From 9b4433fddf5b401edb0aace8a404ac733b122702 Mon Sep 17 00:00:00 2001
From: 田源 <tianyuan@vci-tech.com>
Date: 星期四, 03 四月 2025 14:35:02 +0800
Subject: [PATCH] 添加非密字段显示

---
 Source/BladeX-Tool/blade-core-boot/src/main/java/org/springblade/core/boot/request/XssHttpServletRequestWrapper.java |  175 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 175 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-core-boot/src/main/java/org/springblade/core/boot/request/XssHttpServletRequestWrapper.java b/Source/BladeX-Tool/blade-core-boot/src/main/java/org/springblade/core/boot/request/XssHttpServletRequestWrapper.java
new file mode 100644
index 0000000..50224bb
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-boot/src/main/java/org/springblade/core/boot/request/XssHttpServletRequestWrapper.java
@@ -0,0 +1,175 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.boot.request;
+
+import org.springblade.core.tool.utils.StringUtil;
+import org.springblade.core.tool.utils.WebUtil;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * XSS杩囨护
+ *
+ * @author Chill
+ */
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+	/**
+	 * 娌¤鍖呰杩囩殑HttpServletRequest锛堢壒娈婂満鏅�,闇�瑕佽嚜宸辫繃婊わ級
+	 */
+	private final HttpServletRequest orgRequest;
+	/**
+	 * 缂撳瓨鎶ユ枃,鏀寔澶氭璇诲彇娴�
+	 */
+	private byte[] body;
+	/**
+	 * html杩囨护
+	 */
+	private final static XssHtmlFilter HTML_FILTER = new XssHtmlFilter();
+
+	public XssHttpServletRequestWrapper(HttpServletRequest request) {
+		super(request);
+		orgRequest = request;
+	}
+
+	@Override
+	public BufferedReader getReader() throws IOException {
+		return new BufferedReader(new InputStreamReader(getInputStream()));
+	}
+
+	@Override
+	public ServletInputStream getInputStream() throws IOException {
+		if (super.getHeader(HttpHeaders.CONTENT_TYPE) == null) {
+			return super.getInputStream();
+		}
+
+		if (super.getHeader(HttpHeaders.CONTENT_TYPE).startsWith(MediaType.MULTIPART_FORM_DATA_VALUE)) {
+			return super.getInputStream();
+		}
+
+		if (body == null) {
+			body = xssEncode(WebUtil.getRequestBody(super.getInputStream())).getBytes();
+		}
+
+		final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body);
+
+		return new ServletInputStream() {
+
+			@Override
+			public int read() {
+				return byteArrayInputStream.read();
+			}
+
+			@Override
+			public boolean isFinished() {
+				return false;
+			}
+
+			@Override
+			public boolean isReady() {
+				return false;
+			}
+
+			@Override
+			public void setReadListener(ReadListener readListener) {
+			}
+		};
+	}
+
+	@Override
+	public String getParameter(String name) {
+		String value = super.getParameter(xssEncode(name));
+		if (StringUtil.isNotBlank(value)) {
+			value = xssEncode(value);
+		}
+		return value;
+	}
+
+	@Override
+	public String[] getParameterValues(String name) {
+		String[] parameters = super.getParameterValues(name);
+		if (parameters == null || parameters.length == 0) {
+			return null;
+		}
+
+		for (int i = 0; i < parameters.length; i++) {
+			parameters[i] = xssEncode(parameters[i]);
+		}
+		return parameters;
+	}
+
+	@Override
+	public Map<String, String[]> getParameterMap() {
+		Map<String, String[]> map = new LinkedHashMap<>();
+		Map<String, String[]> parameters = super.getParameterMap();
+		for (String key : parameters.keySet()) {
+			String[] values = parameters.get(key);
+			for (int i = 0; i < values.length; i++) {
+				values[i] = xssEncode(values[i]);
+			}
+			map.put(key, values);
+		}
+		return map;
+	}
+
+	@Override
+	public String getHeader(String name) {
+		String value = super.getHeader(xssEncode(name));
+		if (StringUtil.isNotBlank(value)) {
+			value = xssEncode(value);
+		}
+		return value;
+	}
+
+	private String xssEncode(String input) {
+		return HTML_FILTER.filter(input);
+	}
+
+	/**
+	 * 鑾峰彇鍒濆request
+	 *
+	 * @return HttpServletRequest
+	 */
+	public HttpServletRequest getOrgRequest() {
+		return orgRequest;
+	}
+
+	/**
+	 * 鑾峰彇鍒濆request
+	 *
+	 * @param request request
+	 * @return HttpServletRequest
+	 */
+	public static HttpServletRequest getOrgRequest(HttpServletRequest request) {
+		if (request instanceof XssHttpServletRequestWrapper) {
+			return ((XssHttpServletRequestWrapper) request).getOrgRequest();
+		}
+		return request;
+	}
+
+}

--
Gitblit v1.9.3