Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

Improved workaround for struts exploit

View gist:0045ef4df99b31b43daa
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
public class ParamFilter implements Filter {
 
private Pattern pattern;
 
 
@Override
public void init(FilterConfig filterConfig) throws ServletException {
pattern = Pattern.compile(filterConfig.getInitParameter("excludeParams"));
}
 
 
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(new ParamFilteredRequest(request, pattern), response);
}
 
 
@Override
public void destroy() {
}
 
/** */
private static class ParamFilteredRequest extends HttpServletRequestWrapper {
 
private final Pattern pattern;
 
 
public ParamFilteredRequest(ServletRequest request, Pattern pattern) {
super((HttpServletRequest)request);
this.pattern = pattern;
}
 
 
@Override
public Enumeration<String> getParameterNames() {
List<String> requestParameterNames = Collections.list(super.getParameterNames());
List<String> finalParameterNames = new ArrayList<>();
 
for (String parameterName: requestParameterNames) {
if (!pattern.matcher(parameterName).matches()) {
finalParameterNames.add(parameterName);
}
}
return Collections.enumeration(finalParameterNames);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.