Skip to content

I
ioc_sixiang_license
Commit af995c0c authored by zengtianlai3's avatar zengtianlai3
Browse files
Options

测试 对用户输入的大小进行了合理校验

parent 678b5b1c
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 1 deletion
license/src/main/java/iot/sixiang/license/xss/XssHttpServletRequestWrapper.java
View file @ af995c0c
...@@ -50,6 +50,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { ...@@ -50,6 +50,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String getBodyString(HttpServletRequest httpservletrequest) throws IOException { private String getBodyString(HttpServletRequest httpservletrequest) throws IOException {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
InputStream ins = httpservletrequest.getInputStream(); InputStream ins = httpservletrequest.getInputStream();
int available = ins.available();
if (available > 20000) {
throw new IotLicenseException(ResultCode.VALIDATE_FAILED.getCode(), "数据过大");
}
boolean isMultipartContent = ServletFileUpload.isMultipartContent(httpservletrequest); boolean isMultipartContent = ServletFileUpload.isMultipartContent(httpservletrequest);
CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver(httpservletrequest.getSession().getServletContext()); CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver(httpservletrequest.getSession().getServletContext());
boolean isMultipart = commonsMultipartResolver.isMultipart(httpservletrequest); boolean isMultipart = commonsMultipartResolver.isMultipart(httpservletrequest);
...@@ -74,7 +78,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { ...@@ -74,7 +78,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
* @throws IOException * @throws IOException
*/ */
@Override @Override
public ServletInputStream getInputStream() throws IOException { public ServletInputStream getInputStream(){
// 非文件上传进行过滤 // 非文件上传进行过滤
if (!fileUpload) { if (!fileUpload) {
// 获取body中的请求参数 // 获取body中的请求参数
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment