×ðÁú¿­Ê±

LinuxЧÀÍÆ÷·À»¤£º± £»¤Web½Ó¿ÚÃâÊÜĿ¼±éÀú¹¥»÷¡£

LinuxЧÀÍÆ÷·À»¤£º± £»¤Web½Ó¿ÚÃâÊÜĿ¼±éÀú¹¥»÷

Ŀ¼±éÀú¹¥»÷ÊÇÒ»ÖÖ³£¼ûµÄÍøÂçÇå¾²Íþв£¬¹¥»÷ÕßÊÔͼͨ¹ý»á¼ûϵͳÎļþ·¾¶ÒÔ¼°Ãô¸ÐÎļþ£¬À´»ñȡδ¾­ÊÚȨµÄ»á¼ûȨÏÞ¡£ÔÚWebÓ¦ÓóÌÐòÖУ¬Ä¿Â¼±éÀú¹¥»÷ͨ³£ÊÇͨ¹ý²Ù×÷URL·¾¶À´ÊµÏֵģ¬¹¥»÷ÕßÊäÈëÌØÊâµÄĿ¼±éÀú×Ö·û£¨Èç¡°../¡±£©À´µ¼º½µ½Ó¦ÓóÌÐòÉÏÏÂÎÄÖ®ÍâµÄĿ¼¡£

ΪÁ˱ÜÃâWeb½Ó¿ÚÔâÊÜĿ¼±éÀú¹¥»÷£¬ÎÒÃÇ¿ÉÒÔ½ÓÄÉÒÔϲ½·¥À´± £»¤Ð§ÀÍÆ÷Çå¾²¡£

ÊäÈëÑéÖ¤

ÔÚWebÓ¦ÓóÌÐòÖУ¬ÊäÈëÑéÖ¤ÊÇÌá·ÀĿ¼±éÀú¹¥»÷µÄÖ÷Òª°ì·¨¡£ÔÚÎüÊÕµ½Óû§µÄÊäÈëºó£¬Ó¦¸Ã¶ÔÆä¾ÙÐÐÑÏ¿áÑéÖ¤£¬²¢¹ýÂ˵ôÌØÊâ×Ö·û£¬ÀýÈç¡°../¡±¡£¿ÉÒÔʹÓÃÕýÔò±í´ïʽ»ò±à³ÌÓïÑÔÖеĹýÂ˺¯Êý¶ÔÓû§ÊäÈë¾ÙÐмì²é¡£

function validateInput(input) {
  // ¹ýÂ˵ôÌØÊâ×Ö·û
  const pattern = /../g;
  return !pattern.test(input);
}

// Àý×Ó
const userInput = "../../etc/passwd";
if (validateInput(userInput)) {
  // ´¦Öóͷ£Óû§ÊäÈë
  // ...
} else {
  // ÊäÈëÎÞЧ£¬¿ÉÄܱ£´æĿ¼±éÀú¹¥»÷
  // ...
}

µÇ¼ºó¸´ÖÆ

Îļþ·¾¶´¦Öóͷ£

ÔÚ´¦Öóͷ£Îļþ·¾¶Ê±£¬ÎÒÃÇӦʹÓþø¶Ô·¾¶¶ø²»ÊÇÏà¶Ô·¾¶¡£¾ø¶Ô·¾¶È·¶¨ÁËÎļþ¼òÖ±ÇÐλÖ㬲»»áÓÉÓÚÏà¶Ô·¾¶¶øµ¼ÖÂÎó½â¶Á¡£

import java.nio.file.Path;
import java.nio.file.Paths;

public class FileProcessor {
  public void processFile(String filename) {
    // ʹÓþø¶Ô·¾¶
    Path filePath = Paths.get("/var/www/html", filename);
    // ...
  }
}

// Àý×Ó
FileProcessor fileProcessor = new FileProcessor();
fileProcessor.processFile("index.html");

µÇ¼ºó¸´ÖÆ

ȨÏÞÏÞÖÆ

ΪÁËÏÞÖƹ¥»÷Õßͨ¹ýĿ¼±éÀú¹¥»÷»á¼û·ÇÊÚȨĿ¼£¬ÎÒÃÇÐèÒªÔÚЧÀÍÆ÷ÉÏÉèÖÃÊʵ±µÄȨÏÞ¡£È·±£WebЧÀÍÆ÷Àú³Ì¾ßÓÐ×îСµÄȨÏÞ£¬Ö»ÄÜ»á¼ûÐëÒªµÄÎļþºÍĿ¼¡£

ÀýÈ磬¹ØÓÚApacheЧÀÍÆ÷£¬Äú¿ÉÒÔÔÚÉèÖÃÎļþ£¨Èç¡°httpd.conf¡±£©ÖÐÉèÖÃÒÔÏÂȨÏÞ¹æÔò¡£

<Directory /var/www/html>
  Options None
  AllowOverride None
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Directory>

µÇ¼ºó¸´ÖÆ

ÉÏÊöÉèÖý«Õ¥È¡¶Ô/var/www/htmlĿ¼µÄËùÓлá¼û£¬³ýÁËÍâµØ»Ø»·µØµã£¨127.0.0.1£©Ö®Íâ¡£

Îļþ°×Ãûµ¥

ΪÁ˸ü½øÒ»²½ïÔ̭Ŀ¼±éÀú¹¥»÷µÄΣº¦£¬ÎÒÃÇ¿ÉÒÔά»¤Ò»¸öÎļþ°×Ãûµ¥£¬½öÔÊÐí»á¼ûÖ¸¶¨µÄÎļþºÍĿ¼¡£Õâ¿ÉÒÔÔÚÓ¦ÓóÌÐòµÄ´úÂëÖÐʵÏÖ£¬Í¨¹ý¼ì²éÓû§ÇëÇóµÄÎļþ·¾¶ÊÇ·ñÔÚ°×Ãûµ¥ÖÐÀ´¾ÙÐÐÏÞÖÆ¡£

def isFileAllowed(filePath):
  allowedFiles = ['/var/www/html/index.html', '/var/www/html/style.css']
  return filePath in allowedFiles

# Àý×Ó
userFilePath = "/var/www/html/../../../etc/passwd"
if isFileAllowed(userFilePath):
  # ´¦Öóͷ£Óû§ÇëÇó
  # ...
else:
  # Îļþ²»ÔÚ°×Ãûµ¥ÖÐ
  # ...

µÇ¼ºó¸´ÖÆ

ÒÔÉÏÊÇһЩ»ù±¾µÄ²½·¥£¬¿É×ÊÖú± £»¤Web½Ó¿ÚÃâÊÜĿ¼±éÀú¹¥»÷¡£µ«Çë¼Ç×Å£¬ÍøÂçÇå¾²ÊÇÒ»¸öÒ»Á¬Ò»Ö±µÄ¶·Õù£¬ÎÒÃÇ»¹Ó¦¸Ã°´ÆÚ¸üÐÂÈí¼þ¡¢ÐÞ²¹Îó²î£¬²¢°´ÆÚ¾ÙÐÐÇå¾²Éó¼ÆºÍÉø͸²âÊÔ£¬ÒÔ°ü¹ÜϵͳµÄÇå¾²ÐÔ¡£

ÒÔÉϾÍÊÇLinuxЧÀÍÆ÷·À»¤£º± £»¤Web½Ó¿ÚÃâÊÜĿ¼±éÀú¹¥»÷¡£µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿