bonus
/
ahdevicemgt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

XSS过滤器问题解决,gerReader错误

This commit is contained in:
syruan 2024-08-20 19:14:42 +08:00
parent d59a67e5f3
commit 1b269d95c4
2 changed files with 15 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
View File

@ -232,10 +232,10 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
* @param requestUrl
*/
private boolean checkReader(String readerParam, String requestUrl) {
if (SafeUtil.checkScript(readerParam)) {
log.info("请求失败,当前请求参数不安全!请求地址:\n" + requestUrl + "\n不安全参数数据流:" + readerParam);
return false;
}
// if (SafeUtil.checkScript(readerParam)) {
// log.info("请求失败,当前请求参数不安全!请求地址:\n" + requestUrl + "\n不安全参数数据流:" + readerParam);
// return false;
// }
return true;
}

26
bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/XssRequestWrapper.java
View File

@ -36,21 +36,17 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
super(request);
getParameterMap();
BufferedReader reader;
try {
reader = request.getReader();
StringBuilder sb = new StringBuilder();
char[] buf = new char[1024];
int rd;
while ((rd = reader.read(buf)) != -1) {
sb.append(buf, 0, rd);
}
reader.close();
streamParam = xssClean(sb.toString());
setChecked(xssCleanNew(sb.toString()) && xssCleanNew(request.getQueryString()));
body = streamParam.getBytes();
} catch (IOException e) {
log.error(e.getLocalizedMessage(),e);
}
// reader = request.getReader();
StringBuilder sb = new StringBuilder();
char[] buf = new char[1024];
int rd;
// while ((rd = reader.read(buf)) != -1) {
// sb.append(buf, 0, rd);
// }
// reader.close();
streamParam = xssClean(sb.toString());
setChecked(xssCleanNew(sb.toString()) && xssCleanNew(request.getQueryString()));
body = streamParam.getBytes();
queryString = xssClean(request.getQueryString());