add readme
This commit is contained in:
JoyChou
13
.idea/workspace.xml
generated
13
.idea/workspace.xml
generated
@@ -2,7 +2,6 @@
|
||||
<project version="4">
|
||||
<component name="ChangeListManager">
|
||||
<list default="true" id="42982c84-cdb2-4596-b4aa-818c31fc199a" name="Default" comment="">
|
||||
<change type="MODIFICATION" beforePath="$PROJECT_DIR$/.idea/workspace.xml" afterPath="$PROJECT_DIR$/.idea/workspace.xml" />
|
||||
<change type="MODIFICATION" beforePath="$PROJECT_DIR$/README.md" afterPath="$PROJECT_DIR$/README.md" />
|
||||
</list>
|
||||
<ignored path="$PROJECT_DIR$/out/" />
|
||||
@@ -31,8 +30,8 @@
|
||||
<entry file="file://$PROJECT_DIR$/README.md">
|
||||
<provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
|
||||
<state split_layout="SPLIT">
|
||||
<first_editor relative-caret-position="421">
|
||||
<caret line="37" column="11" lean-forward="true" selection-start-line="37" selection-start-column="11" selection-end-line="37" selection-end-column="11" />
|
||||
<first_editor relative-caret-position="257">
|
||||
<caret line="42" column="12" lean-forward="true" selection-start-line="42" selection-start-column="12" selection-end-line="42" selection-end-column="12" />
|
||||
<folding />
|
||||
</first_editor>
|
||||
<second_editor />
|
||||
@@ -664,12 +663,12 @@
|
||||
<option name="presentableId" value="Default" />
|
||||
<updated>1504604417100</updated>
|
||||
<workItem from="1504604422158" duration="5604000" />
|
||||
<workItem from="1504667680570" duration="1412000" />
|
||||
<workItem from="1504667680570" duration="1507000" />
|
||||
</task>
|
||||
<servers />
|
||||
</component>
|
||||
<component name="TimeTrackingManager">
|
||||
<option name="totallyTimeSpent" value="7016000" />
|
||||
<option name="totallyTimeSpent" value="7111000" />
|
||||
</component>
|
||||
<component name="ToolWindowManager">
|
||||
<frame x="-1280" y="237" width="1280" height="777" extended-state="6" />
|
||||
@@ -821,8 +820,8 @@
|
||||
<entry file="file://$PROJECT_DIR$/README.md">
|
||||
<provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
|
||||
<state split_layout="SPLIT">
|
||||
<first_editor relative-caret-position="421">
|
||||
<caret line="37" column="11" lean-forward="true" selection-start-line="37" selection-start-column="11" selection-end-line="37" selection-end-column="11" />
|
||||
<first_editor relative-caret-position="257">
|
||||
<caret line="42" column="12" lean-forward="true" selection-start-line="42" selection-start-column="12" selection-end-line="42" selection-end-column="12" />
|
||||
<folding />
|
||||
</first_editor>
|
||||
<second_editor />
|
||||
|
||||
@@ -2,6 +2,12 @@
|
||||
|
||||
> Java Code Security Component (JAVA代码安全组件)
|
||||
|
||||
目前支持的功能如下:
|
||||
|
||||
1. URL白名单验证
|
||||
2. checkSSRF
|
||||
|
||||
|
||||
## URL白名单验证
|
||||
|
||||
### 验证逻辑
|
||||
@@ -25,7 +31,7 @@ JAVA默认DNS请求会有30s的缓存,所以默认不存在DNS Rebind问题。
|
||||
|
||||
如果有大佬能绕过,麻烦提个ISSUE或者PR。
|
||||
|
||||
我自己测试,以下方法均没绕过。但是,用DNS Rebind方法在调试的时候,均可以测试成功,所以我怀疑设置TTL位0未成功。
|
||||
我自己测试,以下方法均没绕过。但是,用DNS Rebind方法在调试的时候,均可以测试成功,所以我怀疑设置TTL为0未成功。
|
||||
|
||||
- DNS Rebind(手动设置JAVA的TTL为0)
|
||||
- 域名解析2个A记录地址(外网+内网)
|
||||
|
||||
Reference in New Issue
Block a user