Fix the code analysis error. (#479)

Co-authored-by: Haotian Zhang <928016560@qq.com>
pull/491/head
pandaapo 2 years ago committed by GitHub
parent a91a3805bc
commit 496cbfba3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -2,4 +2,5 @@
---
- [Feature: support ribbon service-level rule customization](https://github.com/Tencent/spring-cloud-tencent/pull/478)
- [Fix the code analysis error.](https://github.com/Tencent/spring-cloud-tencent/pull/479)
- [Feature: delete implement ServiceInstance](https://github.com/Tencent/spring-cloud-tencent/pull/481)

@ -120,7 +120,7 @@ public class PolarisPropertySourceAutoRefresher
LOGGER.info(
"[SCT Config] received polaris config change event and will refresh spring context."
+ "namespace = {}, group = {}, fileName = {}",
+ " namespace = {}, group = {}, fileName = {}",
polarisPropertySource.getNamespace(),
polarisPropertySource.getGroup(),
polarisPropertySource.getFileName());

@ -33,6 +33,11 @@
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-ribbon</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
</dependencies>
<build>

@ -17,6 +17,8 @@
package com.tencent.cloud.polaris.circuitbreaker.example;
import org.owasp.esapi.ESAPI;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
@ -62,6 +64,12 @@ public class ServiceAController {
ResponseEntity<String> entity = restTemplate.getForEntity(
"http://polaris-circuitbreaker-example-b/example/service/b/info",
String.class);
return entity.getBody();
String response = entity.getBody();
return cleanXSS(response);
}
private String cleanXSS(String str) {
str = ESAPI.encoder().encodeForHTML(str);
return str;
}
}

@ -0,0 +1,8 @@
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# ESAPI Encoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

@ -28,5 +28,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
</dependencies>
</project>

@ -21,6 +21,7 @@ import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import com.tencent.cloud.common.constant.MetadataConstant;
import org.owasp.esapi.ESAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -67,7 +68,13 @@ public class GatewayCalleeController {
@RequestHeader(MetadataConstant.HeaderName.CUSTOM_METADATA) String metadataStr)
throws UnsupportedEncodingException {
LOG.info(URLDecoder.decode(metadataStr, UTF_8));
return URLDecoder.decode(metadataStr, UTF_8);
metadataStr = URLDecoder.decode(metadataStr, UTF_8);
return cleanXSS(metadataStr);
}
private String cleanXSS(String str) {
str = ESAPI.encoder().encodeForHTML(str);
return str;
}
}

@ -0,0 +1,8 @@
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# ESAPI Encoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

@ -27,5 +27,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
</dependencies>
</project>

@ -21,6 +21,7 @@ import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import com.tencent.cloud.common.constant.MetadataConstant;
import org.owasp.esapi.ESAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -67,7 +68,13 @@ public class GatewayCalleeController {
@RequestHeader(MetadataConstant.HeaderName.CUSTOM_METADATA) String metadataStr)
throws UnsupportedEncodingException {
LOG.info(URLDecoder.decode(metadataStr, UTF_8));
return URLDecoder.decode(metadataStr, UTF_8);
metadataStr = URLDecoder.decode(metadataStr, UTF_8);
return cleanXSS(metadataStr);
}
private String cleanXSS(String str) {
str = ESAPI.encoder().encodeForHTML(str);
return str;
}
}

@ -0,0 +1,8 @@
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# ESAPI Encoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

@ -17,6 +17,11 @@
<groupId>com.tencent.cloud</groupId>
<artifactId>spring-cloud-starter-tencent-polaris-discovery</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
</dependencies>
<build>

@ -18,6 +18,7 @@
package com.tencent.cloud.polaris.router.example;
import org.owasp.esapi.ESAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -48,7 +49,15 @@ public class RouterCalleeController {
@PostMapping("/info")
public String info(String name, @RequestBody User user) {
LOG.info("Discovery Service Callee [{}] is called.", port);
return String.format("Discovery Service Callee [%s] is called. user = %s", port, user);
return String.format("Discovery Service Callee [%s] is called. user = %s", port, cleanXSS(user));
}
private User cleanXSS(User user) {
User u = new User();
String name = ESAPI.encoder().encodeForHTML(user.getName());
u.setName(name);
u.setAge(user.getAge());
return u;
}
}

@ -0,0 +1,8 @@
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# ESAPI Encoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

@ -17,6 +17,11 @@
<groupId>com.tencent.cloud</groupId>
<artifactId>spring-cloud-starter-tencent-polaris-discovery</artifactId>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
</dependency>
</dependencies>
<build>

@ -18,6 +18,7 @@
package com.tencent.cloud.polaris.router.example;
import org.owasp.esapi.ESAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -49,7 +50,15 @@ public class RouterCalleeController {
@PostMapping("/info")
public String info(@RequestParam("name") String name, @RequestBody User user) {
LOG.info("Discovery Service Callee [{}] is called.", port);
return String.format("Discovery Service Callee [%s] is called. user = %s", port, user);
return String.format("Discovery Service Callee [%s] is called. user = %s", port, cleanXSS(user));
}
private User cleanXSS(User user) {
User u = new User();
String name = ESAPI.encoder().encodeForHTML(user.getName());
u.setName(name);
u.setAge(user.getAge());
return u;
}
}

@ -0,0 +1,8 @@
ESAPI.printProperties=true
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
# ESAPI Encoder
Encoder.AllowMultipleEncoding=false
Encoder.AllowMixedEncoding=false
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec

@ -31,4 +31,14 @@
<maven.deploy.skip>true</maven.deploy.skip>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.1.0.1</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>

Loading…
Cancel
Save