| 324 | // 所以,最好的解决方案就是我们根据经验过滤一遍请求,然后对我们认为可能存在fastjson反序列化的漏洞进行扫描 |
| 325 | // 于是就采用了你看到的这种[send to FastjsonScan]的方案 |
| 326 | class CustomScanIssue implements IScanIssue{ |
| 327 | private IHttpService httpService; |
| 328 | private URL url; |
| 329 | private IHttpRequestResponse[] httpMessages; |
| 330 | private String name; |
| 331 | private String detail; |
| 332 | private String severity; |
| 333 | |
| 334 | public CustomScanIssue( |
| 335 | IHttpService httpService, |
| 336 | URL url, |
| 337 | IHttpRequestResponse[] httpMessages, |
| 338 | String name, |
| 339 | String detail, |
| 340 | String severity) |
| 341 | { |
| 342 | this.httpService = httpService; |
| 343 | this.url = url; |
| 344 | this.httpMessages = httpMessages; |
| 345 | this.name = name; |
| 346 | this.detail = detail; |
| 347 | this.severity = severity; |
| 348 | } |
| 349 | |
| 350 | @Override |
| 351 | public URL getUrl() { |
| 352 | return url; |
| 353 | } |
| 354 | |
| 355 | @Override |
| 356 | public String getIssueName() { |
| 357 | return name; |
| 358 | } |
| 359 | |
| 360 | @Override |
| 361 | public int getIssueType() { |
| 362 | return 0; |
| 363 | } |
| 364 | |
| 365 | @Override |
| 366 | public String getSeverity() { |
| 367 | return severity; |
| 368 | } |
| 369 | |
| 370 | @Override |
| 371 | public String getConfidence() { |
| 372 | return "Certain"; |
| 373 | } |
| 374 | |
| 375 | @Override |
| 376 | public String getIssueBackground() { |
| 377 | return null; |
| 378 | } |
| 379 | |
| 380 | @Override |
| 381 | public String getRemediationBackground() { |
| 382 | return null; |
| 383 | } |
nothing calls this directly
no outgoing calls
no test coverage detected