From b83984bb9cb58b1765f5c007ee0c1484c04cad53 Mon Sep 17 00:00:00 2001
From: cwchen <1048842385@qq.com>
Date: Tue, 9 Sep 2025 10:03:15 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E6=A1=86=E6=9E=B6?=
=?UTF-8?q?=E6=95=B4=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../com/bonus/framework/interceptor/ParamSecureHandler.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
index 592c384..e59688a 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
@@ -70,13 +70,13 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
/**
* 校验参数是否合法
*/
- if (!requestWrapper.isChecked()) {
+ /*if (!requestWrapper.isChecked()) {
log.error("输入值非法: queryString={}, body={}",
StringUtils.defaultString(requestWrapper.getQueryString(), "null"),
StringUtils.defaultString(requestWrapper.getReaderParam(), "null"));
returnJson(response, "输入值非法", 500);
return false;
- }
+ }*/
// System.err.println(JSON.toJSONString(request.getParameterMap()));
/**
From a5b3abca96aac53db2b229bbb621dfcc4dbcb4ca Mon Sep 17 00:00:00 2001
From: cwchen <1048842385@qq.com>
Date: Tue, 9 Sep 2025 10:29:19 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E7=B3=BB=E7=BB=9F=E6=A1=86=E6=9E=B6?=
=?UTF-8?q?=E6=95=B4=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
bonus-common/pom.xml | 6 ++++++
.../com/bonus/framework/interceptor/ParamSecureHandler.java | 4 ++--
.../com/bonus/framework/interceptor/XssRequestWrapper.java | 2 +-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/bonus-common/pom.xml b/bonus-common/pom.xml
index 9e51a60..8ea648a 100644
--- a/bonus-common/pom.xml
+++ b/bonus-common/pom.xml
@@ -153,6 +153,12 @@
20231013
+
+ com.google.guava
+ guava
+ 32.1.3-jre
+
+
\ No newline at end of file
diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
index e59688a..592c384 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
@@ -70,13 +70,13 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
/**
* 校验参数是否合法
*/
- /*if (!requestWrapper.isChecked()) {
+ if (!requestWrapper.isChecked()) {
log.error("输入值非法: queryString={}, body={}",
StringUtils.defaultString(requestWrapper.getQueryString(), "null"),
StringUtils.defaultString(requestWrapper.getReaderParam(), "null"));
returnJson(response, "输入值非法", 500);
return false;
- }*/
+ }
// System.err.println(JSON.toJSONString(request.getParameterMap()));
/**
diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
index 9da844f..2eb3934 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
@@ -167,7 +167,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
private static final String regex10 = "onload(.*?)=";
// 添加安全脚本模式
- public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|/|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
+ public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
private String xssClean(String value) {
if (value == null) {