系统框架整改

bonus-common/pom.xml

@@ -153,6 +153,12 @@
             <version>20231013</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>32.1.3-jre</version> <!-- 请使用最新版本 -->
+        </dependency>
+
     </dependencies>
 
 </project>

bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java

@@ -70,13 +70,13 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
         /**
          * 校验参数是否合法
          */
-        /*if (!requestWrapper.isChecked()) {
+        if (!requestWrapper.isChecked()) {
             log.error("输入值非法: queryString={}, body={}",
             StringUtils.defaultString(requestWrapper.getQueryString(), "null"),
             StringUtils.defaultString(requestWrapper.getReaderParam(), "null"));
             returnJson(response, "输入值非法", 500);
             return false;
-        }*/
+        }
 //        System.err.println(JSON.toJSONString(request.getParameterMap()));
 
         /**

bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java

@@ -167,7 +167,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
     private static final String regex10 = "onload(.*?)=";
 
     // 添加安全脚本模式
-    public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|/|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
+    public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
 
     private String xssClean(String value) {
         if (value == null) {