blade/blade-tool
1
0
Fork 0
mirror of https://github.com/chillzhuang/blade-tool synced 2024-11-05 10:09:32 +08:00
Code Issues Projects Releases Wiki Activity

xss过滤增强通配符匹配逻辑

Browse Source
This commit is contained in:
smallchill 2021-02-22 23:02:26 +08:00
parent 99456fe165
commit 3bbc662b39
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
blade-core-tool/src/main/java/org/springblade/core/tool/support/xss/XssFilter.java
View File

@ -16,7 +16,7 @@
package org.springblade.core.tool.support.xss;
import lombok.AllArgsConstructor;
import org.springblade.core.tool.utils.StringPool;
import org.springframework.util.AntPathMatcher;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
@ -30,8 +30,9 @@ import java.io.IOException;
@AllArgsConstructor
public class XssFilter implements Filter {
private XssProperties xssProperties;
private XssUrlProperties xssUrlProperties;
private final XssProperties xssProperties;
private final XssUrlProperties xssUrlProperties;
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override
public void init(FilterConfig config) {
@ -50,8 +51,8 @@ public class XssFilter implements Filter {
}
private boolean isSkip(String path) {
return (xssUrlProperties.getExcludePatterns().stream().anyMatch(path::startsWith))
|| (xssProperties.getSkipUrl().stream().map(url -> url.replace("/**", StringPool.EMPTY)).anyMatch(path::startsWith));
return (xssUrlProperties.getExcludePatterns().stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)))
|| (xssProperties.getSkipUrl().stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)));
}
@Override