From b5bfe5c6813323d45cd5879a2e0f9bbd88d657e0 Mon Sep 17 00:00:00 2001 From: Charles7c Date: Wed, 26 Mar 2025 20:41:20 +0800 Subject: [PATCH] =?UTF-8?q?feat(security/xss):=20=E6=96=B0=E5=A2=9E=20XSS?= =?UTF-8?q?=20=E8=BF=87=E6=BB=A4=E6=A8=A1=E5=9D=97=EF=BC=88=E5=8E=9F=20web?= =?UTF-8?q?=20=E6=A8=A1=E5=9D=97=E5=86=85=E7=BB=84=E4=BB=B6=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../continew-starter-security-xss/pom.xml | 22 +++++++++++++++++++ .../autoconfigure}/XssAutoConfiguration.java | 15 +++++++++++-- .../xss/autoconfigure}/XssProperties.java | 6 ++--- .../starter/security/xss}/enums/XssMode.java | 2 +- .../security/xss/filter}/XssFilter.java | 3 ++- .../xss/filter}/XssServletRequestWrapper.java | 5 +++-- ...ot.autoconfigure.AutoConfiguration.imports | 1 + continew-starter-security/pom.xml | 1 + 8 files changed, 46 insertions(+), 9 deletions(-) create mode 100644 continew-starter-security/continew-starter-security-xss/pom.xml rename {continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss => continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure}/XssAutoConfiguration.java (73%) rename {continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss => continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure}/XssProperties.java (92%) rename {continew-starter-web/src/main/java/top/continew/starter/web => continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss}/enums/XssMode.java (94%) rename {continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss => continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter}/XssFilter.java (96%) rename {continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss => continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter}/XssServletRequestWrapper.java (96%) create mode 100644 continew-starter-security/continew-starter-security-xss/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports diff --git a/continew-starter-security/continew-starter-security-xss/pom.xml b/continew-starter-security/continew-starter-security-xss/pom.xml new file mode 100644 index 00000000..4533004c --- /dev/null +++ b/continew-starter-security/continew-starter-security-xss/pom.xml @@ -0,0 +1,22 @@ + + + 4.0.0 + + top.continew + continew-starter-security + ${revision} + + + continew-starter-security-xss + ContiNew Starter 安全模块 - XSS 过滤模块 + + + + + top.continew + continew-starter-web + + + \ No newline at end of file diff --git a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssAutoConfiguration.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssAutoConfiguration.java similarity index 73% rename from continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssAutoConfiguration.java rename to continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssAutoConfiguration.java index 0227e283..9a4099fb 100644 --- a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssAutoConfiguration.java +++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssAutoConfiguration.java @@ -14,8 +14,11 @@ * limitations under the License. */ -package top.continew.starter.web.autoconfigure.xss; +package top.continew.starter.security.xss.autoconfigure; +import jakarta.annotation.PostConstruct; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.boot.autoconfigure.AutoConfiguration; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; @@ -23,6 +26,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import top.continew.starter.core.constant.PropertiesConstants; +import top.continew.starter.security.xss.filter.XssFilter; /** * XSS 过滤自动配置 @@ -33,9 +37,11 @@ import top.continew.starter.core.constant.PropertiesConstants; @AutoConfiguration @ConditionalOnWebApplication @EnableConfigurationProperties(XssProperties.class) -@ConditionalOnProperty(prefix = PropertiesConstants.WEB_XSS, name = PropertiesConstants.ENABLED, havingValue = "true") +@ConditionalOnProperty(prefix = PropertiesConstants.SECURITY_XSS, name = PropertiesConstants.ENABLED, havingValue = "true") public class XssAutoConfiguration { + private static final Logger log = LoggerFactory.getLogger(XssAutoConfiguration.class); + /** * XSS 过滤器配置 */ @@ -45,4 +51,9 @@ public class XssAutoConfiguration { registrationBean.setFilter(new XssFilter(xssProperties)); return registrationBean; } + + @PostConstruct + public void postConstruct() { + log.debug("[ContiNew Starter] - Auto Configuration 'Security-XSS' completed initialization."); + } } diff --git a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssProperties.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssProperties.java similarity index 92% rename from continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssProperties.java rename to continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssProperties.java index 4f0be19d..0f619384 100644 --- a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssProperties.java +++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/autoconfigure/XssProperties.java @@ -14,11 +14,11 @@ * limitations under the License. */ -package top.continew.starter.web.autoconfigure.xss; +package top.continew.starter.security.xss.autoconfigure; import org.springframework.boot.context.properties.ConfigurationProperties; import top.continew.starter.core.constant.PropertiesConstants; -import top.continew.starter.web.enums.XssMode; +import top.continew.starter.security.xss.enums.XssMode; import java.util.ArrayList; import java.util.List; @@ -29,7 +29,7 @@ import java.util.List; * @author whhya * @since 2.0.0 */ -@ConfigurationProperties(PropertiesConstants.WEB_XSS) +@ConfigurationProperties(PropertiesConstants.SECURITY_XSS) public class XssProperties { /** diff --git a/continew-starter-web/src/main/java/top/continew/starter/web/enums/XssMode.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/enums/XssMode.java similarity index 94% rename from continew-starter-web/src/main/java/top/continew/starter/web/enums/XssMode.java rename to continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/enums/XssMode.java index 1471a504..4b5acb30 100644 --- a/continew-starter-web/src/main/java/top/continew/starter/web/enums/XssMode.java +++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/enums/XssMode.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package top.continew.starter.web.enums; +package top.continew.starter.security.xss.enums; /** * XSS 模式枚举 diff --git a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssFilter.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssFilter.java similarity index 96% rename from continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssFilter.java rename to continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssFilter.java index e26317f6..7f5f7b3e 100644 --- a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssFilter.java +++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssFilter.java @@ -14,13 +14,14 @@ * limitations under the License. */ -package top.continew.starter.web.autoconfigure.xss; +package top.continew.starter.security.xss.filter; import cn.hutool.core.collection.CollUtil; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import top.continew.starter.security.xss.autoconfigure.XssProperties; import top.continew.starter.web.util.SpringWebUtils; import java.io.IOException; diff --git a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssServletRequestWrapper.java b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java similarity index 96% rename from continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssServletRequestWrapper.java rename to continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java index 0094ed44..98addd77 100644 --- a/continew-starter-web/src/main/java/top/continew/starter/web/autoconfigure/xss/XssServletRequestWrapper.java +++ b/continew-starter-security/continew-starter-security-xss/src/main/java/top/continew/starter/security/xss/filter/XssServletRequestWrapper.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package top.continew.starter.web.autoconfigure.xss; +package top.continew.starter.security.xss.filter; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.io.IoUtil; @@ -29,7 +29,8 @@ import jakarta.servlet.ServletInputStream; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequestWrapper; import top.continew.starter.core.constant.StringConstants; -import top.continew.starter.web.enums.XssMode; +import top.continew.starter.security.xss.autoconfigure.XssProperties; +import top.continew.starter.security.xss.enums.XssMode; import java.io.BufferedReader; import java.io.ByteArrayInputStream; diff --git a/continew-starter-security/continew-starter-security-xss/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/continew-starter-security/continew-starter-security-xss/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports new file mode 100644 index 00000000..af95a7f0 --- /dev/null +++ b/continew-starter-security/continew-starter-security-xss/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -0,0 +1 @@ +top.continew.starter.security.xss.autoconfigure.XssAutoConfiguration \ No newline at end of file diff --git a/continew-starter-security/pom.xml b/continew-starter-security/pom.xml index 5030a14e..0673eca6 100644 --- a/continew-starter-security/pom.xml +++ b/continew-starter-security/pom.xml @@ -18,6 +18,7 @@ continew-starter-security-mask continew-starter-security-crypto continew-starter-security-sensitivewords + continew-starter-security-xss