/**
|
* Copyright (c) 2011-2014, hubin (jobob@qq.com).
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
* use this file except in compliance with the License. You may obtain a copy of
|
* the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
* License for the specific language governing permissions and limitations under
|
* the License.
|
*/
|
package com.stylefeng.guns.core.support;
|
|
import javax.servlet.http.Cookie;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequestWrapper;
|
import java.util.HashMap;
|
import java.util.Map;
|
|
/**
|
* Request请求过滤包装
|
* <p>
|
* @author hubin
|
* @Date 2014-5-8
|
*/
|
public class WafRequestWrapper extends HttpServletRequestWrapper {
|
|
private boolean filterXSS = true;
|
|
private boolean filterSQL = true;
|
|
|
public WafRequestWrapper(HttpServletRequest request, boolean filterXSS, boolean filterSQL) {
|
super(request);
|
this.filterXSS = filterXSS;
|
this.filterSQL = filterSQL;
|
}
|
|
|
public WafRequestWrapper(HttpServletRequest request) {
|
this(request, true, true);
|
}
|
|
|
/**
|
* @Description 数组参数过滤
|
* @param parameter
|
* 过滤参数
|
* @return
|
*/
|
@Override
|
public String[] getParameterValues(String parameter) {
|
String[] values = super.getParameterValues(parameter);
|
if ( values == null ) {
|
return null;
|
}
|
|
int count = values.length;
|
String[] encodedValues = new String[count];
|
for ( int i = 0 ; i < count ; i++ ) {
|
encodedValues[i] = filterParamString(values[i]);
|
}
|
|
return encodedValues;
|
}
|
|
@Override
|
@SuppressWarnings({ "rawtypes", "unchecked" })
|
public Map getParameterMap() {
|
Map<String, String[]> primary = super.getParameterMap();
|
Map<String, String[]> result = new HashMap<String, String[]>(primary.size());
|
for ( Map.Entry<String, String[]> entry : primary.entrySet() ) {
|
result.put(entry.getKey(), filterEntryString(entry.getValue()));
|
}
|
return result;
|
|
}
|
|
protected String[] filterEntryString(String[] rawValue) {
|
for ( int i = 0 ; i < rawValue.length ; i++ ) {
|
rawValue[i] = filterParamString(rawValue[i]);
|
}
|
return rawValue;
|
}
|
|
/**
|
* @Description 参数过滤
|
* @param parameter
|
* 过滤参数
|
* @return
|
*/
|
@Override
|
public String getParameter(String parameter) {
|
return filterParamString(super.getParameter(parameter));
|
}
|
|
|
/**
|
* @Description 请求头过滤
|
* @param name
|
* 过滤内容
|
* @return
|
*/
|
@Override
|
public String getHeader(String name) {
|
return filterParamString(super.getHeader(name));
|
}
|
|
|
/**
|
* @Description Cookie内容过滤
|
* @return
|
*/
|
@Override
|
public Cookie[] getCookies() {
|
Cookie[] existingCookies = super.getCookies();
|
if (existingCookies != null) {
|
for (int i = 0 ; i < existingCookies.length ; ++i) {
|
Cookie cookie = existingCookies[i];
|
cookie.setValue(filterParamString(cookie.getValue()));
|
}
|
}
|
return existingCookies;
|
}
|
|
/**
|
* @Description 过滤字符串内容
|
* @param rawValue
|
* 待处理内容
|
* @return
|
*/
|
protected String filterParamString(String rawValue) {
|
if (null == rawValue) {
|
return null;
|
}
|
String tmpStr = rawValue;
|
if (this.filterXSS) {
|
tmpStr = WafKit.stripXSS(rawValue);
|
}
|
if (this.filterSQL) {
|
tmpStr = WafKit.stripSqlInjection(tmpStr);
|
}
|
return tmpStr;
|
}
|
}
|
