From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-starter-http/src/main/java/org/springblade/core/http/CssQueryMethodInterceptor.java |  176 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 176 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-starter-http/src/main/java/org/springblade/core/http/CssQueryMethodInterceptor.java b/Source/BladeX-Tool/blade-starter-http/src/main/java/org/springblade/core/http/CssQueryMethodInterceptor.java
new file mode 100644
index 0000000..78f4d6c
--- /dev/null
+++ b/Source/BladeX-Tool/blade-starter-http/src/main/java/org/springblade/core/http/CssQueryMethodInterceptor.java
@@ -0,0 +1,176 @@
+/*
+ *      Copyright (c) 2018-2028, DreamLu All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: DreamLu 鍗㈡槬姊� (596392912@qq.com)
+ */
+package org.springblade.core.http;
+
+import lombok.RequiredArgsConstructor;
+import org.jsoup.nodes.Element;
+import org.jsoup.nodes.TextNode;
+import org.jsoup.select.Elements;
+import org.jsoup.select.Selector;
+import org.springblade.core.tool.utils.ConvertUtil;
+import org.springblade.core.tool.utils.StringPool;
+import org.springblade.core.tool.utils.StringUtil;
+import org.springframework.cglib.proxy.MethodInterceptor;
+import org.springframework.cglib.proxy.MethodProxy;
+import org.springframework.core.ResolvableType;
+import org.springframework.core.convert.TypeDescriptor;
+
+import javax.annotation.Nullable;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+/**
+ * 浠ｇ悊妯″瀷
+ *
+ * @author L.cm
+ */
+@RequiredArgsConstructor
+public class CssQueryMethodInterceptor implements MethodInterceptor {
+	private final Class<?> clazz;
+	private final Element element;
+
+	@Nullable
+	@Override
+	public Object intercept(Object object, Method method, Object[] args, MethodProxy methodProxy) throws Throwable {
+		// 鍙鐞� get 鏂规硶 is
+		String name = method.getName();
+		if (!StringUtil.startsWithIgnoreCase(name, StringPool.GET)) {
+			return methodProxy.invokeSuper(object, args);
+		}
+		Field field = clazz.getDeclaredField(StringUtil.firstCharToLower(name.substring(3)));
+		CssQuery cssQuery = field.getAnnotation(CssQuery.class);
+		// 娌℃湁娉ㄨВ锛屼笉浠ｇ悊
+		if (cssQuery == null) {
+			return methodProxy.invokeSuper(object, args);
+		}
+		Class<?> returnType = method.getReturnType();
+		boolean isColl = Collection.class.isAssignableFrom(returnType);
+		String cssQueryValue = cssQuery.value();
+		// 鏄惁涓� bean 涓� bean
+		boolean isInner = cssQuery.inner();
+		if (isInner) {
+			return proxyInner(cssQueryValue, method, returnType, isColl);
+		}
+		Object proxyValue = proxyValue(cssQueryValue, cssQuery, returnType, isColl);
+		if (String.class.isAssignableFrom(returnType)) {
+			return proxyValue;
+		}
+		// 鐢ㄤ簬璇诲彇 field 涓婄殑娉ㄨВ
+		TypeDescriptor typeDescriptor = new TypeDescriptor(field);
+		return ConvertUtil.convert(proxyValue, typeDescriptor);
+	}
+
+	@Nullable
+	private Object proxyValue(String cssQueryValue, CssQuery cssQuery, Class<?> returnType, boolean isColl) {
+		if (isColl) {
+			Elements elements = Selector.select(cssQueryValue, element);
+			Collection<Object> valueList = newColl(returnType);
+			if (elements.isEmpty()) {
+				return valueList;
+			}
+			for (Element select : elements) {
+				String value = getValue(select, cssQuery);
+				if (value != null) {
+					valueList.add(value);
+				}
+			}
+			return valueList;
+		}
+		Element select = Selector.selectFirst(cssQueryValue, element);
+		return getValue(select, cssQuery);
+	}
+
+	private Object proxyInner(String cssQueryValue, Method method, Class<?> returnType, boolean isColl) {
+		if (isColl) {
+			Elements elements = Selector.select(cssQueryValue, element);
+			Collection<Object> valueList = newColl(returnType);
+			ResolvableType resolvableType = ResolvableType.forMethodReturnType(method);
+			Class<?> innerType = resolvableType.getGeneric(0).resolve();
+			if (innerType == null) {
+				throw new IllegalArgumentException("Class " + returnType + " 璇诲彇娉涘瀷澶辫触銆�");
+			}
+			for (Element select : elements) {
+				valueList.add(DomMapper.readValue(select, innerType));
+			}
+			return valueList;
+		}
+		Element select = Selector.selectFirst(cssQueryValue, element);
+		return DomMapper.readValue(select, returnType);
+	}
+
+	@Nullable
+	private String getValue(@Nullable Element element, CssQuery cssQuery) {
+		if (element == null) {
+			return null;
+		}
+		// 璇诲彇鐨勫睘鎬у悕
+		String attrName = cssQuery.attr();
+		// 璇诲彇鐨勫��
+		String attrValue;
+		if (StringUtil.isBlank(attrName)) {
+			attrValue = element.outerHtml();
+		} else if ("html".equalsIgnoreCase(attrName)) {
+			attrValue = element.html();
+		} else if ("text".equalsIgnoreCase(attrName)) {
+			attrValue = getText(element);
+		} else if ("allText".equalsIgnoreCase(attrName)) {
+			attrValue = element.text();
+		} else {
+			attrValue = element.attr(attrName);
+		}
+		// 鍒ゆ柇鏄惁闇�瑕佹鍒欏鐞�
+		String regex = cssQuery.regex();
+		if (StringUtil.isBlank(attrValue) || StringUtil.isBlank(regex)) {
+			return attrValue;
+		}
+		// 澶勭悊姝ｅ垯琛ㄨ揪寮�
+		return getRegexValue(regex, cssQuery.regexGroup(), attrValue);
+	}
+
+	@Nullable
+	private String getRegexValue(String regex, int regexGroup, String value) {
+		// 澶勭悊姝ｅ垯琛ㄨ揪寮�
+		Matcher matcher = Pattern.compile(regex, Pattern.DOTALL | Pattern.CASE_INSENSITIVE).matcher(value);
+		if (!matcher.find()) {
+			return null;
+		}
+		// 姝ｅ垯 group
+		if (regexGroup > CssQuery.DEFAULT_REGEX_GROUP) {
+			return matcher.group(regexGroup);
+		}
+		return matcher.group();
+	}
+
+	private String getText(Element element) {
+		return element.childNodes().stream()
+			.filter(node -> node instanceof TextNode)
+			.map(node -> (TextNode) node)
+			.map(TextNode::text)
+			.collect(Collectors.joining());
+	}
+
+	private Collection<Object> newColl(Class<?> returnType) {
+		return Set.class.isAssignableFrom(returnType) ? new HashSet<>() : new ArrayList<>();
+	}
+}

--
Gitblit v1.9.3