><\/span><\/code><\/pre>3.16 SQL注入<\/h3>
错误示范<\/strong>：<\/p>
@Select<\/span>(<\/span>"SELECT * FROM users WHERE username = '${username}'"<\/span>)<\/span> \/\/ 使用${}
<\/span><\/span><\/span><\/span>User getUser<\/span>(<\/span>@Param<\/span>(<\/span>"username"<\/span>)<\/span> String username);<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
@Select<\/span>(<\/span>"SELECT * FROM users WHERE username = #{username}"<\/span>)<\/span> \/\/ 使用#{}
<\/span><\/span><\/span><\/span>User getUser<\/span>(<\/span>@Param<\/span>(<\/span>"username"<\/span>)<\/span> String username);<\/span>
<\/span><\/span><\/code><\/pre>3.17 XSS防护<\/h3>
错误示范<\/strong>：<\/p>
model.<\/span>addAttribute<\/span>(<\/span>"username"<\/span>,<\/span> username);<\/span> \/\/ 直接输出未过滤
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
String safeUsername =<\/span> Jsoup.<\/span>clean<\/span>(<\/span>username,<\/span> Safelist.<\/span>basic<\/span>());<\/span>
<\/span><\/span>model.<\/span>addAttribute<\/span>(<\/span>"username"<\/span>,<\/span> safeUsername);<\/span>
<\/span><\/span><\/code><\/pre>全局过滤器示例<\/strong>：<\/p>
public<\/span> class<\/span> XssFilter<\/span> implements<\/span> Filter {<\/span>
<\/span><\/span>    public<\/span> void<\/span> doFilter<\/span>(<\/span>ServletRequest request,<\/span> ServletResponse response,<\/span> FilterChain chain)<\/span> {<\/span>
<\/span><\/span>        String safeInput =<\/span> Jsoup.<\/span>clean<\/span>(<\/span>request.<\/span>getParameter<\/span>(<\/span>"input"<\/span>),<\/span> Safelist.<\/span>basic<\/span>());<\/span>
<\/span><\/span>        request.<\/span>setAttribute<\/span>(<\/span>"input"<\/span>,<\/span> safeInput);<\/span>
<\/span><\/span>        chain.<\/span>doFilter<\/span>(<\/span>request,<\/span> response);<\/span>
<\/span><\/span>    }<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.18 路径遍历<\/h3>
错误示范<\/strong>：<\/p>
String path =<\/span> "\/safe_dir\/"<\/span> +<\/span> inputPath;<\/span>
<\/span><\/span>File f =<\/span> new<\/span> File(<\/span>path);<\/span> \/\/ 可能包含..\/
<\/span><\/span><\/span><\/span>f.<\/span>delete<\/span>();<\/span>
<\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
Path path =<\/span> Paths.<\/span>get<\/span>(<\/span>"\/safe_dir\/"<\/span>,<\/span> inputPath).<\/span>normalize<\/span>();<\/span> \/\/ 规范化路径
<\/span><\/span><\/span><\/span>if<\/span> (<\/span>path.<\/span>startsWith<\/span>(<\/span>"\/safe_dir\/"<\/span>))<\/span> {<\/span>
<\/span><\/span>    Files.<\/span>delete<\/span>(<\/span>path);<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.19 文件上传<\/h3>
错误示范<\/strong>：<\/p>
Part filePart =<\/span> request.<\/span>getPart<\/span>(<\/span>"file"<\/span>);<\/span>
<\/span><\/span>filePart.<\/span>write<\/span>(<\/span>"uploads\/"<\/span> +<\/span> filePart.<\/span>getSubmittedFileName<\/span>());<\/span> \/\/ 无任何校验
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
\/\/ 1. 校验文件类型、大小和后缀名
<\/span><\/span><\/span><\/span>if<\/span> (!<\/span>ALLOWED_TYPE.<\/span>equals<\/span>(<\/span>filePart.<\/span>getContentType<\/span>())<\/span> 
<\/span><\/span>    ||<\/span> filePart.<\/span>getSize<\/span>()<\/span> ><\/span> MAX_SIZE
<\/span><\/span>    ||<\/span> !<\/span>ALLOWED_EXTENSIONS.<\/span>contains<\/span>(<\/span>getExtension(<\/span>fileName)))<\/span> {<\/span>
<\/span><\/span>    return<\/span>;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span>
<\/span><\/span>\/\/ 2. 重命名文件
<\/span><\/span><\/span><\/span>String newName =<\/span> System.<\/span>currentTimeMillis<\/span>()<\/span> +<\/span> "_"<\/span> +<\/span> random.<\/span>nextInt<\/span>(<\/span>1000<\/span>)<\/span> +<\/span> ext;<\/span>
<\/span><\/span>filePart.<\/span>write<\/span>(<\/span>"uploads\/"<\/span> +<\/span> newName);<\/span>
<\/span><\/span><\/code><\/pre>3.20 OGNL注入<\/h3>
错误示范<\/strong>：<\/p>
String expression =<\/span> request.<\/span>getParameter<\/span>(<\/span>"exp"<\/span>);<\/span> \/\/ 用户可控
<\/span><\/span><\/span><\/span>Object value =<\/span> Ognl.<\/span>getValue<\/span>(<\/span>expression,<\/span> context,<\/span> root);<\/span> \/\/ 直接执行
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
String expression =<\/span> request.<\/span>getParameter<\/span>(<\/span>"exp"<\/span>);<\/span>
<\/span><\/span>if<\/span> (<\/span>hasSpecialChars(<\/span>expression))<\/span> {<\/span> \/\/ 检查特殊字符
<\/span><\/span><\/span><\/span>    return<\/span>;<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span>Object value =<\/span> Ognl.<\/span>getValue<\/span>(<\/span>expression,<\/span> context,<\/span> root);<\/span>
<\/span><\/span>
<\/span><\/span>public<\/span> boolean<\/span> hasSpecialChars<\/span>(<\/span>String input)<\/span> {<\/span>
<\/span><\/span>    Pattern p =<\/span> Pattern.<\/span>compile<\/span>(<\/span>"[`~!@#$%^&*()+=|{}':;'\\\
<\/span><\/span><\/span>$$
<\/span><\/span><\/span>\\\
<\/span><\/span><\/span>$$
<\/span><\/span><\/span><>\/?]"<\/span>);<\/span>
<\/span><\/span>    return<\/span> p.<\/span>matcher<\/span>(<\/span>input).<\/span>find<\/span>();<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>3.21 URL重定向<\/h3>
错误示范<\/strong>：<\/p>
String url =<\/span> request.<\/span>getParameter<\/span>(<\/span>"url"<\/span>);<\/span>
<\/span><\/span>response.<\/span>sendRedirect<\/span>(<\/span>url);<\/span> \/\/ 直接重定向
<\/span><\/span><\/span><\/code><\/pre>修复<\/strong>：<\/p>
String url =<\/span> request.<\/span>getParameter<\/span>(<\/span>"url"<\/span>);<\/span>
<\/span><\/span>String host =<\/span> new<\/span> URL(<\/span>url).<\/span>getHost<\/span>();<\/span> \/\/ 提取host
<\/span><\/span><\/span><\/span>if<\/span> (<\/span>ALLOWED_DOMAINS.<\/span>contains<\/span>(<\/span>host))<\/span> {<\/span> \/\/ 白名单校验
<\/span><\/span><\/span><\/span>    response.<\/span>sendRedirect<\/span>(<\/span>url);<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>

安全开发原则与编码规范<\/h1>

第二章 安全编码原则<\/h2>

2.4 注册\/登录\/忘记密码<\/h3>

第三章 安全编码示例<\/h2>

第二章安全编码原则<\/h2>

第三章安全编码示例<\/h2>