Fortify报告了HttpServletRequest问题,以验证请求数据。 下面是示例。
public static String getUrl(HttpServletRequest request) {
String scheme = request.getScheme() + "://";
String serverName = request.getServerName();
String serverPort = (request.getServerPort() == 80) ? "" : ":" + request.getServerPort();
// String contextPath = request.getContextPath();
String tenant = (String) request.getAttribute("t1");
String domain = (String) request.getAttribute("d1");
if (StringUtils.isEmpty(tenant)) tenant = tenantDomain.getTenant();
if (StringUtils.isEmpty(domain)) domain = tenantDomain.getDomain();
String uriPostFix = "";
if((tenant != null) && (domain != null)) {
uriPostFix = "/" + tenant + "/" + domain;
}
return scheme + serverName + serverPort + uriPostFix;
}
如何验证请求数据?是否有可用的Java类,或者我们可以做此正则表达式?