xss 优化

license/src/main/java/iot/sixiang/license/controller/DeviceController.java

@@ -103,7 +103,8 @@ public class DeviceController {
     @MyLog(title = "获取设备详细信息接口", optParam = "#{pageNo},#{pageSize},#{appName},#{userName}", businessType = BusinessType.SELECT)
     @ApiImplicitParams({@ApiImplicitParam(name = "pageNo", value = "当前在第几页", required = true, dataType = "int"), @ApiImplicitParam(name = "pageSize", value = "每页显示多少条", required = true, dataType = "int"), @ApiImplicitParam(name = "appName", value = "应用名"), @ApiImplicitParam(name = "userName", value = "用户名")})
     public PageResult<DeviceDetailVo> getDeviceDetailList(@RequestParam(value = "pageNo", defaultValue = "0") int pageNo, @RequestParam(value = "pageSize", defaultValue = "0") int pageSize, @RequestParam(value = "appName", required = false) String appName, @RequestParam(value = "userName", required = false) String userName) {
-
+        appName = XssUtil.checkXSS(appName);
+        userName = XssUtil.checkXSS(userName);
         PageInfoModel<DeviceDetailVo> records = deviceManager.getDeviceDetailList(pageNo, pageSize, appName, userName);
         int total = records.getTotal();
         int pages = total / pageSize;//pages为总页数

license/src/main/java/iot/sixiang/license/controller/OperateController.java

@@ -112,6 +112,7 @@ public class OperateController {
     public BaseResult readAlarm() {
         String i = UserUtils.getLoginUserId();
         int uI = Integer.valueOf(i);
+        uI = Integer.valueOf(XssUtil.checkXSS(String.valueOf(uI)));
         boolean res = alarmReadService.readAlarm(uI);
         if (res) {
             return BaseResult.success();

license/src/main/java/iot/sixiang/license/controller/ResourceContrller.java

@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiOperation;
 import iot.sixiang.license.log.BusinessType;
 import iot.sixiang.license.log.MyLog;
 import iot.sixiang.license.resource.ResourceManager;
+import iot.sixiang.license.xss.XssUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -29,6 +30,7 @@ public class ResourceContrller {
     @MyLog(title = "下载资源", optParam = "#{userId}", businessType = BusinessType.OTHER)
     @ApiImplicitParam(name = "userId",value = "用户Id",required = true, dataType = "int")
     public void downloadWorkHourRecordTemplate(HttpServletResponse response, @RequestParam(value = "userId") int userId) {
+        userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
         resourceManager.downloadDeviceInfoExcle(response, userId);
     }
 

license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java

@@ -2,6 +2,7 @@ package iot.sixiang.license.jwt;
 
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
+import iot.sixiang.license.xss.XssUtil;
 import lombok.extern.slf4j.Slf4j;
 
 import javax.servlet.*;
@@ -45,6 +46,7 @@ public class JwtFilter implements Filter {
 
         if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
             if (uri.contains(url1) || uri.contains(url2)) {
+                uri = XssUtil.checkXSS(uri);
                 UserUtils.setUri(uri);
             }
             check = false;

license/src/main/java/iot/sixiang/license/service/impl/AlarmReadServiceImpl.java

@@ -47,6 +47,7 @@ public class AlarmReadServiceImpl extends ServiceImpl<AlarmReadMapper, AlarmRead
                 int typeId = alarm.getTypeId();
                 String title = alarm.getTitle();
                 String content = alarm.getContent();
+
                 boolean res = alarmReadMapper.readAlarm(alarmId, typeId, title, content, userId);
                 if (!res) {
                     return false;