gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复文件劫持、注入、阻断页面、镜像若干bug

Browse Source
This commit is contained in:
wangwei
2019-05-31 13:04:57 +08:00
parent 33590ee8f4
commit 1b2f115ee5
23 changed files with 239 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/webapp/WEB-INF/tags/sys/delRow.tag
View File

@@ -390,8 +390,12 @@ function cancelPassOpt(url){
}
});
}
}
//查询文件是否被引用
if(canCancel && validateIsCancelOfQuote(checkboxes)){
top.$.jBox.tip("<spring:message code='file_is_used'/>", "<spring:message code='info'/>");
canCancel=false;
}
if(canCancel){
doAll(checkboxes,url);
}
@@ -603,10 +607,20 @@ function validateIsDelete(checkboxes){
}
//验证文件是否其他菜单有引用且非删除状态
function validateIsDeleteOfQuote(checkboxes){
var flag = false;
$(checkboxes).filter(":checked").each(function(){
if($(this).attr("quoteStatus") != -1 && "undefined" != typeof $(this).attr("quoteStatus") && $(this).attr("quoteStatus") != ""){ //可删除的条件
flag = true;
return;
}
});
return flag;
}
//验证文件是否其他菜单引用且生效
function validateIsCancelOfQuote(checkboxes){
var flag = false;
$(checkboxes).filter(":checked").each(function(){
if($(this).attr("quoteStatus") != -1 && $(this).attr("quoteStatus") != 0
&& "undefined" != typeof $(this).attr("quoteStatus")){ //可删除的条件
if($(this).attr("quoteStatus") == 1){ //不可取消的配置
flag = true;
return;
}

2
src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/list.jsp
View File

@@ -322,7 +322,7 @@
<c:forEach items="${page.list }" var="cfg" varStatus="status" step="1">
<tr>
<td>
<input type="checkbox" class="i-checks" serviceId="${cfg.serviceId }" compileId="${cfg.compileId }" id="${cfg.cfgId}" value="${cfg.isAudit}">
<input type="checkbox" class="i-checks" serviceId="${cfg.serviceId }" compileId="${cfg.compileId }" id="${cfg.cfgId}" quoteStatus="${cfg.userRegion4}" value="${cfg.isAudit}">
</td>
<td>${cfg.compileId }</td>
<td>${cfg.cfgDesc }</td>

107
src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/form.jsp
View File

@@ -13,7 +13,10 @@
$("#cfgFile").on('change',function(){
$("#urlInfo").val($("#cfgFile").val());
cfgFileValidate();
});
});
$("#contentType").on('change',function(){
cfgFileValidate();
});
$("#cfgFrom") .validate( {
submitHandler : function(form) {
@@ -37,29 +40,23 @@
});
function cfgFileValidate(){
var flag=false; //状态,检测文件后缀用
var arr=["exe","apk"];//使用是什么格式的后缀
var flag=false; //状态,检测文件后缀用
var cFile=$("#cfgFile").val();//文件的值
//取出上传文件的扩展名
var index=cFile.lastIndexOf(".");
var ext = cFile.substr(index+1).toLowerCase();
//循环比较
for(var i=0;i<arr.length;i++)
{
if(ext == arr[i])
{
flag = true; //一旦找到合适的,立即退出循环
break;
}
}
//条件判断
$("div[for='urlInfo']").empty();
if(!flag){
var tail = $("#contentType").find("option:selected").attr("tail")
$("div[for='urlInfo']").empty();
if(ext == tail || tail ==""){
flag = true;
return flag;
}
if(!flag){
// ("文件名不合法");
$("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
return false;
}
return true;
$("div[for='urlInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
return false;
}
return true;
}
</script>
</head>
@@ -149,7 +146,41 @@
</c:forEach>
</div>
</div>
<div class="row">
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="file_desc"/></label>
<div class="col-md-6">
<input class="form-control" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
</div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="content_name" /></label>
<div class="col-md-6">
<input class="form-control" type="text" name="contentName" value="${_cfg.contentName}">
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<font color="red">*</font><spring:message code="content_type" />
</label>
<div class="col-md-6">
<select id="contentType" name="contentType" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
<option value="" tail=""><spring:message code="select"/></option>
<c:forEach items="${fns:getDictList('CONTENT_TYPE_HIJACK')}" var="dict">
<option value="${dict.itemCode}" tail="${dict.itemDesc}" <c:if test="${dict.itemCode==_cfg.contentType}">selected</c:if>>${dict.itemCode}</option>
</c:forEach>
</select>
</div>
<div for="contentType"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group ">
<label class="control-label col-md-3"><font color="red">*</font>
@@ -168,41 +199,7 @@
</div>
<div for="urlInfo"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="profile_name"/></label>
<div class="col-md-6">
<input class="form-control" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<font color="red">*</font><spring:message code="content_type" />
</label>
<div class="col-md-6">
<select name="contentType" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
<option value=""><spring:message code="select"/></option>
<c:forEach items="${fns:getDictList('CONTENT_TYPE_HIJACK')}" var="dict">
<option value="${dict.itemCode}" <c:if test="${dict.itemCode==_cfg.contentType}">selected</c:if>>${dict.itemCode}</option>
</c:forEach>
</select>
</div>
<div for="contentType"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="content_name" /></label>
<div class="col-md-6">
<input class="form-control" type="text" name="contentName" value="${_cfg.contentName}">
</div>
</div>
</div>
</div>
<div class="col-md-6 hidden">
<div class="form-group">
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="action"/></label>

4
src/main/webapp/WEB-INF/views/cfg/proxy/fileHijack/list.jsp
View File

@@ -93,7 +93,7 @@
<div class="input-group-btn">
<form:select path="seltype" class="selectpicker select2 input-small" >
<form:option value="cfgDesc"><spring:message code="profile_name"></spring:message></form:option>
<form:option value="cfgDesc"><spring:message code="file_desc"></spring:message></form:option>
<form:option value="isValid"><spring:message code="valid_identifier"></spring:message></form:option>
<form:option value="compileIdNew"><spring:message code="cfg_id"></spring:message></form:option>
</form:select>
@@ -292,7 +292,7 @@
<tr>
<th><input type="checkbox" class="i-checks" id="checkAll"></th>
<th column="cfg_id" class="sort-column a.compile_id" style="display: none;"><spring:message code="cfg_id"/></th>
<th column="profile_name" class="sort-column a.cfg_desc"><spring:message code="profile_name"/></th>
<th column="profile_name" class="sort-column a.cfg_desc"><spring:message code="file_desc"/></th>
<th column="hijack_file_strategy" class="sort-column a.path"><spring:message code="hijack_file_strategy"/></th>
<th column="content_type" class="sort-column a.content_type"><spring:message code="content_type"/></th>
<th column="content_name" class="sort-column a.content_name"><spring:message code="content_name"/></th>

57
src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/form.jsp
View File

@@ -151,11 +151,37 @@
</c:forEach>
</div>
</div>
<div class="row">
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="script_name"/></label>
<div class="col-md-6">
<input class="form-control" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<font color="red">*</font><spring:message code="script_format" />
</label>
<div class="col-md-6">
<select id="format" name="format" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
<option value=""><spring:message code="select"/></option>
<c:forEach items="${fns:getDictList('CONTENT_TYPE_INSERTSCRIPT')}" var="dict">
<option value="${dict.itemCode}" <c:if test="${dict.itemCode==_cfg.format}">selected</c:if>>${dict.itemCode}</option>
</c:forEach>
</select>
</div>
<div for="format"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group ">
<label class="control-label col-md-3"><font color="red">*</font>
<spring:message code="file_insert_script" /></label>
<spring:message code="script_file" /></label>
<div class="col-md-6">
<input id="cfgFile" name="cfgFile" type="file" style="width: 330px; display: none" />
<div class="input-group">
@@ -171,33 +197,6 @@
<div for="urlInfo"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="profile_name"/></label>
<div class="col-md-6">
<input class="form-control" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<font color="red">*</font><spring:message code="format" />
</label>
<div class="col-md-6">
<select id="format" name="format" data-live-search="true" data-live-search-placeholder="search" class="selectpicker form-control required">
<option value=""><spring:message code="select"/></option>
<c:forEach items="${fns:getDictList('CONTENT_TYPE_INSERTSCRIPT')}" var="dict">
<option value="${dict.itemCode}" <c:if test="${dict.itemCode==_cfg.format}">selected</c:if>>${dict.itemCode}</option>
</c:forEach>
</select>
</div>
<div for="format"></div>
</div>
</div>
<div class="col-md-6 hidden">
<div class="form-group">
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="action"/></label>

8
src/main/webapp/WEB-INF/views/cfg/proxy/fileInsertScript/list.jsp
View File

@@ -93,7 +93,7 @@
<div class="input-group-btn">
<form:select path="seltype" class="selectpicker select2 input-small" >
<form:option value="cfgDesc"><spring:message code="profile_name"></spring:message></form:option>
<form:option value="cfgDesc"><spring:message code="script_name"></spring:message></form:option>
<form:option value="isValid"><spring:message code="valid_identifier"></spring:message></form:option>
<form:option value="compileIdNew"><spring:message code="cfg_id"></spring:message></form:option>
</form:select>
@@ -292,9 +292,9 @@
<tr>
<th><input type="checkbox" class="i-checks" id="checkAll"></th>
<th column="cfg_id" class="sort-column a.compile_id" style="display: none;"><spring:message code="cfg_id"/></th>
<th column="profile_name" class="sort-column a.cfg_desc"><spring:message code="profile_name"/></th>
<th column="file_insert_script" ><spring:message code="file_insert_script"/></th>
<th column="format" ><spring:message code="format"/></th>
<th column="profile_name" class="sort-column a.cfg_desc"><spring:message code="script_name"/></th>
<th column="file_insert_script" ><spring:message code="script_file"/></th>
<th column="format" ><spring:message code="script_format"/></th>
<th column="is_audit" class="a.is_valid"><spring:message code="is_audit"/></th>
<th column="letter" ><spring:message code="letter"/></th>
<th column="classification" ><spring:message code="classification"/></th>

41
src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/form.jsp
View File

@@ -150,26 +150,7 @@
</c:forEach>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group ">
<label class="control-label col-md-3"><font color="red">*</font>
<spring:message code="reply_file" /></label>
<div class="col-md-6">
<input id="cfgFile" name="cfgFile" type="file" style="width: 330px; display: none" />
<div class="input-group">
<input id="urlInfo" name="urlInfo" readonly="readonly" data-msg-required="" placeholder="<spring:message code="select_file"/>" class="required form-control"
style="background-color: transparent" aria-required="true"
type="text" value="${_cfg.url }">
<div class="input-group-btn">
<a id="urlBtn" class="btn btn-default btn-search"
href="javascript:" style=""><i class="fa fa-search"></i></a>
</div>
</div>
</div>
<div for="urlInfo"></div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="file_desc" /></label>
@@ -197,7 +178,25 @@
<div for="contentType"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group ">
<label class="control-label col-md-3"><font color="red">*</font>
<spring:message code="response_file" /></label>
<div class="col-md-6">
<input id="cfgFile" name="cfgFile" type="file" style="width: 330px; display: none" />
<div class="input-group">
<input id="urlInfo" name="urlInfo" readonly="readonly" data-msg-required="" placeholder="<spring:message code="select_file"/>" class="required form-control"
style="background-color: transparent" aria-required="true"
type="text" value="${_cfg.url }">
<div class="input-group-btn">
<a id="urlBtn" class="btn btn-default btn-search"
href="javascript:" style=""><i class="fa fa-search"></i></a>
</div>
</div>
</div>
<div for="urlInfo"></div>
</div>
</div>
<div class="col-md-6 hidden">
<div class="form-group">
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="action"/></label>

22
src/main/webapp/WEB-INF/views/cfg/proxy/fileResponsePage/list.jsp
View File

@@ -282,8 +282,8 @@
<th><input type="checkbox" class="i-checks" id="checkAll"></th>
<th class="sort-column a.compile_id" style="display: none;"><spring:message code="cfg_id"/></th>
<th class="sort-column a.cfg_desc"><spring:message code="file_desc"/></th>
<th class="sort-column a.content_type"><spring:message code="content_type"/></th>
<th class="sort-column a.content_length"><spring:message code="content_length"/></th>
<th class="sort-column a.url"><spring:message code="response_file"/></th>
<th class="sort-column a.content_type"><spring:message code="content_type"/></th>
<th><spring:message code="letter"/></th>
<th><spring:message code="classification"/></th>
<th><spring:message code="attribute"/></th>
@@ -302,19 +302,15 @@
<c:forEach items="${page.list }" var="indexCfg" varStatus="status" step="1">
<tr>
<td>
<input type="checkbox" class="i-checks child-checks" id="${indexCfg.cfgId}" value="${indexCfg.isAudit}">
<input type="checkbox" class="i-checks child-checks" id="${indexCfg.cfgId}" quoteStatus="${indexCfg.quote}" value="${indexCfg.isAudit}">
</td>
<td>${indexCfg.compileId }</td>
<td><a href="${indexCfg.url }" target="_blank">${indexCfg.fileDesc }</a></td>
<td>${indexCfg.contentType }</td>
<td>${indexCfg.contentLength }B</td>
<%-- <td>
<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
<c:if test="${dict.itemCode eq indexCfg.action }">
<spring:message code="${dict.itemValue }"/>
</c:if>
</c:forEach>
</td> --%>
<td>${indexCfg.fileDesc }</td>
<td><a href="${indexCfg.url}" target="_blank" data-original-title="${indexCfg.url}"
class="tooltips" data-flag="false" data-html="true" data-placement="top">
${fn:substring(indexCfg.url,0,20) }</a>
</td>
<td>${indexCfg.contentType }</td>
<td>${indexCfg.requestName }</td>
<td>
<c:set var="classify"></c:set>

8
src/main/webapp/WEB-INF/views/cfg/proxy/fileTrafficMirror/form.jsp
View File

@@ -162,12 +162,14 @@ word-break:break-all;
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message code="target_name"/></label>
<label class="control-label col-md-3"><spring:message code="address_name"/></label>
<div class="col-md-6">
<input class="form-control" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
@@ -182,8 +184,6 @@ word-break:break-all;
<div for="addrType"></div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">

4
src/main/webapp/WEB-INF/views/cfg/proxy/fileTrafficMirror/list.jsp
View File

@@ -299,7 +299,7 @@
<tr>
<th><input type="checkbox" class="i-checks" id="checkAll"></th>
<th column="cfg_id" class="sort-column a.compile_id" style="display: none;"><spring:message code="cfg_id"/></th>
<th column="target_name" class="sort-column a.cfg_desc"><spring:message code="target_name"/></th>
<th column="target_name" class="sort-column a.cfg_desc"><spring:message code="address_name"/></th>
<th column="mirror_addr_type" class="sort-column a.addr_type"><spring:message code="mirror_addr_type"/></th>
<th column="mirror_addr_list"><spring:message code="mirror_addr_list"/></th>
<th column="is_audit"><spring:message code="is_audit"/></th>
@@ -320,7 +320,7 @@
<c:forEach items="${page.list }" var="indexCfg" varStatus="status" step="1">
<tr>
<td>
<input type="checkbox" class="i-checks child-checks" id="${indexCfg.cfgId}" value="${indexCfg.isAudit}">
<input type="checkbox" class="i-checks child-checks" id="${indexCfg.cfgId}" quoteStatus="${cfg.userRegion5}" value="${indexCfg.isAudit}">
</td>
<td>${indexCfg.compileId }</td>
<td>${indexCfg.cfgDesc}</a></td>