XSS过滤器问题解决，gerReader错误

2024-08-20 19:14:42 +08:00 · 2024-08-20 19:14:42 +08:00 · 1b269d95c4
parent d59a67e5f3
commit 1b269d95c4
2 changed files with 15 additions and 19 deletions
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java
@ -232,10 +232,10 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
     * @param requestUrl
     */
    private boolean checkReader(String readerParam, String requestUrl) {
-        if (SafeUtil.checkScript(readerParam)) {
+//        if (SafeUtil.checkScript(readerParam)) {
-            log.info("请求失败,当前请求参数不安全!请求地址：\n" + requestUrl + "\n不安全参数：数据流:" + readerParam);
+//            log.info("请求失败,当前请求参数不安全!请求地址：\n" + requestUrl + "\n不安全参数：数据流:" + readerParam);
-            return false;
+//            return false;
-        }
+//        }
        return true;
    }
--- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/XssRequestWrapper.java
+++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/XssRequestWrapper.java
@ -36,21 +36,17 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
        super(request);
        getParameterMap();
        BufferedReader reader;
-        try {
+        //            reader = request.getReader();
-            reader = request.getReader();
+        StringBuilder sb = new StringBuilder();
-            StringBuilder sb = new StringBuilder();
+        char[] buf = new char[1024];
-            char[] buf = new char[1024];
+        int rd;
-            int rd;
+//            while ((rd = reader.read(buf)) != -1) {
-            while ((rd = reader.read(buf)) != -1) {
+//                sb.append(buf, 0, rd);
-                sb.append(buf, 0, rd);
+//            }
-            }
+//            reader.close();
-            reader.close();
+        streamParam = xssClean(sb.toString());
-            streamParam = xssClean(sb.toString());
+        setChecked(xssCleanNew(sb.toString()) && xssCleanNew(request.getQueryString()));
-            setChecked(xssCleanNew(sb.toString()) && xssCleanNew(request.getQueryString()));
+        body = streamParam.getBytes();
            body = streamParam.getBytes();
        } catch (IOException e) {
            log.error(e.getLocalizedMessage(),e);
        }
        queryString = xssClean(request.getQueryString());