不受信任的 URL 字符串的 Safe Process.Start 实现 [英] Safe Process.Start implementation for untrusted URL strings
问题描述
我的目标是在用户的默认浏览器中安全地打开网页.此网页的 URL 被视为不受信任"(将其视为使用此软件打开的文档中的链接,但该文档可能来自任何地方且其中的链接可能是恶意的)
My goal is to safely open a web page in a users default browser. The URL for this web page is considered "untrusted" (think of it as a link in a document opened with this software, but the document could be from anywhere and the links in it could be malicious)
我想避免有人将C:\Windows\malicious_code.exe"作为 URL 传递
I want to avoid someone passing "C:\Windows\malicious_code.exe" off as a URL
我目前的想法是做这样的事情:
My current thought is to do something like this:
Uri url = new Uri(urlString, UriKind.Absolute);
if( url.Scheme == Uri.UriSchemeHttp || url.Scheme == Uri.UriSchemeHttps )
{
Process.Start(url.AbsoluteUri);
}
我是否忘记了我的 'urlString' 可能包含的任何其他内容使这变得危险(例如,一个新行字符将允许某人在 URL 或可能执行相关可执行文件之后偷偷启动第二个进程以 http 开头)?
Am I forgetting about anything else that my 'urlString' might contain that makes this dangerous (e.g. a new line character which would allow someone to sneak a second process to be started in after the URL or a possible execution of a relative executable starting with http)?
我很确定这两种情况都是由这个处理的(因为我不相信 Process.Start 允许您像在 BATCH 文件中那样启动两个进程,这应该只允许以 http: 开头的字符串:或https:并且是有效的网址)
I'm pretty sure both of those cases are handled by this (as I don't believe Process.Start allows you to start two processes as you would in a BATCH file and this should only allow strings starting with http: or https: and are valid urls)
在 C# 中是否有更好的方法来做到这一点?
Is there a better way to do this in C#?
推荐答案
你要检查的是url的scheme
(即ftp://
,http://
、file://
等)这里是一个方案列表:http://en.wikipedia.org/wiki/URI_scheme#Official_IANA-registered_schemes
What you want to check is the scheme
of the url (i.e. ftp://
, http://
, file://
, etc.) Here is a list of schemes: http://en.wikipedia.org/wiki/URI_scheme#Official_IANA-registered_schemes
要查找 URL 的方案,请使用:
To find the scheme of a URL, use:
Uri u = new Uri("C:\\Windows");
String scheme = (u.GetLeftPart(UriPartial.Scheme).ToString());
对我来说,上面的例子给出了 file://
.只需使用上面的代码检查方案,然后拒绝您要过滤的方案.另外,用 try-catch
块包围解析,如果捕获到异常,则拒绝 URL;它无法解析,所以你不应该相信它.
For me, the above example gives file://
. Just check the scheme, using the code above, and reject the ones you want to filter. Also, surround the parsing with a try-catch
block and if an exception is caught, reject the URL; it can't be parsed so you shouldn't trust it.
如果您想要超偏执安全,您可以随时使用 URL 解析器解析 URL 并重建它,并在执行过程中验证每个部分.
If you want to ultra-paranoid-safe, you could always parse the URL using a URL parser and reconstruct it, validating each part as you go along.
这篇关于不受信任的 URL 字符串的 Safe Process.Start 实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!