针对Struct2远程执行漏洞做的一个过滤器乱码问题
package com.achievo.framework.server.core.filter;
import
java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import
javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class BugFilter
implements Filter
{
private List<String> keywords = new ArrayList();
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws
IOException,
ServletException
{
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
if (!isBugInvade(req)) { //如果bug入侵
chain.doFilter(request, response);
} else {
res.reset();
res.setContentType("text/html; charset=UTF-8");
res.getWriter().println("检测到入侵");
}
}
private boolean isBugInvade(HttpServletRequest request)
{
String queryString = request.getQueryString();
if (queryString != null) {
for (String keyword : this.keywords) {
if (queryString.indexOf(keyword) != -1) {
return true;
}
}
}
Enumeration e = request.getParameterNames();
String parName;
while (e.hasMoreElements()) {
parName = (String)e.nextElement();
for (String keyword : this.keywords) {
if (parName.indexOf(keyword) != -1) {
return true;
}
}
}
return false;
}
public void init(FilterConfig fConfig) throws ServletException
{
this.keywords.add("get