diff --git a/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java b/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java index a09f49fc..7b68e99f 100644 --- a/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java +++ b/src/main/java/itn/let/cop/bbs/web/EgovBBSManageController.java @@ -73,6 +73,7 @@ import itn.com.cmm.service.EgovFileMngService; import itn.com.cmm.service.EgovFileMngUtil; import itn.com.cmm.service.FileVO; import itn.com.cmm.service.ReadService; +import itn.com.cmm.util.EgovDoubleSubmitHelper; import itn.com.cmm.util.StringUtil; import itn.com.cmm.util.WebUtil; import itn.com.uss.ion.cnf.service.ProhibitMngService; @@ -2712,6 +2713,12 @@ public class EgovBBSManageController { ModelAndView modelAndView = new ModelAndView(); modelAndView.setViewName("jsonView"); + + if (!EgovDoubleSubmitHelper.checkAndSaveToken("someKey", multiRequest)) { + modelAndView.addObject("message", "너무많은 글쓰기가 시도되었습니다."); + modelAndView.addObject("result", "fail"); + return modelAndView; + } // Start => bbsId를 변조해서 공지사항에 글 등록 방지 처리 //boardVO.setBbsId("BBSMSTR_000000000651"); // 공지사항 List userBbsWriteList = bbsMngService.selectUserBbsWriteList(boardVO); diff --git a/src/main/java/itn/let/uat/uia/web/EgovLoginController.java b/src/main/java/itn/let/uat/uia/web/EgovLoginController.java index 0d4b6af4..62f0cf26 100644 --- a/src/main/java/itn/let/uat/uia/web/EgovLoginController.java +++ b/src/main/java/itn/let/uat/uia/web/EgovLoginController.java @@ -585,6 +585,34 @@ public class EgovLoginController { ModelAndView modelAndView = new ModelAndView(); modelAndView.setViewName("jsonView"); + //비밀번호 규칙성 검증 추가 - 취약점 조치 + mberManageVO.setPassword(mberManageVO.getPassword().trim()); + String passWord = mberManageVO.getPassword(); + + if(passWord.length() < 8 || passWord.length() > 20) { + modelAndView.addObject("resultSts", "passWordFail"); + return modelAndView; + } + + Pattern digitPattern = Pattern.compile("[0-9]"); + Matcher digitMatcher = digitPattern.matcher(passWord); + boolean hasDigit = digitMatcher.find(); + + Pattern letterPattern = Pattern.compile("[a-zA-Z]"); + Matcher letterMatcher = letterPattern.matcher(passWord); + boolean hasLetter = letterMatcher.find(); + + Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]"); + Matcher specialMatcher = specialPattern.matcher(passWord); + boolean hasSpecialCharacter = specialMatcher.find(); + + + if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false) { + modelAndView.addObject("resultSts", "passWordFail"); + return modelAndView; + } + + // 사업자등록증 업로드 List result = null; String wAtchFileId = ""; //사업자등록증 첨부파일 ID @@ -3205,6 +3233,30 @@ public class EgovLoginController { try { + //비밀번호 규칙성 검증 추가 - 취약점 조치 + userManageVO.setPassword(userManageVO.getPassword().trim()); + String passWord = userManageVO.getPassword(); + + Pattern digitPattern = Pattern.compile("[0-9]"); + Matcher digitMatcher = digitPattern.matcher(passWord); + boolean hasDigit = digitMatcher.find(); + + Pattern letterPattern = Pattern.compile("[a-zA-Z]"); + Matcher letterMatcher = letterPattern.matcher(passWord); + boolean hasLetter = letterMatcher.find(); + + Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]"); + Matcher specialMatcher = specialPattern.matcher(passWord); + boolean hasSpecialCharacter = specialMatcher.find(); + + + if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false || passWord.length() < 8 || passWord.length() > 20) { + modelAndView.addObject("pwRuleCheck", false); + return modelAndView; + }else { + modelAndView.addObject("pwRuleCheck", true); + } + // 해당 정보의 등록 페스워드 조회 int pwCheck = mberManageService.selectMberPWOverlapCheck(userManageVO); diff --git a/src/main/java/itn/let/uat/uia/web/EgovMypageController.java b/src/main/java/itn/let/uat/uia/web/EgovMypageController.java index cdbf7c72..1407da45 100644 --- a/src/main/java/itn/let/uat/uia/web/EgovMypageController.java +++ b/src/main/java/itn/let/uat/uia/web/EgovMypageController.java @@ -1231,6 +1231,28 @@ public class EgovMypageController { return modelAndView; } + //비밀번호 규칙섬 검증 추가 - 취약점 조치 + userManageVO.setPassword(userManageVO.getPassword().trim()); + String passWord = userManageVO.getPassword(); + Pattern digitPattern = Pattern.compile("[0-9]"); + Matcher digitMatcher = digitPattern.matcher(passWord); + boolean hasDigit = digitMatcher.find(); + + Pattern letterPattern = Pattern.compile("[a-zA-Z]"); + Matcher letterMatcher = letterPattern.matcher(passWord); + boolean hasLetter = letterMatcher.find(); + + Pattern specialPattern = Pattern.compile("[`~!@@#$%^&*|\\\\'\";:/?]"); + Matcher specialMatcher = specialPattern.matcher(passWord); + boolean hasSpecialCharacter = specialMatcher.find(); + + if(hasDigit == false || hasLetter == false || hasSpecialCharacter == false || passWord.length() < 8 || passWord.length() > 20) { + modelAndView.addObject("errType", "04"); + modelAndView.addObject("message", "비밀번호 규칙을 확인해주세요."); + modelAndView.addObject("result", "fail"); + return modelAndView; + } + userManageVO.setEmplyrId(loginVO.getId()); userManageService.updateUserPWAjax(userManageVO); modelAndView.addObject("result", "success"); diff --git a/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp b/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp index 60ab3028..0aa597c3 100644 --- a/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp +++ b/src/main/webapp/WEB-INF/jsp/web/cop/bbs/EgovNoticeRegist.jsp @@ -18,6 +18,7 @@ <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%> <%@ taglib prefix="validator" uri="http://www.springmodules.org/tags/commons-validator"%> +<%@ taglib prefix="double-submit" uri="http://www.egovframe.go.kr/tags/double-submit/jsp" %> <% pageContext.setAttribute("crlf", "\r\n"); %> @@ -74,6 +75,7 @@ + diff --git a/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp b/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp index d6b43f0f..e401e2e9 100644 --- a/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp +++ b/src/main/webapp/WEB-INF/jsp/web/login/findUserPwResult.jsp @@ -97,6 +97,10 @@ function selectUserPW(){ , dataType:'json' , timeout:(1000*30) , success:function(data){ + if(data.pwRuleCheck == false){ + alert("비밀번호 규칙을 확인해주세요."); + return; + } if(data.pwCheck == false ){ alert("사용한 적 있는 비밀번호 입니다. 다른 비밀번호를 입력해주세요."); return; diff --git a/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp b/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp index 8be6416e..1be8a689 100644 --- a/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp +++ b/src/main/webapp/WEB-INF/jsp/web/login/usrInsertView.jsp @@ -564,6 +564,10 @@ var blineCode = '${blineCode}'; //저장완료 화면으로 이동하기 fnInsertJoin(); + }else if("passWordFail" == returnData.resultSts){ + alert("비밀번호 규칙을 확인해주세요."); + return; + }else{ alert("회원가입에 실패 하였습니다."); diff --git a/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp b/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp index 128e9255..f06a14cc 100644 --- a/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp +++ b/src/main/webapp/WEB-INF/jsp/web/user/passwordChange.jsp @@ -186,6 +186,13 @@ function insertPw(){ $('#newPassword2').val(""); $('#newPassword1').focus(); return; + } + + if(returnData.errType == "04") { + $('#newPassword1').val(""); + $('#newPassword2').val(""); + $('#newPassword1').focus(); + return; } } }