防止 Poco Server Application 中的目录遍历攻击

【问题标题】:Prevent directory traversal attack in Poco Server Application防止 Poco Server Application 中的目录遍历攻击
【发布时间】:2019-02-16 10:59:32
【问题描述】:

我有一个 Poco 服务器应用程序项目。此服务器应用程序用作 Web 服务器。现在我想加强它以抵御目录遍历攻击,并且我正在寻找确保服务器服务的文件来自wwwRoot 内部的最佳方法。结构是

project
|-src
| |-main.cpp
|-CMakeLists.txt
|-conanfile.txt
|-build
  |-...

例如当我将build 用作wwwRoot 时,conanfile.txtwwwRoot 之外,但使用localhost:8080/../conanfile.txt 我可以打开它。我知道我可以搜索点段的路径,但我听说它不是很安全,因为有像编码路径这样的黑客攻击。由于 Poco 是我假设的服务器应用程序框架,因此已经有这样的功能来检查 filePath 是否在 wwwRoot 中,但我找不到它。

src/main.cpp 包含:

#include <Poco/Net/HTTPServer.h>
#include <Poco/Net/ServerSocket.h>
#include <Poco/Util/ServerApplication.h>
#include <Poco/Net/HTTPRequestHandler.h>
#include <Poco/Net/HTTPRequestHandlerFactory.h>
#include <Poco/Net/HTTPServerRequest.h>
#include <Poco/Net/HTTPServerResponse.h>
#include <Poco/Path.h>
#include <string>

class FileHandler: public Poco::Net::HTTPRequestHandler {
public:
    explicit FileHandler(const Poco::Path &wwwRoot);
protected:
    void handleRequest(Poco::Net::HTTPServerRequest &request,
                       Poco::Net::HTTPServerResponse &response) override;
private:
    Poco::Path wwwRoot;
};

FileHandler::FileHandler(const Poco::Path &aWwwRoot) : wwwRoot(aWwwRoot) {}

void FileHandler::handleRequest(Poco::Net::HTTPServerRequest &request,
                   Poco::Net::HTTPServerResponse &response) {
    Poco::Util::Application &app = Poco::Util::Application::instance();
    app.logger().information("FileHandler Request from " + request.clientAddress().toString() + ": " + request.getURI());


    Poco::Path path(wwwRoot.absolute(), request.getURI());
    std::string filePath(path.toString());
    app.logger().information(filePath);
    response.sendFile(filePath, "text/html");
}

class HTTPRequestHandlerFactory: public Poco::Net::HTTPRequestHandlerFactory {
public:
    explicit HTTPRequestHandlerFactory(const Poco::Path &wwwRoot);
protected:
    Poco::Net::HTTPRequestHandler* createRequestHandler(
            const Poco::Net::HTTPServerRequest& request) override;
private:
    Poco::Path wwwRoot;
};

HTTPRequestHandlerFactory::HTTPRequestHandlerFactory(const Poco::Path &aWwwRoot) : wwwRoot(aWwwRoot) {}

Poco::Net::HTTPRequestHandler* HTTPRequestHandlerFactory::createRequestHandler(
        const Poco::Net::HTTPServerRequest &) {
    return new FileHandler(wwwRoot);
}

class ServerApplication : public Poco::Util::ServerApplication {
protected:
    void initialize(Application& self) override;
    int main(const std::vector<std::string> &args) override;
};

void ServerApplication::initialize(Application& self) {
    loadConfiguration();
    Poco::Util::ServerApplication::initialize(self);
}

int ServerApplication::main(const std::vector<std::string> &) {

    Poco::Net::ServerSocket svs(8080);
    Poco::Net::HTTPServer srv(new HTTPRequestHandlerFactory(Poco::Path(".").absolute()),
                              svs, new Poco::Net::HTTPServerParams);
    srv.start();
    waitForTerminationRequest();
    srv.stop();
    return Application::EXIT_OK;
}

int main(int argc, char **argv) {
  ServerApplication app;
  return app.run(argc, argv);
}

CMakeLists.txt 包含:

cmake_minimum_required (VERSION 3.5.1)
project (Sandbox)

if(NOT CMAKE_BUILD_TYPE)
  set(CMAKE_BUILD_TYPE Debug)
endif()

set(CMAKE_CXX_FLAGS "-Wall -Wextra")
set(CMAKE_CXX_FLAGS_DEBUG "-g")
set(CMAKE_CXX_FLAGS_RELEASE "-O3")
set(CMAKE_CXX_STANDARD 14)

include(${CMAKE_BINARY_DIR}/conanbuildinfo.cmake)
conan_basic_setup(TARGETS)

add_executable(${PROJECT_NAME} src/main.cpp)
target_link_libraries(${PROJECT_NAME} PRIVATE CONAN_PKG::Poco)

conanfile.txt 包含:

[requires]
Poco/1.9.0@pocoproject/stable

[generators]
cmake

build 项目建好

【问题讨论】:

    标签: c++ poco-libraries directory-traversal


    【解决方案1】:

    您必须解码请求路径并逐步构建本地路径并检查“..”路径段。这是一个 sn-p 执行此操作,并且还处理您在提供文件时应该注意的其他一些事情。您需要编写 mapContentType() 方法,或执行类似的操作。

    Poco::URI uri(request.getURI());
std::string decodedPath = uri.getPath();

Poco::Path requestPath(decodedPath, Poco::Path::PATH_UNIX);
Poco::Path localPath(wwwRoot.absolute());
localPath.makeDirectory();

bool valid = true;
for (int i = 0; valid && i < requestPath.depth(); i++)
{
    if (requestPath[i] != "..")
        localPath.pushDirectory(requestPath[i]);
    else
        valid = false;
}
if (valid)
{
    localPath.setFileName(requestPath.getFileName());
    Poco::File requestedFile(localPath.toString());
    if (requestedFile.exists())
    {
        std::string contentType = mapContentType(localPath.getExtension());

        if (request.getMethod() == Poco::Net::HTTPRequest::HTTP_HEAD)
        {
            response.set("Last-Modified", Poco::DateTimeFormatter::format(dateTime, Poco::DateTimeFormat::HTTP_FORMAT));
            response.setContentLength64(requestedFile.getSize());
            response.setContentType(contentType);
            response.send();
        }
        else if (request.getMethod() == Poco::Net::HTTPRequest::HTTP_GET)
        {
            response.sendFile(localPath.toString(), contentType);
        }
        else
        {
            response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_METHOD_NOT_ALLOWED);
            response.send();
        }
    }
    else
    {
        response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_NOT_FOUND);
        response.send();
    }
}
else
{
    response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_NOT_FOUND);
    response.send();
}

    【讨论】:

      猜你喜欢
      • 2015-01-20
      • 2019-10-15
      • 2013-10-27
      • 1970-01-01
      • 1970-01-01
      • 2019-04-14
      • 2016-10-28
      • 2019-10-22
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode