Java web common vulnerabilities and security code which is base on springboot and spring security
xstream
;XMLReader
;DocumentHelper
;poi-ooxml
and xlsx-streamer
;MappingJackson2JsonView
;Cors
vulnerability code, and provide solution for verifying first-level domain names;IOUtils
and Jsoup
;Content-Type
for file upload;getRequestURI ()
to cause permission bypass vulnerability;xstream
导致的RCE漏洞;XMLReader
导致的XXE漏洞;DocumentHelper
导致的XXE漏洞;poi-ooxml
和xlsx-streamer
导致的XXE漏洞;MappingJackson2JsonView
导致的JSON劫持漏洞;IOUtils
和Jsoup
导致的SSRF漏洞;Content-Type
的安全校验功能;getRequestURI()
导致权限绕过漏洞;spring-security
.mybatis
.resolveClass
method to prevent deserialize.spring-security
;mybatis
的SQL注入;resolveClass
方法来防御反序列化;velocity
导致的SSTI漏洞;httpclient
的SSRF漏洞;java_sec_code_v20190621