XSS는 특정사용자가 다른 사용자와 통신하는 과정에서 발생할 수 있는 해킹 방법.
해결방안 : 자바스크립트를 실행할 수 있는 문장을 모두 치환.
EvaluationDAO.java - write() 함수 수정
package evaluation;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import util.DatabaseUtil;
public class EvaluationDAO {
public int write(EvaluationDTO evaluationDTO) {
String SQL = "INSERT INTO EVALUATION VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)"; // EvaluationID는 auto increament 설정이 되있기 때문에 NULL값을 넣어주면 차례대로 증가함
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = DatabaseUtil.getConnection();
pstmt = conn.prepareStatement(SQL);
pstmt.setString(1, evaluationDTO.getUserID().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(2, evaluationDTO.getLectureName().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(3, evaluationDTO.getProfessorName().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setInt(4, evaluationDTO.getLectureYear());
pstmt.setString(5, evaluationDTO.getSemesterDivide().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(6, evaluationDTO.getLectureDivede().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(7, evaluationDTO.getEvaluationTitle().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(8, evaluationDTO.getEvaluationContent().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(9, evaluationDTO.getTotalScore().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(10, evaluationDTO.getCreditScore().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(11, evaluationDTO.getComfortableScore().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
pstmt.setString(12, evaluationDTO.getLectureScore().replaceAll("<", "<").replaceAll(">", ">").replaceAll("\r\n", "<br>"));
return pstmt.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (conn != null)
conn.close();
} catch (Exception e) {
e.printStackTrace();
}
try {
if (pstmt != null)
pstmt.close();
} catch (Exception e) {
e.printStackTrace();
}
try {
if (rs != null)
rs.close();
} catch (Exception e) {
e.printStackTrace();
}
}
return -1;
}
public ArrayList<EvaluationDTO> getList (String lectureDivede, String searchType, String search, int pageNumber) {
if(lectureDivede.equals("전체")) {
lectureDivede = "";
}
ArrayList<EvaluationDTO> evaluationList = null;
String SQL = "";
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
if(searchType.equals("최신순")) {
SQL = "SELECT * FROM EVALUATION WHERE lectureDivede Like ? AND CONCAT(lectureName, professorName, evaluationTitle, evaluationContent) LIKE " +
"? ORDER BY evaluationID DESC LIMIT " + pageNumber * 5 + ", " + pageNumber * 5 + 6;
} else if (searchType.equals("추천순")) {
SQL = "SELECT * FROM EVALUATION WHERE lectureDivede Like ? AND CONCAT(lectureName, professorName, evaluationTitle, evaluationContent) LIKE " +
"? ORDER BY likeCount DESC LIMIT " + pageNumber * 5 + ", " + pageNumber * 5 + 6;
}
conn = DatabaseUtil.getConnection();
pstmt = conn.prepareStatement(SQL);
pstmt.setString(1, "%" + lectureDivede + "%");
pstmt.setString(2, "%" + search + "%");
rs = pstmt.executeQuery();
evaluationList = new ArrayList<EvaluationDTO>();
while(rs.next()) {
EvaluationDTO evaluation = new EvaluationDTO(
rs.getInt(1),
rs.getString(2),
rs.getString(3),
rs.getString(4),
rs.getInt(5),
rs.getString(6),
rs.getString(7),
rs.getString(8),
rs.getString(9),
rs.getString(10),
rs.getString(11),
rs.getString(12),
rs.getString(13),
rs.getInt(14)
);
evaluationList.add(evaluation);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {if(conn != null) conn.close();} catch (Exception e) {e.printStackTrace();}
try {if(pstmt != null) pstmt.close();} catch (Exception e) {e.printStackTrace();}
try {if(rs != null) rs.close();} catch (Exception e) {e.printStackTrace();}
}
return evaluationList;
}
// 특정한 강의평가 글에 좋아요를 누르는 함수
public int like(String evaluationID) {
String SQL = "UPDATE EVALUATION SET likeCount = likeCount + 1 WHERE evaluationID = ?";
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = DatabaseUtil.getConnection();
pstmt = conn.prepareStatement(SQL);
pstmt.setInt(1, Integer.parseInt(evaluationID));
return pstmt.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
} finally {
try {if(conn != null) conn.close();} catch (Exception e) {e.printStackTrace();}
try {if(pstmt != null) pstmt.close();} catch (Exception e) {e.printStackTrace();}
try {if(rs != null) rs.close();} catch (Exception e) {e.printStackTrace();}
}
return -1; // 데이터베이스 오류
}
// 특정한 강의평가 글을 삭제하는 함수
public int delete(String evaluationID) {
String SQL = "DELETE FROM EVALUATION WHERE evaluationID = ?";
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = DatabaseUtil.getConnection();
pstmt = conn.prepareStatement(SQL);
pstmt.setInt(1, Integer.parseInt(evaluationID));
return pstmt.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
} finally {
try {if(conn != null) conn.close();} catch (Exception e) {e.printStackTrace();}
try {if(pstmt != null) pstmt.close();} catch (Exception e) {e.printStackTrace();}
try {if(rs != null) rs.close();} catch (Exception e) {e.printStackTrace();}
}
return -1; // 데이터베이스 오류
}
// 글을 작성한 사용자의 아이디를 받아오는 함수
public String getUserID(String evaluationID) {
String SQL = "SELECT userID FROM EVALUATION WHERE evaluationID = ?";
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = DatabaseUtil.getConnection();
pstmt = conn.prepareStatement(SQL);
pstmt.setInt(1, Integer.parseInt(evaluationID));
rs = pstmt.executeQuery();
if(rs.next()) {
return rs.getString(1);
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {if(conn != null) conn.close();} catch (Exception e) {e.printStackTrace();}
try {if(pstmt != null) pstmt.close();} catch (Exception e) {e.printStackTrace();}
try {if(rs != null) rs.close();} catch (Exception e) {e.printStackTrace();}
}
return null; // 존재하지 않는 글
}
}
함수를 수정해주는 게시글이 등록될 때 모든 꺾쇠가 치환되어서 자바스크립트를
삽입하기가 어려워진다. 다른 여러 라이브러리가 많지간 위 처럼 간단히 설정만
해주어도 XSS 공격이 까다로워진다.
'JAVA > JSP' 카테고리의 다른 글
| JSP 강의평가 웹사이트 - 추천 및 삭제 기능 구현 (0) | 2020.05.11 |
|---|---|
| JSP 강의평가 웹 사이트 - 평가 검색 및 출력 구현 (0) | 2020.05.10 |
| JSP로 강의평가 웹 사이트 - 평가 등록 및 신고 구현 (0) | 2020.05.09 |
| JSP로 강의평가 웹 사이트 - 로그인 및 로그아웃 구현하기 (0) | 2020.05.08 |
| JSP 강의평가 웹사이트 회원가입 및 이메일 인증 (0) | 2020.05.07 |