xss 存储型测试

e635106b · zengtianlai3 · b84bb84a · e635106b · e635106b · e635106b
Commit e635106b authored Jul 17, 2022 by zengtianlai3
3 changed files
--- a/license/src/main/java/iot/sixiang/license/controller/UserController.java
+++ b/license/src/main/java/iot/sixiang/license/controller/UserController.java
@@ -17,6 +17,7 @@ import iot.sixiang.license.model.PageResult;
 import iot.sixiang.license.model.vo.UserVo;
 import iot.sixiang.license.service.UserService;
 import iot.sixiang.license.util.CommonUtil;
+import iot.sixiang.license.xss.XssUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.*;
@@ -79,6 +80,8 @@ public class UserController {
    @PostMapping("delete")
    @MyLog(title = "删除用户", optParam = "#{userId}", businessType = BusinessType.DELETE)
    public BaseResult deleteUser(@RequestParam("userId") int userId) {
+        userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
        boolean res = userService.deleteUser(userId);
        if (res) {
            return BaseResult.success();

--- a/license/src/main/java/iot/sixiang/license/xss/BeanCopyUtil.java
+++ b/license/src/main/java/iot/sixiang/license/xss/BeanCopyUtil.java
+package iot.sixiang.license.xss;
+import org.springframework.beans.BeanUtils;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.function.Supplier;
+/**
+ * @Author m33
+ * @Date 2022/7/17 11:42
+ * @Description
+ */
+public class BeanCopyUtil extends BeanUtils {
+    /**
+     * 集合数据的拷贝
+     * @param sources: 数据源类
+     * @param target: 目标类::new(eg: UserVO::new)
+     * @return
+     */
+    public static <S, T> List<T> copyListProperties(List<S> sources, Supplier<T> target) {
+        return copyListProperties(sources, target, null);
+    }
+    /**
+     * 带回调函数的集合数据的拷贝（可自定义字段拷贝规则）
+     * @param sources: 数据源类
+     * @param target: 目标类::new(eg: UserVO::new)
+     * @param callBack: 回调函数
+     * @return
+     */
+    public static <S, T> List<T> copyListProperties(List<S> sources, Supplier<T> target, BeanCopyUtilCallBack<S, T> callBack) {
+        List<T> list = new ArrayList<>(sources.size());
+        for (S source : sources) {
+            T t = target.get();
+            copyProperties(source, t);
+            list.add(t);
+            if (callBack != null) {
+                // 回调
+                callBack.callBack(source, t);
+            }
+        }
+        return list;
+    }
+}
--- a/license/src/main/java/iot/sixiang/license/xss/BeanCopyUtilCallBack.java
+++ b/license/src/main/java/iot/sixiang/license/xss/BeanCopyUtilCallBack.java
+package iot.sixiang.license.xss;
+/**
+ * @Author m33
+ * @Date 2022/7/17 11:43
+ * @Description
+ */
+@FunctionalInterface
+public interface BeanCopyUtilCallBack <S, T> {
+    /**
+     * 定义默认回调方法
+     * @param t
+     * @param s
+     */
+    void callBack(S t, T s);
+}