Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/352.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 清除url以防止因CR LF而引起的攻击_Java_Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 清除url以防止因CR LF而引起的攻击

Java 清除url以防止因CR LF而引起的攻击

java security

Java 清除url以防止因CR LF而引起的攻击,java,security,Java,Security,我在我的应用程序中看到了这段代码。有人能帮我理解这是如何帮助清理请求URL以防止因CR/LF而引起的任何攻击的吗 public static String validaterequestURL(String requestURL) throws EncodingException { Encoder encoder = new DefaultEncoder(new ArrayList<String>()); //canonicalize String clea

我在我的应用程序中看到了这段代码。有人能帮我理解这是如何帮助清理请求URL以防止因CR/LF而引起的任何攻击的吗

public static String validaterequestURL(String requestURL) throws EncodingException {
    Encoder encoder = new DefaultEncoder(new ArrayList<String>());
    //canonicalize
    String clean = encoder.canonicalize(requestURL).trim();
    clean = encoder.decodeFromrequestURL(clean);        
    int idxR = clean.indexOf('\r');
    int idxN = clean.indexOf('\n');
    if(idxN >= 0 || idxR>=0){
        if(idxN>idxR){            
          clean = clean.substring(0,idxN-1);
        }
        else{            
         clean = clean.substring(0,idxR-1);
        }
    }       
    return clean;
}
如果存在
\n
(换行符/换行符)或
\r
(回车符)字符,则相应的索引(其在字符串中的位置)将>=0。如果是,则
子字符串
操作将截断字符串,删除有问题的字符及其后的所有内容

逻辑的设置似乎是这样的:如果同时找到
\n
\r
,则只会删除这两个逻辑中较晚的一个(以及后面的任何内容)。我不知道作者为什么认为这是个好主意;我本以为会从前面的那个截短

int idxR = clean.indexOf('\r');
    int idxN = clean.indexOf('\n');
    if(idxN >= 0 || idxR>=0){
        if(idxN>idxR){            
          clean = clean.substring(0,idxN-1);
        }
        else{            
         clean = clean.substring(0,idxR-1);
        }
    }