package com.qianwen.core.boot.request;
|
|
import java.io.BufferedReader;
|
import java.io.ByteArrayInputStream;
|
import java.io.IOException;
|
import java.io.InputStreamReader;
|
import java.util.LinkedHashMap;
|
import java.util.Map;
|
import javax.servlet.ReadListener;
|
import javax.servlet.ServletInputStream;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequestWrapper;
|
import com.qianwen.core.tool.utils.StringUtil;
|
import com.qianwen.core.tool.utils.WebUtil;
|
|
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
private final HttpServletRequest orgRequest;
|
private byte[] body;
|
private static final XssHtmlFilter HTML_FILTER = new XssHtmlFilter();
|
|
public XssHttpServletRequestWrapper(HttpServletRequest request) {
|
super(request);
|
this.orgRequest = request;
|
}
|
|
public BufferedReader getReader() throws IOException {
|
return new BufferedReader(new InputStreamReader(getInputStream()));
|
}
|
|
public ServletInputStream getInputStream() throws IOException {
|
if (super.getHeader("Content-Type") == null) {
|
return super.getInputStream();
|
}
|
if (super.getHeader("Content-Type").startsWith("multipart/form-data")) {
|
return super.getInputStream();
|
}
|
if (this.body == null) {
|
this.body = xssEncode(WebUtil.getRequestBody(super.getInputStream())).getBytes();
|
}
|
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.body);
|
return new ServletInputStream() { // from class: com.qianwen.core.boot.request.XssHttpServletRequestWrapper.1
|
public int read() {
|
return byteArrayInputStream.read();
|
}
|
|
public boolean isFinished() {
|
return false;
|
}
|
|
public boolean isReady() {
|
return false;
|
}
|
|
public void setReadListener(ReadListener readListener) {
|
}
|
};
|
}
|
|
public String getParameter(String name) {
|
String value = super.getParameter(xssEncode(name));
|
if (StringUtil.isNotBlank(value)) {
|
value = xssEncode(value);
|
}
|
return value;
|
}
|
|
public String[] getParameterValues(String name) {
|
String[] parameters = super.getParameterValues(name);
|
if (parameters == null || parameters.length == 0) {
|
return null;
|
}
|
for (int i = 0; i < parameters.length; i++) {
|
parameters[i] = xssEncode(parameters[i]);
|
}
|
return parameters;
|
}
|
|
public Map<String, String[]> getParameterMap() {
|
Map<String, String[]> map = new LinkedHashMap<>();
|
Map<String, String[]> parameters = super.getParameterMap();
|
for (String key : parameters.keySet()) {
|
String[] values = parameters.get(key);
|
for (int i = 0; i < values.length; i++) {
|
values[i] = xssEncode(values[i]);
|
}
|
map.put(key, values);
|
}
|
return map;
|
}
|
|
public String getHeader(String name) {
|
String value = super.getHeader(xssEncode(name));
|
if (StringUtil.isNotBlank(value)) {
|
value = xssEncode(value);
|
}
|
return value;
|
}
|
|
private String xssEncode(String input) {
|
return HTML_FILTER.filter(input);
|
}
|
|
public HttpServletRequest getOrgRequest() {
|
return this.orgRequest;
|
}
|
|
public static HttpServletRequest getOrgRequest(HttpServletRequest request) {
|
if (request instanceof XssHttpServletRequestWrapper) {
|
return ((XssHttpServletRequestWrapper) request).getOrgRequest();
|
}
|
return request;
|
}
|
}
|
