github/dataease
github/dataease
3
0
Fork 1
mirror of https://github.com/dataease/dataease.git synced 2025-02-23 11:03:04 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

perf: 增强url特殊字符攻击检测

Browse Source
This commit is contained in:
fit2cloud-chenyw 2025-01-22 11:25:45 +08:00 committed by fit2cloud-chenyw
parent 69da2f1cd2
commit e13a594d45
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
View File

@ -103,7 +103,7 @@ public class WhitelistUtils {
}
private static void invalidUrl(String requestURI) {
if (requestURI.contains("./") || (requestURI.contains(";") && !requestURI.contains("?"))) {
if (requestURI.contains("./") || requestURI.contains(".%") || (requestURI.contains(";") && !requestURI.contains("?"))) {
DEException.throwException(INTERFACE_ADDRESS_INVALID.code(), String.format("%s [%s]", INTERFACE_ADDRESS_INVALID.message(), requestURI));
}
}