我想用new Function(...)非常精简的代码生成一个函数。我想这样做
我eval()尽可能避免。但我不确定它是否足够安全使用new Function(...),这也被称为容易出现安全漏洞。
我想管理菜单按钮的状态。所以,在定义按钮时,我想写一些类似的东西
{
..., // More button definition
state: "isInEditmode && (isWidgetSelected || isCursorInWidget),
...
}
在处理多个事件期间的 statechange 时,我将根据属性中的状态检查(总结)当前整体状态对象的状态states。
因此,我将在渲染时生成一个函数并将其附加为 DOM 对象属性,而不是这样的 DOM 属性:
...
$el.stateFn = new Function("stateObj", "with (stateObj) {return " + item.state + ";}");
...
测试状态:
visible = $el.stateFn.call(currentStates, currentStates);
该with语句帮助我提供当前state对象的属性作为变量,这样上面的表达式就不需要像obj.isInEditmode.
在我看来,这不会引入安全漏洞,因为附加到 DOM 对象的函数是在渲染时生成并从源读取的。还是我错了?我应该避免这种情况吗?
性能提示表示赞赏(评论)(我认为只要我Function在渲染期间评估一次新的,这是可以接受的)。
在将 httpContextBase 注入到使用 unity 注入控制器的服务级别对象中时,我遇到了一个大问题。
样品控制器
public HomeController : Controller{
private IWorkContext _context;
public HomeController(IWorkContext context){
_context = context;
}
}
public WorkContext : IWorkContext{
private HttpContextBase _httpContext;
public (HttpContextBase httpContext){
_httpContext = httpContext;
}
public void DealWithCookies(){
//do some thing with http context and deal with cookies
}
}
内部统一引导程序
container.RegisterType<HttpContextBase>().RegisterInstance(new HttpContextWrapper(HttpContext.Current) as HttpContextBase, new ContainerControlledLifetimeManager());
//With this line httpcontextbase is returned but as a singleton instead of new for each request.
container.RegisterType<HttpContextBase>().RegisterInstance(new HttpContextWrapper(HttpContext.Current) as HttpContextBase, new PerRequestLifetimeManager());
//This …我正在寻找有关如何通过在运行时将代码直接注入内存来操作函数的建议。目的是最终运行一个外部应用程序,该应用程序能够出于优化目的操纵正在运行的进程。到目前为止,我已经按照本教程使用 GDB 来操作内存:
但是,它现在已经过时了,我似乎无法让它在 64 位体系结构上工作......我将不胜感激关于这个主题的任何建议。干杯
我有一个现有的应用程序,它是闭源的,并且发布了自己的 Mono 3.5 版本。我想改变应用程序的行为;具体来说,我想用一个新的类替换一个内置类。
通常,使用Mono.Cecil 来解决这个问题。但是,在我的情况下,应用程序程序集是从只读卷加载的,这使得修改程序集本身非常棘手(它涉及硬件黑客来生成新卷)。但是,我可以通过官方支持的机制让它加载任意 DLL,理论上我可以使用它在运行时修改程序集。
有许多资源可用于通过 .NET Framework 实现运行时代码注入/函数挂钩,但在 Mono 下它们都失败了。我见过的方法包括:
查看相关问题:
我知道这是一个非常糟糕的计划。但是,由于我没有源代码,并且修改磁盘上的程序集甚至比进行某种肮脏的运行时 hack 还要糟糕,因此这是我迄今为止生成的最佳替代方案。
我在我的服务器日志文件中找到了这些请求。我在亚马逊 EC2 上使用 nodejs。
/manager/html
/
/manager/html
/manager/html
/muieblackcat
//phpMyAdmin/scripts/setup.php
//phpmyadmin/scripts/setup.php
//pma/scripts/setup.php
//myadmin/scripts/setup.php
//MyAdmin/scripts/setup.php
/manager/html
/manager/html
http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4
/hybridauth/install.php
/manager/html
/manager/html
/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
/cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
/cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
/manager/html
/manager/html
/manager/html
/manager/html
http://www.k2proxy.com//hello.html
http://www.k2proxy.com//hello.html
/manager/html
虽然我的网站目前非常简单。无论您发送什么请求,它都会给您相同的响应。但是,这些要求真的让我害怕。我的网站甚至一点都不出名。
我的担忧是:
有人想黑我吗?
如果是,我可以对 EC2 上的 nodejs 采取哪些预防措施?
提前致谢...
security code-injection amazon-web-services server-side-attacks
正在开发 chrome 扩展。我使用 contentscript 在 wbpage 中注入脚本,如下所示:
var s = document.createElement('script');
s.src = chrome.extension.getURL("script.js");
(document.head||document.documentElement).appendChild(s);
我的脚本.js:
$.post("https://www.example.com/srv/example/", function(html){
$("body").prepend(html);
});
现在,我想收听网页 DOM 中的按钮单击事件?如何实现这一目标?
我是 Sequelize(一个 node.js ORM)的新手,想知道以下代码是否安全:
var models = require('../models');
var router = require('express').Router();
router.post('/', function(req, res, next){
models.Account
.create(req.body) // <-- THIS IS WHAT MY QUESTION IS ABOUT, IS THIS SAFE?
.then(function(result){
res.status(200)
.send(result)
.end();
}).catch(next);
});
如果您正在使用它,这在某些方面是否不安全?另一种解决方案是:
var models = require('../models');
var router = require('express').Router();
router.post('/', function(req, res, next){
models.Account
.create({
username: req.body.username, // <-- THIS IS MORE VERBOSE BUT PROBABLY SAFER?
accountname: req.body.accountname,
level: req.body.level
})
.then(function(result){
res.status(200)
.send(result)
.end();
}).catch(next);
});
所以基本上我的问题是:使用完整的请求正文作为model.create()函数(model.set()和model.build())的输入是否安全?
参考:http : //jboss-javassist.github.io/javassist/tutorial/tutorial2.html
method.insertBefore("{ System.out.println($1);}");
此语句给了我以下错误:
Exception: javassist.CannotCompileException: [source error] no such field: $1
javassist.CannotCompileException: [source error] no such field: $1
at javassist.CtBehavior.insertBefore(CtBehavior.java:774)
at javassist.CtBehavior.insertBefore(CtBehavior.java:734)
at com.here.debugHelper.DurationTransformer.transform(DurationTransformer.java:124)
at sun.instrument.TransformerManager.transform(Unknown Source)
at sun.instrument.InstrumentationImpl.transform(Unknown Source)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at com.here.debugHelper.TestInstrumentation.main(TestInstrumentation.java:10)
Caused by: compile error: no such field: $1 …我想让一个消息框出现在记事本中,所以我找到了一个简单的dll注入示例。注入器本身不是我的,似乎工作正常(获取进程的 id ,创建一个远程线程,获取 dll 文件的绝对路径)。我认为,问题在于dll. 这些项目在没有任何警告的情况下编译,但没有达到预期的结果。你能看一下并帮助我理解问题吗?(我已经把发行版dll放在了注入器项目文件夹中)
dllmain.cpp:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include "dll.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
DLLEXPORT void mess() {
MessageBoxA(NULL, "HELLO THERE", "From Notepad", NULL);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH: mess(); break;
case DLL_THREAD_ATTACH: mess(); break;
case DLL_THREAD_DETACH: mess(); break;
case DLL_PROCESS_DETACH: mess(); break;
}
return TRUE;
}
dll.h: …
我想将一个 jar 库注入到一个 apk 文件中,以便从 smali 代码中使用它。
这是我所做的:
apktool d -f -r app-debug.apk/libs反编译项目目录下将调用我的库添加到创建钩子上的主要活动,如下所示:
invoke-static {p0}, Lcom/example/injection/Inject;->test(Landroid/content/Context;)V
重新打包apk apktool b .
jarsigner/dist/目录安装应用程序adb install app-debug.apk该应用程序安装成功,但立即崩溃。每次崩溃时,logcat 都会输出以下消息:
4-14 00:37:45.397 3016-3162/? I/logserver: extract_appname, forward search, appname=com.example.ben.myapplication
04-14 00:37:45.397 3016-3162/? I/logserver: get_fault_appname, appname=com.example.ben.myapplication
04-14 00:37:45.400 3016-3161/? I/logserver: handle_notify_event, send msg [submit:trigger=0,bugtype=2,modulename=com.example.ben.myapplication,level=1,testtype=NORMAL,path=/data/log/unzip/ALE-L21_ALE-L21C432B584_0000000000_20180414003745_crash,mode=1;]
04-14 00:37:45.688 23691-23691/com.example.ben.myapplication I/Process: Sending signal. PID: 23691 SIG: 9
我在设备上运行它,所以我无法真正访问崩溃报告,但这显然是因为com/example/injection/Inject找不到。
我之前做过注入,但我没有添加 jars,而是将 smali 类添加到项目中,但我想尝试添加 jar libs。有没有办法做到这一点?
code-injection ×10
java ×2
security ×2
android ×1
apk ×1
asp.net-mvc ×1
bytecode ×1
c ×1
c++ ×1
dll ×1
dllexport ×1
eval ×1
evaluation ×1
gdb ×1
javascript ×1
javassist ×1
jit ×1
linux ×1
mono ×1
node.js ×1
reflection ×1
sequelize.js ×1
smali ×1