添加白名单后门测试

5 years ago · c88cfc1ecc
3 changed files with 19 additions and 21 deletions
--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/config/WebAppConfig.java
@ -25,7 +25,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 		public void addInterceptors(InterceptorRegistry registry) {
 			registry.addInterceptor(scanApiAuthInterceptor)//添加拦截器
 					.addPathPatterns("/**") //拦截所有请求
-					.excludePathPatterns("/UserCon/**");//对应的不拦截的请求
+					.excludePathPatterns("/opback/addWhite*");//对应的不拦截的请求
 		}
 	}

--- a/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
+++ b/epmet-openapi/epmet-openapi-scan/src/main/java/com/epmet/openapi/scan/controller/BackDoorController.java
@ -1,36 +1,32 @@
 package com.epmet.openapi.scan.controller;

 import com.alibaba.fastjson.JSON;
-import com.epmet.commons.tools.utils.Result;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.bind.annotation.GetMapping;
+import com.epmet.openapi.scan.common.redis.RedisKeys;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.SetOperations;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

-import java.util.HashMap;
-import java.util.Map;
+import java.util.Set;

 /**
 * @author jianjun liu
 * @date 2020-06-04 20:39
 **/
@RestController
-@RequestMapping("test")
+@RequestMapping("opback")
 public class BackDoorController {
-	@Value("${aliyun.green.accessKeyId}")
-	private String accessKeyId;
+	@Autowired
+	private RedisTemplate redisTemplate;

-	@Value("${aliyun.green.accessKeySecret}")
-	private String accessKeySecret;
-
-	@Value("${aliyun.green.regionId}")
-	private String regionId;
-	@GetMapping("api")
-	public Result<String> page() {
-		Map<String,Object> map = new HashMap<>();
-		map.put(accessKeyId,accessKeyId);
-		map.put(accessKeySecret,accessKeySecret);
-		map.put(regionId, regionId);
-		return new Result<String>().ok(JSON.toJSONString(map));
+	@RequestMapping("addWhite")
+	public String addWhite(@RequestParam String ip) {
+		SetOperations setOperations = redisTemplate.opsForSet();
+		String whiteList = RedisKeys.getWhiteList();
+		Long add = setOperations.add(whiteList, ip);
+		Set members = setOperations.members(whiteList);
+		return "ip:" + ip + "添加" + (add > 0 ? "成功" : "失败") + ",当前所有列表：" + JSON.toJSONString(members);
 	}
 }
--- a/epmet-openapi/epmet-openapi-scan/src/main/resources/readme
+++ b/epmet-openapi/epmet-openapi-scan/src/main/resources/readme
@ -0,0 +1,2 @@
+#添加白名单
+sadd epmet:openapi:scan:whitelist "客户端ip地址"