1. Xss 的完成

2. 完善 README 文档
2025-07-25 00:15:06 +08:00 · 2021-02-22 01:01:52 +08:00
parent 593e14f3a9
commit 507f55f3c9
7 changed files with 88 additions and 176 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/config/FilterConfig.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/config/FilterConfig.java
@ -1,47 +0,0 @@
-package com.ruoyi.framework.config;
-
-import java.util.HashMap;
-import java.util.Map;
-import javax.servlet.DispatcherType;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import com.ruoyi.common.filter.RepeatableFilter;
-import com.ruoyi.common.filter.XssFilter;
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * Filter配置
- *
- * @author ruoyi
- */
-@Configuration
-public class FilterConfig {
-    @Value("${xss.enabled}")
-    private String enabled;
-
-    @Value("${xss.excludes}")
-    private String excludes;
-
-    @Value("${xss.urlPatterns}")
-    private String urlPatterns;
-
-    @SuppressWarnings({"rawtypes", "unchecked"})
-    @Bean
-    public FilterRegistrationBean xssFilterRegistration() {
-        FilterRegistrationBean registration = new FilterRegistrationBean();
-        registration.setDispatcherTypes(DispatcherType.REQUEST);
-        registration.setFilter(new XssFilter());
-        registration.addUrlPatterns(StringUtils.split(urlPatterns, ","));
-        registration.setName("xssFilter");
-        registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
-        Map<String, String> initParameters = new HashMap<String, String>();
-        initParameters.put("excludes", excludes);
-        initParameters.put("enabled", enabled);
-        registration.setInitParameters(initParameters);
-        return registration;
-    }
-
-}
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@ -1,97 +0,0 @@
-package com.ruoyi.common.filter;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * 防止XSS攻击的过滤器
- * 
- * @author ruoyi
- */
-public class XssFilter implements Filter
-{
-    /**
-     * 排除链接
-     */
-    public List<String> excludes = new ArrayList<>();
-
-    /**
-     * xss过滤开关
-     */
-    public boolean enabled = false;
-
-    @Override
-    public void init(FilterConfig filterConfig) throws ServletException
-    {
-        String tempExcludes = filterConfig.getInitParameter("excludes");
-        String tempEnabled = filterConfig.getInitParameter("enabled");
-        if (StringUtils.isNotEmpty(tempExcludes))
-        {
-            String[] url = tempExcludes.split(",");
-            for (int i = 0; url != null && i < url.length; i++)
-            {
-                excludes.add(url[i]);
-            }
-        }
-        if (StringUtils.isNotEmpty(tempEnabled))
-        {
-            enabled = Boolean.valueOf(tempEnabled);
-        }
-    }
-
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-            throws IOException, ServletException
-    {
-        HttpServletRequest req = (HttpServletRequest) request;
-        HttpServletResponse resp = (HttpServletResponse) response;
-        if (handleExcludeURL(req, resp))
-        {
-            chain.doFilter(request, response);
-            return;
-        }
-        XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
-        chain.doFilter(xssRequest, response);
-    }
-
-    private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
-    {
-        if (!enabled)
-        {
-            return true;
-        }
-        if (excludes == null || excludes.isEmpty())
-        {
-            return false;
-        }
-        String url = request.getServletPath();
-        for (String pattern : excludes)
-        {
-            Pattern p = Pattern.compile("^" + pattern);
-            Matcher m = p.matcher(url);
-            if (m.find())
-            {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    @Override
-    public void destroy()
-    {
-
-    }
-}
--- a/ruoyi-common/src/main/resources/application.yml
+++ b/ruoyi-common/src/main/resources/application.yml
@ -33,12 +33,3 @@ logging:
  level:
    com.ruoyi: debug
    org.springframework: warn
-
-# 防止XSS攻击
-xss:
-  # 过滤开关
-  enabled: true
-  # 排除链接（多个用逗号分隔）
-  excludes: /system/notice/*
-  # 匹配链接
-  urlPatterns: /system/*,/monitor/*,/tool/*