From 04156d0846f967cb74814252724e894ff39b4aa7 Mon Sep 17 00:00:00 2001 From: taojinlong Date: Mon, 11 Oct 2021 15:07:18 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E7=A6=81=E7=94=A8=E3=80=90TRACE/TRACK?= =?UTF-8?q?=E3=80=91=20=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/io/dataease/commons/filter/SqlFilter.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java index 2894857bef..6eb702e0a6 100644 --- a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java +++ b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java @@ -5,6 +5,7 @@ import io.dataease.commons.wrapper.XssAndSqlHttpServletRequestWrapper; import org.apache.commons.lang3.StringUtils; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.io.*; @@ -22,6 +23,13 @@ public class SqlFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest httpRequest = (HttpServletRequest) request; + HttpServletResponse httpResponse = (HttpServletResponse) response; + if ("TRACE".equalsIgnoreCase(httpRequest.getMethod()) || "TRACK".equalsIgnoreCase(httpRequest.getMethod())) { + httpResponse.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); + return; + } + String method = "GET"; String param = ""; XssAndSqlHttpServletRequestWrapper xssRequest = null;