Clever Geek Handbook

Cross-Site Scripting and Web Parameter Preventing Interference in Playframework

After launching our first public alpha version of http://wwww.trademango.com , which is built with the Play platform. I've had experience with web parameters that someone or something (bots for example) was trying to commit. These attempts have been going on for some time. We are studying our security. I was wondering if anyone has any experience integrating tools like owsap with Playframework. I would like to get some community feedback on what other people are doing against these attacks.

Below are several attempts to interfere with web parameters in action:

    @ 69mkklokf
    Internal Server Error (500) for request GET / supplier /: q /: page? Q =: supplierUUID

    Execution exception (In {module: common-model} /app/models/services/ID.java around line 46)
    NumberFormatException occured: For input string: ""

    play.exceptions.JavaExecutionException: For input string: ""
        at play.mvc.ActionInvoker.invoke (ActionInvoker.java:231)
        at Invocation.HTTP Request (Play!)
    Caused by: java.lang.NumberFormatException: For input string: ""
        at java.lang.NumberFormatException.forInputString (NumberFormatException.java:65)
        at java.lang.Long.parseLong (Long.java:450)
        at java.lang.Long.valueOf (Long.java:508)
        at models.services.ID.base36ToUUID (ID.java:46)
        at controllers.Application.supplier (Application.java:177)
        at play.mvc.ActionInvoker.invokeWithContinuation (ActionInvoker.java:548)
        at play.mvc.ActionInvoker.invoke (ActionInvoker.java:502)
        at play.mvc.ActionInvoker.invokeControllerMethod (ActionInvoker.java:478)
        at play.mvc.ActionInvoker.invokeControllerMethod (ActionInvoker.java:473)
        at play.mvc.ActionInvoker.invoke (ActionInvoker.java:161)
        ... 1 more
    22 Mar 2012 07: 20: 57,270 ERROR play: 570 - 

    @ 69mkklokg
    phpmyadmin.translators.html action not found

    Action not found
    Action phpmyadmin.translators.html could not be found. Error raised is Controller controllers.phpmyadmin.translators not found

    play.exceptions.ActionNotFoundException: Action phpmyadmin.translators.html not found
        at play.mvc.ActionInvoker.getActionMethod (ActionInvoker.java:590)
        at play.mvc.ActionInvoker.resolve (ActionInvoker.java:85)
        at Invocation.HTTP Request (Play!)
    Caused by: java.lang.Exception: Controller controllers.phpmyadmin.translators not found
        ... 3 more
    22 Mar 2012 10:13: 16.611 ERROR play: 570 - 

    @ 69mkklokh
    nice ports, .Trinity.txt.bak action not found

    Action not found
    Action nice ports, .Trinity.txt.bak could not be found. Error raised is Controller controllers.nice ports, .Trinity.txt not found

    play.exceptions.ActionNotFoundException: Action nice ports, .Trinity.txt.bak not found
        at play.mvc.ActionInvoker.getActionMethod (ActionInvoker.java:590)
        at play.mvc.ActionInvoker.resolve (ActionInvoker.java:85)
        at Invocation.HTTP Request (Play!)
    Caused by: java.lang.Exception: Controller controllers.nice ports, .Trinity.txt not found
        ... 3 more
+3


source to share


1 answer


I suggest removing the 'catch all' route

# Catch all  
*       /{controller}/{action}                  {controller}.{action}


Remove this and have explicit mappings to all of your controllers and actions.

+1


source






More articles:


All Articles