-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
v1ll4n
committed
Jul 22, 2024
1 parent
e3b901a
commit fb40ed8
Showing
6 changed files
with
101 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 7 additions & 4 deletions
11
java-realworld/sample/src/main/java/com/example/demo/DemoApplication.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,16 @@ | ||
| package com.example.demo; | ||
|
|
||
| import com.example.demo.controller.utils.DBUtil; | ||
| import org.springframework.boot.SpringApplication; | ||
| import org.springframework.boot.autoconfigure.SpringBootApplication; | ||
| import org.springframework.context.ConfigurableApplicationContext; | ||
| import org.springframework.jdbc.core.JdbcTemplate; | ||
|
|
||
| @SpringBootApplication | ||
| public class DemoApplication { | ||
|
|
||
| public static void main(String[] args) { | ||
| SpringApplication.run(DemoApplication.class, args); | ||
| } | ||
|
|
||
| public static void main(String[] args) { | ||
| ConfigurableApplicationContext context = SpringApplication.run(DemoApplication.class, args); | ||
| DBUtil.setJdbcTemplate(context.getBean(JdbcTemplate.class)); | ||
| } | ||
| } |
41 changes: 41 additions & 0 deletions
41
...world/sample/src/main/java/com/example/demo/controller/deepcross/DeepCrossController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| package com.example.demo.controller.deepcross; | ||
|
|
||
| import com.example.demo.controller.utils.DummyUtil; | ||
| import org.springframework.http.ResponseEntity; | ||
| import org.springframework.web.bind.annotation.GetMapping; | ||
| import org.springframework.web.bind.annotation.RequestParam; | ||
| import org.springframework.web.bind.annotation.ResponseBody; | ||
| import org.springframework.web.bind.annotation.RestController; | ||
|
|
||
| @RestController | ||
| public class DeepCrossController { | ||
| @GetMapping({"/xss/safe", "/xss/no-cross"}) | ||
| public ResponseEntity<String> noDeepCross(@RequestParam(required = false) String body) { | ||
| if (body == null) { | ||
| return ResponseEntity.ok("No input, try <a href='/xss/no-cross?body=hello-world'>here</a>"); | ||
| } | ||
| ResponseEntity<String> resp = ResponseEntity.ok(body); | ||
| return resp; | ||
| } | ||
|
|
||
| @GetMapping({"/xss/unsafe1", "/xss/cross-method"}) | ||
| public ResponseEntity<String> CrossMethod(@RequestParam String body) { | ||
| return DeepCrossController.directWrite(body); | ||
| } | ||
|
|
||
| private static ResponseEntity<String> directWrite(String body) { | ||
| ResponseEntity<String> resp = ResponseEntity.ok(body); | ||
| return resp; | ||
| } | ||
|
|
||
| @GetMapping({"/xss/unsafe2", "/xss/cross-other-method"}) | ||
| public ResponseEntity<String> CrossMethod3(@RequestParam String body) { | ||
| return directWrite(DummyUtil.nothing(body)); | ||
| } | ||
|
|
||
| @GetMapping({"/xss/unsafe3", "/xss/cross-other-filter"}) | ||
| public ResponseEntity<String> CrossMethod4(@RequestParam String body) { | ||
| return directWrite(DummyUtil.filterXSS(body)); | ||
| } | ||
| } | ||
|
|
22 changes: 22 additions & 0 deletions
22
...world/sample/src/main/java/com/example/demo/controller/global/GlobalExceptionHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| package com.example.demo.controller.global; | ||
|
|
||
| import org.springframework.http.HttpStatus; | ||
| import org.springframework.http.ResponseEntity; | ||
| import org.springframework.web.bind.annotation.ControllerAdvice; | ||
| import org.springframework.web.bind.annotation.ExceptionHandler; | ||
|
|
||
| import java.io.PrintWriter; | ||
| import java.io.StringWriter; | ||
|
|
||
| @ControllerAdvice | ||
| public class GlobalExceptionHandler { | ||
| @ExceptionHandler(value = {Exception.class}) | ||
| public ResponseEntity<Object> handleException(Exception ex) { | ||
| StringWriter sw = new StringWriter(); | ||
| PrintWriter pw = new PrintWriter(sw); | ||
| // 打印异常信息到控制台 | ||
| ex.printStackTrace(pw); | ||
| // 将异常信息返回到结果中 | ||
| return new ResponseEntity<>(sw.toString(), HttpStatus.INTERNAL_SERVER_ERROR); | ||
| } | ||
| } |
20 changes: 20 additions & 0 deletions
20
java-realworld/sample/src/main/java/com/example/demo/controller/utils/DBUtil.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| package com.example.demo.controller.utils; | ||
|
|
||
| import org.springframework.jdbc.core.JdbcTemplate; | ||
|
|
||
| import java.util.List; | ||
| import java.util.Map; | ||
|
|
||
| public class DBUtil { | ||
|
|
||
| private static JdbcTemplate jdbcTemplate = null; | ||
|
|
||
| public static void setJdbcTemplate(JdbcTemplate tmp) { | ||
| jdbcTemplate = tmp; | ||
| } | ||
|
|
||
| public static List<Map<String, Object>> querySomeResult(String whereCondition) { | ||
| String sql = "SELECT * FROM your_table WHERE " + whereCondition; | ||
| return jdbcTemplate.queryForList(sql); | ||
| } | ||
| } |
11 changes: 11 additions & 0 deletions
11
java-realworld/sample/src/main/java/com/example/demo/controller/utils/DummyUtil.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| package com.example.demo.controller.utils; | ||
|
|
||
| public class DummyUtil { | ||
| public static String filterXSS(String s) { | ||
| return s.replaceAll("<", "<").replaceAll(">", ">"); | ||
| } | ||
|
|
||
| public static String nothing(String s) { | ||
| return s; | ||
| } | ||
| } |