测试对用户输入的大小进行了合理校验

af995c0c · zengtianlai3 · 678b5b1c · af995c0c
Commit af995c0c authored Jul 17, 2022 by zengtianlai3
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

XssHttpServletRequestWrapper.java ...iot/sixiang/license/xss/XssHttpServletRequestWrapper.java +5 -1

No files found.
--- a/license/src/main/java/iot/sixiang/license/xss/XssHttpServletRequestWrapper.java
+++ b/license/src/main/java/iot/sixiang/license/xss/XssHttpServletRequestWrapper.java
@@ -50,6 +50,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String getBodyString(HttpServletRequest httpservletrequest) throws IOException {
        StringBuilder sb = new StringBuilder();
        InputStream ins = httpservletrequest.getInputStream();
+        int available = ins.available();
+        if (available > 20000) {
+            throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(), "数据过大");
+        }
        boolean isMultipartContent = ServletFileUpload.isMultipartContent(httpservletrequest);
        CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver(httpservletrequest.getSession().getServletContext());
        boolean isMultipart = commonsMultipartResolver.isMultipart(httpservletrequest);
@@ -74,7 +78,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     * @throws IOException
     */
    @Override
-    public ServletInputStream getInputStream() throws IOException {
+    public ServletInputStream getInputStream(){
        // 非文件上传进行过滤
        if (!fileUpload) {
            // 获取body中的请求参数