添加白名单后门测试

5 years ago · c88cfc1ecc
3 changed files with 19 additions and 21 deletions
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
@ -25,7 +25,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 		public void addInterceptors(InterceptorRegistry registry) {
 			registry.addInterceptor(scanApiAuthInterceptor)//添加拦截器
 					.addPathPatterns("/**") //拦截所有请求
-					.excludePathPatterns("/UserCon/**");//对应的不拦截的请求
+					.excludePathPatterns("/opback/addWhite*");//对应的不拦截的请求
 		}
 	}
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
@ -1,36 +1,32 @@
 package com.epmet.openapi.scan.controller;
 import com.alibaba.fastjson.JSON;
-import com.epmet.commons.tools.utils.Result;
+import com.epmet.openapi.scan.common.redis.RedisKeys;
-import org.springframework.beans.factory.annotation.Value;
+import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.SetOperations;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
-import java.util.HashMap;
+import java.util.Set;
 import java.util.Map;
 /**
 * @author jianjun liu
 * @date 2020-06-04 20:39
 **/
@RestController
-@RequestMapping("test")
+@RequestMapping("opback")
 public class BackDoorController {
-	@Value("${aliyun.green.accessKeyId}")
+	@Autowired
-	private String accessKeyId;
+	private RedisTemplate redisTemplate;
-	@Value("${aliyun.green.accessKeySecret}")
+	@RequestMapping("addWhite")
-	private String accessKeySecret;
+	public String addWhite(@RequestParam String ip) {
-
+		SetOperations setOperations = redisTemplate.opsForSet();
-	@Value("${aliyun.green.regionId}")
+		String whiteList = RedisKeys.getWhiteList();
-	private String regionId;
+		Long add = setOperations.add(whiteList, ip);
-	@GetMapping("api")
+		Set members = setOperations.members(whiteList);
-	public Result<String> page() {
+		return "ip:" + ip + "添加" + (add > 0 ? "成功" : "失败") + ",当前所有列表：" + JSON.toJSONString(members);
 		Map<String,Object> map = new HashMap<>();
 		map.put(accessKeyId,accessKeyId);
 		map.put(accessKeySecret,accessKeySecret);
 		map.put(regionId, regionId);
 		return new Result<String>().ok(JSON.toJSONString(map));
 	}
 }
--- a/epmet-openapi/epmet-openapi-scan/src/main/resources/readme
+++ b/epmet-openapi/epmet-openapi-scan/src/main/resources/readme
@ -0,0 +1,2 @@
 #添加白名单
 sadd epmet:openapi:scan:whitelist "客户端ip地址"
	`@ -0,0 +1,2 @@`
					`#添加白名单`
					`sadd epmet:openapi:scan:whitelist "客户端ip地址"`