IBM AppScan Source弹出我的代码“bos.write(buff, 0, bytesRead);
”的漏洞,我可能知道这是一个误报以及如何解决它?
public static void download(HttpServletRequest request, HttpServletResponse response, String filePath)
{
BufferedInputStream bis = null;
BufferedOutputStream bos = null;
URL url = null;
try
{
url = new URL(filePath);
response.setContentType("text/html;charset=UTF-8");
request.setCharacterEncoding("UTF-8");
response.setContentType("application/octet-stream");
response.setHeader("Content-disposition", "attachment; filename=" + fileName(filePath));
bis = new BufferedInputStream(url.openStream());
bos = new BufferedOutputStream(response.getOutputStream());
byte[] buff = new byte[2048];
int bytesRead;
while (-1 != (bytesRead = bis.read(buff, 0, buff.length))) {
bos.write(buff, 0, bytesRead);
}
}
catch (UnsupportedEncodingException e)
{
e.printStackTrace();
}
catch (FileNotFoundException e)
{
e.printStackTrace();
}
catch (IOException e)
{
e.printStackTrace();
}
finally
{
closeStream(bis);
closeStream(bos);
}
}
答案 0 :(得分:0)
我发现使用GZIPOutputStream而不是BufferOutputStream,它可以在AppScan Source中传递。但不确定会有任何副作用。