Merge branch 'jiwoo'

2023-08-01 15:47:01 +09:00 · 2023-08-01 15:47:01 +09:00 · 770bf2f3a0
commit 770bf2f3a0
parent 3133900a3c 3b0413faeb
7 changed files with 98 additions and 0 deletions
--- a/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java
+++ b/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java
@ -73,6 +73,7 @@ import itn.com.cmm.service.EgovFileMngService;
 import itn.com.cmm.service.EgovFileMngUtil;
 import itn.com.cmm.service.FileVO;
 import itn.com.cmm.service.ReadService;
+import itn.com.cmm.util.EgovDoubleSubmitHelper;
 import itn.com.cmm.util.StringUtil;
 import itn.com.cmm.util.WebUtil;
 import itn.com.uss.ion.cnf.service.ProhibitMngService;
@ -2712,6 +2713,12 @@ public class EgovBBSManageController {
 		ModelAndView modelAndView = new ModelAndView();
 		modelAndView.setViewName("jsonView");
 		
+		
+		if (!EgovDoubleSubmitHelper.checkAndSaveToken("someKey", multiRequest)) {  
+			modelAndView.addObject("message", "너무많은 글쓰기가 시도되었습니다.");
+			modelAndView.addObject("result", "fail");
+			return modelAndView;
+		}
 		// Start => bbsId를 변조해서 공지사항에 글 등록 방지 처리
 		//boardVO.setBbsId("BBSMSTR_000000000651");	// 공지사항
 		List<BoardVO> userBbsWriteList = bbsMngService.selectUserBbsWriteList(boardVO);
--- a/src/main/java/itn/let/uat/uia/web/EgovLoginController.java
+++ b/src/main/java/itn/let/uat/uia/web/EgovLoginController.java
@ -585,6 +585,34 @@ public class EgovLoginController {
 		ModelAndView modelAndView = new ModelAndView();
 		modelAndView.setViewName("jsonView");

+		//비밀번호 규칙성 검증 추가 - 취약점 조치
+		mberManageVO.setPassword(mberManageVO.getPassword().trim());
+		String passWord = mberManageVO.getPassword();
+		
+		if(passWord.length() < 8  || passWord.length() > 20) {
+			modelAndView.addObject("resultSts", "passWordFail");
+			return modelAndView;
+		}
+		
+        Pattern digitPattern = Pattern.compile("[0-9]");
+        Matcher digitMatcher = digitPattern.matcher(passWord);
+        boolean hasDigit = digitMatcher.find();
+
+        Pattern letterPattern = Pattern.compile("[a-zA-Z]");
+        Matcher letterMatcher = letterPattern.matcher(passWord);
+        boolean hasLetter = letterMatcher.find();
+
+        Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]");
+        Matcher specialMatcher = specialPattern.matcher(passWord);
+        boolean hasSpecialCharacter = specialMatcher.find();
+        
+        
+		if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false) {
+			modelAndView.addObject("resultSts", "passWordFail");
+			return modelAndView;
+		}
+		
+		
 		// 사업자등록증 업로드
 		List<FileVO> result = null;
 		String wAtchFileId = ""; //사업자등록증 첨부파일 ID 
@ -3205,6 +3233,30 @@ public class EgovLoginController {

 		try {
 			
+			//비밀번호 규칙성 검증 추가 - 취약점 조치
+			userManageVO.setPassword(userManageVO.getPassword().trim());
+			String passWord = userManageVO.getPassword();
+			
+	        Pattern digitPattern = Pattern.compile("[0-9]");
+	        Matcher digitMatcher = digitPattern.matcher(passWord);
+	        boolean hasDigit = digitMatcher.find();
+
+	        Pattern letterPattern = Pattern.compile("[a-zA-Z]");
+	        Matcher letterMatcher = letterPattern.matcher(passWord);
+	        boolean hasLetter = letterMatcher.find();
+
+	        Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]");
+	        Matcher specialMatcher = specialPattern.matcher(passWord);
+	        boolean hasSpecialCharacter = specialMatcher.find();
+	        
+	        
+			if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false || passWord.length() < 8  || passWord.length() > 20) {
+				modelAndView.addObject("pwRuleCheck", false);
+				return modelAndView;
+			}else {
+				modelAndView.addObject("pwRuleCheck", true);
+			}
+
 			// 해당 정보의 등록 페스워드 조회
 			int pwCheck = mberManageService.selectMberPWOverlapCheck(userManageVO);
 			
--- a/src/main/java/itn/let/uat/uia/web/EgovMypageController.java
+++ b/src/main/java/itn/let/uat/uia/web/EgovMypageController.java
@ -1231,6 +1231,28 @@ public class EgovMypageController {
 				return modelAndView;
 			}
 			
+			//비밀번호 규칙섬 검증 추가 - 취약점 조치
+			userManageVO.setPassword(userManageVO.getPassword().trim());
+			String passWord = userManageVO.getPassword();
+	        Pattern digitPattern = Pattern.compile("[0-9]");
+	        Matcher digitMatcher = digitPattern.matcher(passWord);
+	        boolean hasDigit = digitMatcher.find();
+
+	        Pattern letterPattern = Pattern.compile("[a-zA-Z]");
+	        Matcher letterMatcher = letterPattern.matcher(passWord);
+	        boolean hasLetter = letterMatcher.find();
+
+	        Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]");
+	        Matcher specialMatcher = specialPattern.matcher(passWord);
+	        boolean hasSpecialCharacter = specialMatcher.find();
+			
+	        if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false || passWord.length() < 8  || passWord.length() > 20) {
+				modelAndView.addObject("errType", "04");
+				modelAndView.addObject("message", "비밀번호 규칙을 확인해주세요.");
+				modelAndView.addObject("result", "fail");
+				return modelAndView;
+	        }
+			
 			userManageVO.setEmplyrId(loginVO.getId());
 			userManageService.updateUserPWAjax(userManageVO);
 			modelAndView.addObject("result", "success");
--- a/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp
+++ b/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp
@ -18,6 +18,7 @@
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
 <%@ taglib prefix="validator" uri="http://www.springmodules.org/tags/commons-validator"%>
+<%@ taglib prefix="double-submit" uri="http://www.egovframe.go.kr/tags/double-submit/jsp" %>
 <%
 	pageContext.setAttribute("crlf", "\r\n");
 %>
@ -74,6 +75,7 @@
 <input type="hidden" name="bbsId" value="<c:out value='${searchVO.bbsId}'/>" />
 </form:form>                
 <form:form commandName="board" name="board" method="post" enctype="multipart/form-data">
+<double-submit:preventer tokenKey="someKey" />
 <input type="hidden" name="pageIndex" value="<c:out value='${searchVO.pageIndex}'/>" />
 <input type="hidden" name="searchCnd" value="<c:out value='${searchVO.searchCnd}'/>"/>
 <input type="hidden" name="searchWrd" value="<c:out value='${searchVO.searchWrd}'/>"/>
--- a/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp
+++ b/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp
@ -97,6 +97,10 @@ function selectUserPW(){
 		, dataType:'json'
 		, timeout:(1000*30)
 		, success:function(data){
+			if(data.pwRuleCheck == false){
+				alert("비밀번호 규칙을 확인해주세요.");
+				return;
+			}
 			if(data.pwCheck == false ){
 				alert("사용한 적 있는 비밀번호 입니다. 다른 비밀번호를 입력해주세요.");
 				return;
--- a/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp
+++ b/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp
@ -564,6 +564,10 @@ var blineCode = '${blineCode}';
 						//저장완료 화면으로 이동하기
 						fnInsertJoin();
 						
+					}else if("passWordFail" == returnData.resultSts){
+						alert("비밀번호 규칙을 확인해주세요.");
+						return;
+						
 					}else{
 						
 						alert("회원가입에 실패 하였습니다.");	
--- a/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp
+++ b/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp
@ -186,6 +186,13 @@ function insertPw(){
 					$('#newPassword2').val("");
 					$('#newPassword1').focus();
 					return;	
+				}		
+				
+				if(returnData.errType == "04") {
+					$('#newPassword1').val("");
+					$('#newPassword2').val("");
+					$('#newPassword1').focus();
+					return;	
 				}				
 			}
 		}