0

我使用 IBM Appscan 在一个完成的网站上进行了测试,它返回了一堆与 drupal 搜索表单块有关的错误。以下是其中一个错误的摘录:

    [13 of 37] Parameter Value Overflow
Severity: High
Test Type: Application Invasive
Vulnerable URL: http://[my-web-address]/contact
CVE ID(s): N/A
CWE ID(s): 120
Remediation Tasks: Limit the length of input fields to avoid buffer overflow
Variant 1 of 5 [ID=97491]
The following changes were applied to the original request:
• Set parameter 'form_build_id's value to
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA...
**Request/Response:**
This request/response contains binary content, which is not included in generated
reports.
**Validation In Response:**
N/A
**Reasoning:**
The test caused the server to stop responding (an erroneous response was returned, such as cut
connection or time out). The original request was then resent and also failed, confirming that the
server had stopped responding.

感谢任何关于需要做什么的指示,谢谢。

4

2 回答 2

0

' form_build_id' 输入是来自 Drupal 的 Form API 的内部标识符。它在早期使用drupal_build_form()。它应该是 base-64 编码的 sha-256 哈希,+ 替换为 -,/ 替换为 _ 和任何 = 填充字符被删除。

在缓冲区溢出发生之前,表单更改功能可能无法触及它。所以对它进行消毒的正确地方应该是drupal_build_form()类似的东西 

  [...]
  $check_cache = isset($form_state['input']['form_id']) && $form_state['input']['form_id'] == $form_id && !empty($form_state['input']['form_build_id']);
  if ($check_cache) {
    $form_build_id = drupal_substr(filter_var($form_state['input']['form_build_id'],FILTER_SANITIZE_STRING), 0, 100); 
    $form = form_get_cache($form_build_id, $form_state);
  }
  [...]

但最好的办法是在 Drupal.org 上将此作为安全问题报告并在那里提交您的补丁。那将是审查您的问题和修复的最佳场所。

于 2012-04-18T13:13:21.617 回答
0

如果您使用除英语以外的表单输入语言,最好使用mb_substr()函数,它会保留奇怪的字符é, ù,例如 等...(几乎像 kirilloid 解决方案)和filter_var()函数,它会剥离标签并可选地剥离或编码特殊字符以保护自己免受不同类型的注入攻击。

$form_build_id = mb_substr(filter_var($_GET['form_build_id'],FILTER_SANITIZE_STRING), 0, 100);

这是mb_substr()详细信息和filter_var()详细信息。请注意,mb_substr()需要 PHP 版本 4.0.6 或更高版本,filter_var()函数需要 PHP 版本 5.2 或更高版本。

于 2012-04-18T08:19:13.163 回答