8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-07 23:28:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #217 from didi/dev

Browse Source 
拒绝包含./或/连续过多的接口请求
This commit is contained in:
EricZeng
2021-03-31 20:00:52 +08:00
committed by GitHub
parent 99a3e360fe 9e7450c012
commit f38ab4a9ce
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
View File

@@ -64,11 +64,13 @@ public class LoginServiceImpl implements LoginService {
@Override @Override
public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
String uri = request.getRequestURI().replace("//", "/"); String uri = request.getRequestURI();
if (uri.contains("/../") || uri.contains("/./")) { if (uri.contains("./") || uri.contains("///")) {
LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains /../ or /./||uri={}", uri); LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains ../ or ./ or ///||uri={}", uri);
singleSignOn.setRedirectToLoginPage(response);
return false; return false;
} }
uri = uri.replaceAll("//", "/");
if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX) if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX)
|| uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX) || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX)