From cefc870df42b4b80a8acafc766faa5e6825782c1 Mon Sep 17 00:00:00 2001 From: pandaapo <1052156701@qq.com> Date: Tue, 2 Aug 2022 19:49:04 +0800 Subject: [PATCH] Remove the information of this PR from changes/changes-1.6.0.md to CHANGELOG.md. Resolve cheskstyle error. --- CHANGELOG.md | 1 + changes/changes-1.6.0.md | 3 +- .../example/xss/XssResponseBodyAdvice.java | 18 ++++---- .../gateway/example/callee/xss/XssFilter.java | 11 +++-- .../xss/XssHttpServletRequestWrapper.java | 34 ++++++++------- .../gateway/example/callee/xss/XssFilter.java | 11 +++-- .../xss/XssHttpServletRequestWrapper.java | 42 ++++++++++--------- .../polaris/router/example/xss/XssFilter.java | 13 ++++-- .../xss/XssHttpServletRequestWrapper.java | 37 ++++++++-------- .../polaris/router/example/xss/XssFilter.java | 11 +++-- .../xss/XssHttpServletRequestWrapper.java | 27 ++++++------ 11 files changed, 116 insertions(+), 92 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06c1f8175..a1b7203de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ # Change Log --- +- [Fix the code analysis error.](https://github.com/Tencent/spring-cloud-tencent/issues/462) diff --git a/changes/changes-1.6.0.md b/changes/changes-1.6.0.md index e9be74806..24de5fce5 100644 --- a/changes/changes-1.6.0.md +++ b/changes/changes-1.6.0.md @@ -39,5 +39,4 @@ - [docs:optimize example](https://github.com/Tencent/spring-cloud-tencent/pull/385) - [Optimize starters auto-configuration. (main)](https://github.com/Tencent/spring-cloud-tencent/pull/391/files) - [Feature: format code](https://github.com/Tencent/spring-cloud-tencent/pull/394) -- [test: add PostInitPolarisSDKContextTest](https://github.com/Tencent/spring-cloud-tencent/pull/397) -- [Fix the code analysis error.](https://github.com/Tencent/spring-cloud-tencent/issues/462) \ No newline at end of file +- [test: add PostInitPolarisSDKContextTest](https://github.com/Tencent/spring-cloud-tencent/pull/397) \ No newline at end of file diff --git a/spring-cloud-tencent-examples/polaris-circuitbreaker-example/polaris-circuitbreaker-example-a/src/main/java/com/tencent/cloud/polaris/circuitbreaker/example/xss/XssResponseBodyAdvice.java b/spring-cloud-tencent-examples/polaris-circuitbreaker-example/polaris-circuitbreaker-example-a/src/main/java/com/tencent/cloud/polaris/circuitbreaker/example/xss/XssResponseBodyAdvice.java index 0c9850be6..f16c9b71a 100644 --- a/spring-cloud-tencent-examples/polaris-circuitbreaker-example/polaris-circuitbreaker-example-a/src/main/java/com/tencent/cloud/polaris/circuitbreaker/example/xss/XssResponseBodyAdvice.java +++ b/spring-cloud-tencent-examples/polaris-circuitbreaker-example/polaris-circuitbreaker-example-a/src/main/java/com/tencent/cloud/polaris/circuitbreaker/example/xss/XssResponseBodyAdvice.java @@ -18,7 +18,12 @@ package com.tencent.cloud.polaris.circuitbreaker.example.xss; +import java.lang.reflect.Field; +import java.util.HashMap; +import java.util.Map; + import org.apache.commons.lang.StringEscapeUtils; + import org.springframework.core.MethodParameter; import org.springframework.http.MediaType; import org.springframework.http.server.ServerHttpRequest; @@ -28,12 +33,6 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; -import java.lang.reflect.Field; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - /** * Escape String in ResponseBody before write it into HttpResponse * @@ -50,11 +49,11 @@ public class XssResponseBodyAdvice implements ResponseBodyAdvice { @Override public Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType mediaType, Class aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) { if (body instanceof String) { - body = StringEscapeUtils.escapeHtml((String)body); + body = StringEscapeUtils.escapeHtml((String) body); return body; } try { - if (!((Class)body.getClass().getField("TYPE").get(null)).isPrimitive()) { + if (!((Class) body.getClass().getField("TYPE").get(null)).isPrimitive()) { Map map = new HashMap<>(); Field[] fields = body.getClass().getDeclaredFields(); for (Field field: fields) { @@ -67,7 +66,8 @@ public class XssResponseBodyAdvice implements ResponseBodyAdvice { } return map; } - } catch (NoSuchFieldException | IllegalAccessException e) { + } + catch (NoSuchFieldException | IllegalAccessException e) { e.printStackTrace(); } return body; diff --git a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java index 114d352a3..7c698a2ef 100644 --- a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java +++ b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java @@ -18,12 +18,17 @@ package com.tencent.cloud.polaris.gateway.example.callee.xss; -import org.springframework.stereotype.Component; +import java.io.IOException; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; -import java.io.IOException; + +import org.springframework.stereotype.Component; /** * filter request aim at defending against XSS diff --git a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java index 9e23f8c2b..33fba2b39 100644 --- a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java +++ b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java @@ -18,15 +18,6 @@ package com.tencent.cloud.polaris.gateway.example.callee.xss; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.web.servlet.HandlerMapping; - -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -37,6 +28,17 @@ import java.util.List; import java.util.Map; import java.util.stream.Collectors; +import javax.servlet.ReadListener; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.lang.StringEscapeUtils; + +import org.springframework.web.servlet.HandlerMapping; + /** * Wrap HttpServletRequest to escape String arguments * @@ -72,10 +74,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { * Handles arguments annotated by @RequestBody * * @return - * @throws IOException */ @Override - public ServletInputStream getInputStream() throws IOException { + public ServletInputStream getInputStream() { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody); return new ServletInputStream() { @Override @@ -103,7 +104,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestParam * - * @param name + * @param name string parameter * @return */ @Override @@ -122,7 +123,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @PathVariable * - * @param name + * @param name string parameter * @return */ @Override @@ -142,7 +143,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestHeader * - * @param name + * @param name string parameter * @return */ @Override @@ -157,7 +158,8 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { map.put(k, v); }); e = objectMapper.writeValueAsString(map); - } catch (JsonProcessingException e1) { + } + catch (JsonProcessingException e1) { e1.printStackTrace(); } return e; @@ -182,7 +184,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Escape string to defend against XSS * - * @param value + * @param value string request body */ private String cleanXSS(String value) { value = StringEscapeUtils.escapeHtml(value); diff --git a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java index 114d352a3..7c698a2ef 100644 --- a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java +++ b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssFilter.java @@ -18,12 +18,17 @@ package com.tencent.cloud.polaris.gateway.example.callee.xss; -import org.springframework.stereotype.Component; +import java.io.IOException; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; -import java.io.IOException; + +import org.springframework.stereotype.Component; /** * filter request aim at defending against XSS diff --git a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java index 1830ea5b8..c5c7e37de 100644 --- a/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java +++ b/spring-cloud-tencent-examples/polaris-gateway-example/gateway-callee-service2/src/main/java/com/tencent/cloud/polaris/gateway/example/callee/xss/XssHttpServletRequestWrapper.java @@ -18,22 +18,26 @@ package com.tencent.cloud.polaris.gateway.example.callee.xss; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.web.servlet.HandlerMapping; - -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; -import java.util.*; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; +import java.util.Map; import java.util.stream.Collectors; -import java.util.stream.Stream; + +import javax.servlet.ReadListener; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.lang.StringEscapeUtils; + +import org.springframework.web.servlet.HandlerMapping; /** * Wrap HttpServletRequest to escape String arguments @@ -69,11 +73,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestBody * - * @return - * @throws IOException + * @return ServletInputStream */ @Override - public ServletInputStream getInputStream() throws IOException { + public ServletInputStream getInputStream() { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody); return new ServletInputStream() { @Override @@ -101,7 +104,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestParam * - * @param name + * @param name string parameter * @return */ @Override @@ -120,7 +123,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @PathVariable * - * @param name + * @param name string parameter * @return */ @Override @@ -140,7 +143,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestHeader * - * @param name + * @param name string parameter * @return */ @Override @@ -155,7 +158,8 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { map.put(k, v); }); e = objectMapper.writeValueAsString(map); - } catch (JsonProcessingException e1) { + } + catch (JsonProcessingException e1) { e1.printStackTrace(); } return e; @@ -180,7 +184,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Escape string to defend against XSS * - * @param value + * @param value string request body */ private String cleanXSS(String value) { value = StringEscapeUtils.escapeHtml(value); diff --git a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java index 0f72c82d9..5a96dcd41 100644 --- a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java +++ b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java @@ -18,15 +18,20 @@ package com.tencent.cloud.polaris.router.example.xss; -import org.springframework.stereotype.Component; +import java.io.IOException; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; -import java.io.IOException; + +import org.springframework.stereotype.Component; /** - * filter request aim at defending against XSS + * filter request aim at defending against XSS. * * @author Daifu Wu */ diff --git a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java index 99b38c726..63cd61f8d 100644 --- a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java +++ b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service1/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java @@ -18,26 +18,24 @@ package com.tencent.cloud.polaris.router.example.xss; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.web.servlet.HandlerMapping; -import org.springframework.web.util.HtmlUtils; -import org.springframework.web.util.JavaScriptUtils; - -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; -import java.util.HashMap; import java.util.Map; -import java.util.stream.Stream; + +import javax.servlet.ReadListener; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.lang.StringEscapeUtils; + +import org.springframework.web.servlet.HandlerMapping; /** - * Wrap HttpServletRequest to escape String arguments + * Wrap HttpServletRequest to escape String arguments. * * @author Daifu Wu */ @@ -66,13 +64,12 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { } /** - * Handles arguments annotated by @RequestBody + * Handles arguments annotated by @RequestBody. * * @return - * @throws IOException */ @Override - public ServletInputStream getInputStream() throws IOException { + public ServletInputStream getInputStream() { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody); return new ServletInputStream() { @Override @@ -98,9 +95,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { } /** - * Handles arguments annotated by @RequestParam + * Handles arguments annotated by @RequestParam. * - * @param name + * @param name string parameter * @return */ @Override @@ -119,7 +116,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @PathVariable * - * @param name + * @param name string parameter * @return */ @Override @@ -153,7 +150,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Escape string to defend against XSS * - * @param value + * @param value string request content */ private String cleanXSS(String value) { value = StringEscapeUtils.escapeHtml(value); diff --git a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java index 0f72c82d9..96e58baaf 100644 --- a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java +++ b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssFilter.java @@ -18,12 +18,17 @@ package com.tencent.cloud.polaris.router.example.xss; -import org.springframework.stereotype.Component; +import java.io.IOException; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; -import java.io.IOException; + +import org.springframework.stereotype.Component; /** * filter request aim at defending against XSS diff --git a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java index 03a63d05f..b5a34d6e9 100644 --- a/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java +++ b/spring-cloud-tencent-examples/polaris-router-example/router-callee-service2/src/main/java/com/tencent/cloud/polaris/router/example/xss/XssHttpServletRequestWrapper.java @@ -18,20 +18,22 @@ package com.tencent.cloud.polaris.router.example.xss; -import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.web.servlet.HandlerMapping; - -import javax.servlet.ReadListener; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.util.Map; +import javax.servlet.ReadListener; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.lang.StringEscapeUtils; + +import org.springframework.web.servlet.HandlerMapping; + /** * Wrap HttpServletRequest to escape String arguments * @@ -65,10 +67,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { * Handles arguments annotated by @RequestBody * * @return - * @throws IOException */ @Override - public ServletInputStream getInputStream() throws IOException { + public ServletInputStream getInputStream() { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody); return new ServletInputStream() { @Override @@ -96,7 +97,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @RequestParam * - * @param name + * @param name string parameter * @return */ @Override @@ -115,7 +116,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Handles arguments annotated by @PathVariable * - * @param name + * @param name string parameter * @return */ @Override @@ -149,7 +150,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * Escape string to defend against XSS * - * @param value + * @param value string request body */ private String cleanXSS(String value) { value = StringEscapeUtils.escapeHtml(value);