chore: xxs Optimization

2 years ago · a400e021df
2 changed files with 240 additions and 234 deletions
--- a/kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/util/HTMLFilterUtil.java
+++ b/kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/util/HTMLFilterUtil.java
@ -408,7 +408,7 @@ public final class HTMLFilterUtil {
 		Matcher m = P_ENTITY.matcher(s);
 		while (m.find()) {
 			final String match = m.group(1);
-            final int decimal = Integer.decode(match).intValue();
+			final int decimal = Integer.decode(match);
 			m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
 		}
 		m.appendTail(buf);
@ -418,7 +418,7 @@ public final class HTMLFilterUtil {
 		m = P_ENTITY_UNICODE.matcher(s);
 		while (m.find()) {
 			final String match = m.group(1);
-            final int decimal = Integer.valueOf(match, 16).intValue();
+			final int decimal = Integer.parseInt(match, 16);
 			m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
 		}
 		m.appendTail(buf);
@ -428,7 +428,7 @@ public final class HTMLFilterUtil {
 		m = P_ENCODE.matcher(s);
 		while (m.find()) {
 			final String match = m.group(1);
-            final int decimal = Integer.valueOf(match, 16).intValue();
+			final int decimal = Integer.parseInt(match, 16);
 			m.appendReplacement(buf, Matcher.quoteReplacement(chr(decimal)));
 		}
 		m.appendTail(buf);
--- a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/xss/XssHttpServletRequestWrapper.java
+++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/xss/XssHttpServletRequestWrapper.java
@ -17,6 +17,7 @@ import java.io.IOException;
 /**
 *<p>
 * 扩展 Security 默认 StrictHttpFirewall（XSS）脚本攻击过滤
 * XSS、sql过滤处理
 *</p>
 *
@ -26,10 +27,11 @@ import java.io.IOException;
@Slf4j
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
-    private static String[] SQL_KEYWORDS = {"master", "truncate", "insert", "select"
+    private static final String[] SQL_KEYWORDS = {"master", "truncate", "insert", "select"
            , "delete", "update", "declare", "alter", "drop", "sleep"};
-    //sql 替换字符
+
-    private static String REPLACE_STR = "";
+    // sql 替换字符
    private static final String REPLACE_STR = "";
    /**
     * @param request
@ -43,18 +45,22 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
        String[] values = super.getParameterValues(name);
        if (values != null) {
            int length = values.length;
-            String[] escapseValues = new String[length];
+            String[] escapeValues = new String[length];
            for (int i = 0; i < length; i++) {
-                // 防xss攻击和过滤前后空格
+                // 防xss攻击和过滤html相关脚本
-                escapseValues[i] = HtmlUtil.filter(values[i]).trim();
+                escapeValues[i] = HtmlUtil.filter(values[i]).trim();
-                //防sql注入
+                // 防sql注入
-                escapseValues[i] = cleanSqlKeyWords(escapseValues[i]);
+                escapeValues[i] = cleanSqlKeyWords(escapeValues[i]);
            }
-            return escapseValues;
+            return escapeValues;
        }
        return super.getParameterValues(name);
    }
    public static void main(String[] args) {
        System.out.println(new HTMLFilterUtil().filter("<p>123</p>").trim());
    }
    private String cleanSqlKeyWords(String value) {
        String paramValue = value;
        for (String keyword : SQL_KEYWORDS) {