blade
/
blade-tool
mirror of https://github.com/chillzhuang/blade-tool
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

xss过滤增强通配符匹配逻辑

This commit is contained in:
smallchill 2021-02-22 23:02:26 +08:00
parent 99456fe165
commit 3bbc662b39
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
blade-core-tool/src/main/java/org/springblade/core/tool/support/xss/XssFilter.java
View File

@ -16,7 +16,7 @@
package org.springblade.core.tool.support.xss; package org.springblade.core.tool.support.xss;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.springblade.core.tool.utils.StringPool; import org.springframework.util.AntPathMatcher;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -30,8 +30,9 @@ import java.io.IOException;
@AllArgsConstructor @AllArgsConstructor
public class XssFilter implements Filter { public class XssFilter implements Filter {
private XssProperties xssProperties; private final XssProperties xssProperties;
private XssUrlProperties xssUrlProperties; private final XssUrlProperties xssUrlProperties;
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override @Override
public void init(FilterConfig config) { public void init(FilterConfig config) {
@ -50,8 +51,8 @@ public class XssFilter implements Filter {
} }
private boolean isSkip(String path) { private boolean isSkip(String path) {
return (xssUrlProperties.getExcludePatterns().stream().anyMatch(path::startsWith)) return (xssUrlProperties.getExcludePatterns().stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)))
|| (xssProperties.getSkipUrl().stream().map(url -> url.replace("/**", StringPool.EMPTY)).anyMatch(path::startsWith)); || (xssProperties.getSkipUrl().stream().anyMatch(pattern -> antPathMatcher.match(pattern, path)));
} }
@Override @Override