huangping/starRiverProperty
1
0
Fork 0
mirror of https://github.com/hpd840321/starRiverProperty.git synced 2026-06-10 17:00:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: 工作区反编译与 Maven/文档/脚本同步到发布分支

Browse Source 
- artifacts/decompiled 树与相关源码变更
- maven-cw-elevator-application 业务 docs 与 package-info
- scripts 下 formatter 校验与辅助脚本
- 其他子工程/接口与发布线一并纳入版本控制

Made-with: Cursor

Former-commit-id: e102e8cab64e575bcd23c9a66a598aa1892bb492
This commit is contained in:
反编译工作区
2026-04-25 09:35:35 +08:00
parent 1c28fcedfc
commit dee355b4a7
2000 changed files with 133077 additions and 169300 deletions
Download Patch File Download Diff File Expand all files Collapse all files
maven-cloudwalk-legacy-public/cloudwalk-common-web/src/main/java/cn/cloudwalk/web/xss/filter/XssFilter.java
+9 -25
View File
@@ -10,31 +10,15 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class XssFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter((ServletRequest) new XssHttpServletRequestWrapper((HttpServletRequest) request), response);
}
public class XssFilter
implements Filter
{
public void init(FilterConfig filterConfig) throws ServletException {}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter((ServletRequest)new XssHttpServletRequestWrapper((HttpServletRequest)request), response);
public void destroy() {
}
}
public void destroy() {}
}
maven-cloudwalk-legacy-public/cloudwalk-common-web/src/main/java/cn/cloudwalk/web/xss/util/CustomXssUtil.java
+29 -111
View File
@@ -3,136 +3,54 @@ package cn.cloudwalk.web.xss.util;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
public class CustomXssUtil {
private static final Pattern SCRIPT_PATTERN = Pattern.compile("<script>(.*?)</script>", 2);
private static final Pattern SRC_PATTERN1 = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
private static final Pattern SRC_PATTERN2 = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42);
private static final Pattern SINGLE_SCRIPT_PATTERN1 = Pattern.compile("</script>", 2);
private static final Pattern SINGLE_SCRIPT_PATTERN2 = Pattern.compile("<script(.*?)>", 42);
private static final Pattern IMG_SCRIPT_PATTERN = Pattern.compile("<img.*?on.*?=.*?>", 2);
private static final Pattern EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
private static final Pattern EXPRESSION_PATTERN = Pattern.compile("expression\\((.*?)\\)", 42);
private static final Pattern JS_PATTERN = Pattern.compile("javascript:", 2);
private static final Pattern VBS_PATTERN = Pattern.compile("vbscript:", 2);
private static final Pattern ONLOAD_PATTERN = Pattern.compile("onload(.*?)=", 42);
public static String stripXSS(String value) {
if (StringUtils.isBlank(value)) {
return value;
}
value = SCRIPT_PATTERN.matcher(value).replaceAll("");
value = SRC_PATTERN1.matcher(value).replaceAll("");
value = SRC_PATTERN2.matcher(value).replaceAll("");
public class CustomXssUtil
{
/* 21 */ private static final Pattern SCRIPT_PATTERN = Pattern.compile("<script>(.*?)</script>", 2);
value = SINGLE_SCRIPT_PATTERN1.matcher(value).replaceAll("");
value = SINGLE_SCRIPT_PATTERN2.matcher(value).replaceAll("");
value = IMG_SCRIPT_PATTERN.matcher(value).replaceAll("");
value = EVAL_PATTERN.matcher(value).replaceAll("");
/* 26 */ private static final Pattern SRC_PATTERN1 = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
value = EXPRESSION_PATTERN.matcher(value).replaceAll("");
/* 28 */ private static final Pattern SRC_PATTERN2 = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42);
value = JS_PATTERN.matcher(value).replaceAll("");
value = VBS_PATTERN.matcher(value).replaceAll("");
value = ONLOAD_PATTERN.matcher(value).replaceAll("");
/* 34 */ private static final Pattern SINGLE_SCRIPT_PATTERN1 = Pattern.compile("</script>", 2);
/* 35 */ private static final Pattern SINGLE_SCRIPT_PATTERN2 = Pattern.compile("<script(.*?)>", 42);
/* 41 */ private static final Pattern IMG_SCRIPT_PATTERN = Pattern.compile("<img.*?on.*?=.*?>", 2);
/* 46 */ private static final Pattern EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
/* 52 */ private static final Pattern EXPRESSION_PATTERN = Pattern.compile("expression\\((.*?)\\)", 42);
/* 58 */ private static final Pattern JS_PATTERN = Pattern.compile("javascript:", 2);
/* 63 */ private static final Pattern VBS_PATTERN = Pattern.compile("vbscript:", 2);
/* 68 */ private static final Pattern ONLOAD_PATTERN = Pattern.compile("onload(.*?)=", 42);
public static String stripXSS(String value) {
/* 96 */ if (StringUtils.isBlank(value)) {
/* 97 */ return value;
return value;
}
}
value = SCRIPT_PATTERN.matcher(value).replaceAll("");
value = SRC_PATTERN1.matcher(value).replaceAll("");
value = SRC_PATTERN2.matcher(value).replaceAll("");
value = SINGLE_SCRIPT_PATTERN1.matcher(value).replaceAll("");
value = SINGLE_SCRIPT_PATTERN2.matcher(value).replaceAll("");
value = IMG_SCRIPT_PATTERN.matcher(value).replaceAll("");
value = EVAL_PATTERN.matcher(value).replaceAll("");
value = EXPRESSION_PATTERN.matcher(value).replaceAll("");
value = JS_PATTERN.matcher(value).replaceAll("");
value = VBS_PATTERN.matcher(value).replaceAll("");
value = ONLOAD_PATTERN.matcher(value).replaceAll("");
return value;
}
}
maven-cloudwalk-legacy-public/cloudwalk-common-web/src/main/java/cn/cloudwalk/web/xss/wrapper/XssHttpServletRequestWrapper.java
+80 -123
View File
@@ -11,141 +11,98 @@ import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private final String body;
public XssHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
if (request instanceof org.springframework.web.multipart.MultipartHttpServletRequest) {
this.body = null;
return;
}
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
try {
ServletInputStream servletInputStream = request.getInputStream();
if (servletInputStream != null) {
bufferedReader = new BufferedReader(new InputStreamReader((InputStream) servletInputStream));
char[] charBuffer = new char[1024];
int bytesRead = -1;
while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
stringBuilder.append(charBuffer, 0, bytesRead);
}
}
} catch (IOException ex) {
throw ex;
} finally {
if (bufferedReader != null) {
try {
bufferedReader.close();
} catch (IOException ex) {
throw ex;
}
}
}
this.body = CustomXssUtil.stripXSS(stringBuilder.toString());
}
public String getHeader(String name) {
String value = super.getHeader(name);
return CustomXssUtil.stripXSS(value);
}
public String getParameter(String name) {
String value = super.getParameter(name);
return CustomXssUtil.stripXSS(value);
}
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values == null) {
return null;
}
int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++) {
encodedValues[i] = CustomXssUtil.stripXSS(values[i]);
}
return encodedValues;
}
public ServletInputStream getInputStream() throws IOException {
HttpServletRequest request = (HttpServletRequest) getRequest();
if (request instanceof org.springframework.web.multipart.MultipartHttpServletRequest) {
return super.getInputStream();
}
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.body.getBytes());
ServletInputStream servletInputStream = new ServletInputStream() {
public int read() throws IOException {
return byteArrayInputStream.read();
}
public boolean isFinished() {
return false;
}
public boolean isReady() {
return false;
}
public void setReadListener(ReadListener readListener) {
}
};
return servletInputStream;
}
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader((InputStream) getInputStream()));
}
public class XssHttpServletRequestWrapper
extends HttpServletRequestWrapper
{
private final String body;
public XssHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
/* 35 */ super(request);
/* 38 */ if (request instanceof org.springframework.web.multipart.MultipartHttpServletRequest) {
/* 39 */ this.body = null;
return;
}
/* 43 */ StringBuilder stringBuilder = new StringBuilder();
/* 44 */ BufferedReader bufferedReader = null;
try {
/* 46 */ ServletInputStream servletInputStream = request.getInputStream();
/* 47 */ if (servletInputStream != null) {
/* 48 */ bufferedReader = new BufferedReader(new InputStreamReader((InputStream)servletInputStream));
/* 49 */ char[] charBuffer = new char[1024];
/* 50 */ int bytesRead = -1;
/* 51 */ while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
/* 52 */ stringBuilder.append(charBuffer, 0, bytesRead);
public String getBody() {
return this.body;
}
}
}
/* 55 */ } catch (IOException ex) {
/* 56 */ throw ex;
} finally {
/* 58 */ if (bufferedReader != null) {
try {
/* 60 */ bufferedReader.close();
/* 61 */ } catch (IOException ex) {
/* 62 */ throw ex;
}
}
}
/* 68 */ this.body = CustomXssUtil.stripXSS(stringBuilder.toString());
}
public String getHeader(String name) {
/* 77 */ String value = super.getHeader(name);
/* 78 */ return CustomXssUtil.stripXSS(value);
}
public String getParameter(String name) {
/* 87 */ String value = super.getParameter(name);
/* 88 */ return CustomXssUtil.stripXSS(value);
}
public String[] getParameterValues(String name) {
/* 97 */ String[] values = super.getParameterValues(name);
/* 98 */ if (values == null) {
/* 99 */ return null;
}
int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++) {
encodedValues[i] = CustomXssUtil.stripXSS(values[i]);
}
return encodedValues;
}
public ServletInputStream getInputStream() throws IOException {
HttpServletRequest request = (HttpServletRequest)getRequest();
if (request instanceof org.springframework.web.multipart.MultipartHttpServletRequest) {
return super.getInputStream();
}
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.body.getBytes());
ServletInputStream servletInputStream = new ServletInputStream() {
public int read() throws IOException {
return byteArrayInputStream.read();
}
public boolean isFinished() {
return false;
}
public boolean isReady() {
return false;
}
public void setReadListener(ReadListener readListener) {}
};
return servletInputStream;
}
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader((InputStream)getInputStream()));
}
public String getBody() {
return this.body;
}
}