调用这个,能复现tomcat的报错
http://localhost:8182/defaultroot/DownloadServlet?modeType=2&path=html&FileName=…\login.jsp&name=123&fiewviewdownload=2&cd=inline&downloadAll=2
springboot内嵌了tomat,比如这个版本:tomcat-embed-core-8.5.96
找到这个tomcat-embed-core的源码,
将showReport=true,修改为showReport=false
将showServerInfo=true ,修改为showServerInfo=false
方法一:
在项目中增加ErrorReportValve.java ,实现覆盖内嵌中的类。
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//
package org.apache.catalina.valves;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
import java.util.Scanner;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.servlet.ServletException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.ErrorPageSupport;
import org.apache.catalina.util.IOTools;
import org.apache.catalina.util.ServerInfo;
import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.descriptor.web.ErrorPage;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.Escape;
/**
* 解决调试信息泄露漏洞,修改showReport=false,showServerInfo=false
*/
public class ErrorReportValve extends ValveBase {
private boolean showReport = false;
private boolean showServerInfo = false;
private final ErrorPageSupport errorPageSupport = new ErrorPageSupport();
public ErrorReportValve() {
super(true);
}
public void invoke(Request request, Response response) throws IOException, ServletException {
this.getNext().invoke(request, response);
if (response.isCommitted()) {
if (response.setErrorReported()) {
AtomicBoolean ioAllowed = new AtomicBoolean(true);
response.getCoyoteResponse().action(ActionCode.IS_IO_ALLOWED, ioAllowed);
if (ioAllowed.get()) {
try {
response.flushBuffer();
} catch (Throwable var5) {
ExceptionUtils.handleThrowable(var5);
}
response.getCoyoteResponse().action(ActionCode.CLOSE_NOW, request.getAttribute("javax.servlet.error.exception"));
}
}
} else {
Throwable throwable = (Throwable)request.getAttribute("javax.servlet.error.exception");
if (!request.isAsync() || request.isAsyncCompleting()) {
if (throwable != null && !response.isError()) {
response.reset();
response.sendError(500);
}
response.setSuspended(false);
try {
this.report(request, response, throwable);
} catch (Throwable var6) {
ExceptionUtils.handleThrowable(var6);
}
}
}
}
protected ErrorPage findErrorPage(int statusCode, Throwable throwable) {
ErrorPage errorPage = null;
if (throwable != null) {
errorPage = this.errorPageSupport.find(throwable);
}
if (errorPage == null) {
errorPage = this.errorPageSupport.find(statusCode);
}
if (errorPage == null) {
errorPage = this.errorPageSupport.find(0);
}
return errorPage;
}
protected void report(Request request, Response response, Throwable throwable) {
int statusCode = response.getStatus();
if (statusCode >= 400 && response.getContentWritten() <= 0L && response.setErrorReported()) {
AtomicBoolean result = new AtomicBoolean(false);
response.getCoyoteResponse().action(ActionCode.IS_IO_ALLOWED, result);
if (result.get()) {
ErrorPage errorPage = this.findErrorPage(statusCode, throwable);
if (errorPage == null || !this.sendErrorPage(errorPage.getLocation(), response)) {
String message = Escape.htmlElementContent(response.getMessage());
String reason;
if (message == null) {
if (throwable != null) {
reason = throwable.getMessage();
if (reason != null && reason.length() > 0) {
Scanner scanner = new Scanner(reason);
try {
message = Escape.htmlElementContent(scanner.nextLine());
} catch (Throwable var17) {
try {
scanner.close();
} catch (Throwable var15) {
var17.addSuppressed(var15);
}
throw var17;
}
scanner.close();
}
}
if (message == null) {
message = "";
}
}
reason = null;
String description = null;
StringManager smClient = StringManager.getManager("org.apache.catalina.valves", request.getLocales());
response.setLocale(smClient.getLocale());
try {
reason = smClient.getString("http." + statusCode + ".reason");
description = smClient.getString("http." + statusCode + ".desc");
} catch (Throwable var16) {
ExceptionUtils.handleThrowable(var16);
}
if (reason == null || description == null) {
if (message.isEmpty()) {
return;
}
reason = smClient.getString("errorReportValve.unknownReason");
description = smClient.getString("errorReportValve.noDescription");
}
StringBuilder sb = new StringBuilder();
sb.append("<!doctype html><html lang=\"");
sb.append(smClient.getLocale().getLanguage()).append("\">");
sb.append("<head>");
sb.append("<title>");
sb.append(smClient.getString("errorReportValve.statusHeader", new Object[]{String.valueOf(statusCode), reason}));
sb.append("</title>");
sb.append("<style type=\"text/css\">");
sb.append("body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}");
sb.append("</style>");
sb.append("</head><body>");
sb.append("<h1>");
sb.append(smClient.getString("errorReportValve.statusHeader", new Object[]{String.valueOf(statusCode), reason})).append("</h1>");
if (this.isShowReport()) {
sb.append("<hr class=\"line\" />");
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.type"));
sb.append("</b> ");
if (throwable != null) {
sb.append(smClient.getString("errorReportValve.exceptionReport"));
} else {
sb.append(smClient.getString("errorReportValve.statusReport"));
}
sb.append("</p>");
if (!message.isEmpty()) {
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.message"));
sb.append("</b> ");
sb.append(message).append("</p>");
}
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.description"));
sb.append("</b> ");
sb.append(description);
sb.append("</p>");
if (throwable != null) {
String stackTrace = this.getPartialServletStackTrace(throwable);
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.exception"));
sb.append("</b></p><pre>");
sb.append(Escape.htmlElementContent(stackTrace));
sb.append("</pre>");
int loops = 0;
for(Throwable rootCause = throwable.getCause(); rootCause != null && loops < 10; ++loops) {
stackTrace = this.getPartialServletStackTrace(rootCause);
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.rootCause"));
sb.append("</b></p><pre>");
sb.append(Escape.htmlElementContent(stackTrace));
sb.append("</pre>");
rootCause = rootCause.getCause();
}
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.note"));
sb.append("</b> ");
sb.append(smClient.getString("errorReportValve.rootCauseInLogs"));
sb.append("</p>");
}
sb.append("<hr class=\"line\" />");
}
if (this.isShowServerInfo()) {
sb.append("<h3>").append(ServerInfo.getServerInfo()).append("</h3>");
}
sb.append("</body></html>");
try {
try {
response.setContentType("text/html");
response.setCharacterEncoding("utf-8");
} catch (Throwable var18) {
ExceptionUtils.handleThrowable(var18);
if (this.container.getLogger().isDebugEnabled()) {
this.container.getLogger().debug("Failure to set the content-type of response", var18);
}
}
Writer writer = response.getReporter();
if (writer != null) {
writer.write(sb.toString());
response.finishResponse();
}
} catch (IllegalStateException | IOException var19) {
}
}
}
}
}
protected String getPartialServletStackTrace(Throwable t) {
StringBuilder trace = new StringBuilder();
trace.append(t.toString()).append(System.lineSeparator());
StackTraceElement[] elements = t.getStackTrace();
int pos = elements.length;
int i;
for(i = elements.length - 1; i >= 0; --i) {
if (elements[i].getClassName().startsWith("org.apache.catalina.core.ApplicationFilterChain") && elements[i].getMethodName().equals("internalDoFilter")) {
pos = i;
break;
}
}
for(i = 0; i < pos; ++i) {
if (!elements[i].getClassName().startsWith("org.apache.catalina.core.")) {
trace.append('\t').append(elements[i].toString()).append(System.lineSeparator());
}
}
return trace.toString();
}
private boolean sendErrorPage(String location, Response response) {
File file = new File(location);
if (!file.isAbsolute()) {
file = new File(this.getContainer().getCatalinaBase(), location);
}
if (file.isFile() && file.canRead()) {
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
try {
OutputStream os = response.getOutputStream();
InputStream is = new FileInputStream(file);
IOTools.flow(is, os);
return true;
} catch (IOException var6) {
this.getContainer().getLogger().warn(sm.getString("errorReportValve.errorPageIOException", new Object[]{location}), var6);
return false;
}
} else {
this.getContainer().getLogger().warn(sm.getString("errorReportValve.errorPageNotFound", new Object[]{location}));
return false;
}
}
public void setShowReport(boolean showReport) {
this.showReport = showReport;
}
public boolean isShowReport() {
return this.showReport;
}
public void setShowServerInfo(boolean showServerInfo) {
this.showServerInfo = showServerInfo;
}
public boolean isShowServerInfo() {
return this.showServerInfo;
}
public boolean setProperty(String name, String value) {
ErrorPage ep;
if (name.startsWith("errorCode.")) {
int code = Integer.parseInt(name.substring(10));
ep = new ErrorPage();
ep.setErrorCode(code);
ep.setLocation(value);
this.errorPageSupport.add(ep);
return true;
} else if (name.startsWith("exceptionType.")) {
String className = name.substring(14);
ep = new ErrorPage();
ep.setExceptionType(className);
ep.setLocation(value);
this.errorPageSupport.add(ep);
return true;
} else {
return false;
}
}
public String getProperty(String name) {
String result;
ErrorPage ep;
if (name.startsWith("errorCode.")) {
int code = Integer.parseInt(name.substring(10));
ep = this.errorPageSupport.find(code);
if (ep == null) {
result = null;
} else {
result = ep.getLocation();
}
} else if (name.startsWith("exceptionType.")) {
String className = name.substring(14);
ep = this.errorPageSupport.find(className);
if (ep == null) {
result = null;
} else {
result = ep.getLocation();
}
} else {
result = null;
}
return result;
}
}
方法二:
将修改好的.class文件替换tomcat-embed-core.jar的源码
重新编译,将生成的ErrorReportValve.class替换掉原始的tomcat-embed-core的jar包。
解决!
修复完成
