Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
ZhuJiaHao
/
zdqy_ibps
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

[bug-4586]修复渗透检测报告中的漏洞

szjbdgzl 1 rok temu
rodzic
338f801c42
commit
cf8a238a78
4 zmienionych plików z 80 dodań i 16 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 54 4
      ibps-basic-root/modules/basic-response/src/main/java/com/lc/ibps/cloud/util/AESUtil.java
  2. 18 8
      ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/controller/UpdateDataTableController.java
  3. 4 2
      ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/impl/UpdateDataTableImpl.java
  4. 4 2
      ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/untils/LogAopUtil.java

+ 54 - 4
ibps-basic-root/modules/basic-response/src/main/java/com/lc/ibps/cloud/util/AESUtil.java
Wyświetl plik 

@@ -1,15 +1,14 @@
 
 package com.lc.ibps.cloud.util;
 
 
-import javax.crypto.BadPaddingException;
 
-import javax.crypto.Cipher;
 
-import javax.crypto.IllegalBlockSizeException;
 
-import javax.crypto.NoSuchPaddingException;
 
+import javax.crypto.*;
 
 import javax.crypto.spec.IvParameterSpec;
 
+import javax.crypto.spec.PBEKeySpec;
 
 import javax.crypto.spec.SecretKeySpec;
 
 import java.nio.charset.StandardCharsets;
 
 import java.security.InvalidAlgorithmParameterException;
 
 import java.security.InvalidKeyException;
 
 import java.security.NoSuchAlgorithmException;
 
+import java.security.spec.KeySpec;
 
 import java.util.Base64;
 
 
 public class AESUtil {
 
@@ -19,6 +18,57 @@ public class AESUtil {
 
     private static final String USERKEY = "49PBou+TREIOzSHj";
 
     private static final String USERIV = "5lDsNRe&UduJ97uS";
 
 
+    private static final int ITERATIONS = 10000;
 
+    private static final int KEY_SIZE = 256;
 
+
 
+    /**
 
+     * XOR 解密方法
 
+     * @param encryptedBase64 Base64编码的加密字符串
 
+     * @return 解密后的原始字符串
 
+     */
 
+    public static String xorDecrypt(String encryptedBase64) {
 
+        // 从Base64解码
 
+        byte[] decodedBytes = Base64.getDecoder().decode(encryptedBase64);
 
+        String decodedStr = new String(decodedBytes);
 
+
 
+        // 执行异或解密
 
+        StringBuilder result = new StringBuilder();
 
+        for (int i = 0; i < decodedStr.length(); i++) {
 
+            char c = (char) (decodedStr.charAt(i) ^ USERKEY.charAt(i % USERKEY.length()));
 
+            result.append(c);
 
+        }
 
+        return result.toString();
 
+    }
 
+
 
+    public static String decrypt(String encryptedData) throws Exception {
 
+        // 解析复合数据结构
 
+        String[] parts = encryptedData.split("\\|");
 
+        if (parts.length != 4) throw new IllegalArgumentException("Invalid data format");
 
+
 
+        String ciphertext = parts[0];
 
+        String ivBase64 = parts[1];
 
+        String saltBase64 = parts[2];
 
+        String token = parts[3];
 
+
 
+        // 解码参数
 
+        byte[] iv = Base64.getDecoder().decode(ivBase64);
 
+        byte[] salt = Base64.getDecoder().decode(saltBase64);
 
+        byte[] encryptedBytes = Base64.getDecoder().decode(ciphertext);
 
+
 
+        // 密钥派生
 
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
 
+        KeySpec spec = new PBEKeySpec(token.toCharArray(), salt, ITERATIONS, KEY_SIZE);
 
+        SecretKey tmp = factory.generateSecret(spec);
 
+        SecretKey secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
 
+
 
+        // 执行解密
 
+        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
 
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
 
+
 
+        byte[] decrypted = cipher.doFinal(encryptedBytes);
 
+        return new String(decrypted, StandardCharsets.UTF_8).trim();
 
+    }
 
+
 
 //    public static String decrypt(String encryptedText)
 
 //            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException,
 
 //            IllegalBlockSizeException, BadPaddingException {

+ 18 - 8
ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/controller/UpdateDataTableController.java
Wyświetl plik 

@@ -14,6 +14,7 @@ import com.lc.ibps.api.form.sql.util.BeanUtils;
 
 import com.lc.ibps.base.core.util.Collections;
 
 import com.lc.ibps.base.framework.id.UniqueIdUtil;
 
 import com.lc.ibps.cloud.entity.APIResult;
 
+import com.lc.ibps.cloud.util.AESUtil;
 
 import com.lc.ibps.components.querybuilder.utils.StringUtils;
 
 import com.lc.ibps.config.JcjdConfig;
 
 import com.lc.ibps.sysdata.entity.Smsconfig;
 
@@ -87,8 +88,10 @@ public class UpdateDataTableController {
 
         String tableName = "";
 
         String paramWhere = "";
 
         try{
 
-            String decrypt = updateDataTableService.checkParameters(data);
 
-            JSONObject sqlMap = JSONObject.parseObject(decrypt);
 
+            Map dataMap = JSONObject.parseObject(data);
 
+            String decrypt = AESUtil.xorDecrypt(dataMap.get("ciphertext").toString());
 
+            String text = AESUtil.decrypt(decrypt);
 
+            JSONObject sqlMap = JSONObject.parseObject(text);
 
             tableName = sqlMap.getString("tableName");
 
             paramWhere =  sqlMap.getString("paramWhere");
 
         } catch (Exception e) {
 
@@ -163,8 +166,10 @@ public class UpdateDataTableController {
 
         Map paramCond = null;
 
         List<Map<String, String>> paramWhere = null;
 
         try {
 
-            String decrypt = updateDataTableService.checkParameters(data);
 
-            Map jsonMap = JSONObject.parseObject(decrypt);
 
+            Map dataMap = JSONObject.parseObject(data);
 
+            String decrypt = AESUtil.xorDecrypt(dataMap.get("ciphertext").toString());
 
+            String text = AESUtil.decrypt(decrypt);
 
+            Map jsonMap = JSONObject.parseObject(text);
 
             tableName = (String) jsonMap.get("tableName");
 
             paramCond = (Map) jsonMap.get("paramCond");
 
             paramWhere = (List<Map<String, String>>) jsonMap.get("paramWhere");
 
@@ -194,8 +199,10 @@ public class UpdateDataTableController {
 
         String tableName = null;
 
         List<Map<String,String>> updList;
 
         try {
 
-            String decrypt = updateDataTableService.checkParameters(data);
 
-            Map jsonMap = JSONObject.parseObject(decrypt);
 
+            Map dataMap = JSONObject.parseObject(data);
 
+            String decrypt = AESUtil.xorDecrypt(dataMap.get("ciphertext").toString());
 
+            String text = AESUtil.decrypt(decrypt);
 
+            Map jsonMap = JSONObject.parseObject(text);
 
             tableName = (String) jsonMap.get("tableName");
 
             updList = (List<Map<String, String>>) jsonMap.get("updList");
 
         } catch (Exception e) {
 
@@ -377,8 +384,10 @@ public class UpdateDataTableController {
 
         String type = null;
 
         List<LinkedHashMap> paramWhere = null;
 
         try {
 
-            String decrypt = updateDataTableService.checkParameters(data);
 
-            JSONObject map = JSONObject.parseObject(decrypt);
 
+            Map dataMap = JSONObject.parseObject(data);
 
+            String decrypt = AESUtil.xorDecrypt(dataMap.get("ciphertext").toString());
 
+            String text = AESUtil.decrypt(decrypt);
 
+            JSONObject map = JSONObject.parseObject(text);
 
             tableName = map.getString("tableName");
 
             type = StringUtils.isEmpty(map.getString("type")) ? null : map.getString("type");
 
             String paramWhere1 = map.getString("paramWhere");
 
@@ -386,6 +395,7 @@ public class UpdateDataTableController {
 
             defKey = map.getString("defKey");
 
             formKey = map.getString("formKey");
 
         } catch (Exception e) {
 
+            log.warn("操作失败", e);
 
             apiResult.setState(StateEnum.ERROR.getCode());
 
             apiResult.setMessage("参数类型错误");
 
             return apiResult;

+ 4 - 2
ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/sysdata/services/impl/UpdateDataTableImpl.java
Wyświetl plik 

@@ -518,8 +518,10 @@ public class UpdateDataTableImpl extends GenericProvider implements UpdateDataTa
 
     public APIResult<Void> encipher(String data) {
 
         APIResult<Void> apiResult = new APIResult<>();
 
         try{
 
-            String decryptedText = checkParameters(data);
 
-            Map mapSql = JSONObject.parseObject(decryptedText);
 
+            Map dataMap = JSONObject.parseObject(data);
 
+            String decryptedText = AESUtil.xorDecrypt(dataMap.get("ciphertext").toString());
 
+            String text = AESUtil.decrypt(decryptedText);
 
+            Map mapSql = JSONObject.parseObject(text);
 
             String sql = (String) mapSql.get("sql");
 
             if (null != sql && !sql.isEmpty() && "select".equals(sql.substring(0, 6))) {
 
                 sql = RequestUtil.filterInjectQuery(sql);

+ 4 - 2
ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/untils/LogAopUtil.java
Wyświetl plik 

@@ -39,8 +39,10 @@ public class LogAopUtil {
 
             try {
 
                 JsonNode jsonNode = objectMapper.readTree(pointArg.toString());
 
                 if (jsonNode.has("ciphertext") && !jsonNode.get("ciphertext").isNull()) {
 
-                    //String ciphertext = jsonNode.get("ciphertext").asText();
 
-                    pointArgs = new String[]{checkParameters(pointArg.toString())};
 
+                    String ciphertext = jsonNode.get("ciphertext").asText();
 
+                    String decrypt = AESUtil.xorDecrypt(ciphertext);
 
+                    String text = AESUtil.decrypt(decrypt);
 
+                    pointArgs = new String[]{text};
 
                 }
 
             } catch (Exception e) {}
 
         }