From 38e0178af9a75c743e5ee3e1012e2b084b064169 Mon Sep 17 00:00:00 2001
From: ronger <ronger-x@outlook.com>
Date: Mon, 23 May 2022 09:46:44 +0800
Subject: [PATCH] =?UTF-8?q?:lock:=20xss=20=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/impl/ArticleServiceImpl.java      |  6 +-
 .../service/impl/CommentServiceImpl.java      |  4 +-
 .../service/impl/PortfolioServiceImpl.java    |  2 +-
 .../forest/service/impl/TagServiceImpl.java   |  2 +-
 .../forest/service/impl/TopicServiceImpl.java |  4 +-
 .../java/com/rymcu/forest/util/XssUtils.java  | 91 +++++++------------
 6 files changed, 40 insertions(+), 69 deletions(-)

diff --git a/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java
index 5890793..68f919d 100644
--- a/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java
@@ -109,7 +109,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
         String articleTitle = article.getArticleTitle();
         String articleTags = article.getArticleTags();
         String articleContent = article.getArticleContent();
-        String articleContentHtml = XssUtils.replaceHtmlCode(article.getArticleContentHtml());
+        String articleContentHtml = XssUtils.filterHtmlCode(article.getArticleContentHtml());
         User user = UserUtils.getCurrentUserByToken();
         if (Objects.isNull(user)) {
             throw new BaseApiException(ErrorCode.INVALID_TOKEN);
@@ -355,7 +355,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
         if (!type.equals(articleList)) {
             ArticleContent articleContent = articleMapper.selectArticleContent(article.getIdArticle());
             if (type.equals(articleView)) {
-                article.setArticleContent(XssUtils.replaceHtmlCode(articleContent.getArticleContentHtml()));
+                article.setArticleContent(XssUtils.filterHtmlCode(articleContent.getArticleContentHtml()));
                 // 获取所属作品集列表数据
                 List<PortfolioArticleDTO> portfolioArticleDTOList = articleMapper.selectPortfolioArticles(article.getIdArticle());
                 portfolioArticleDTOList.forEach(this::genPortfolioArticles);
@@ -363,7 +363,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
             } else if (type.equals(articleEdit)) {
                 article.setArticleContent(articleContent.getArticleContent());
             } else {
-                article.setArticleContent(XssUtils.replaceHtmlCode(articleContent.getArticleContentHtml()));
+                article.setArticleContent(XssUtils.filterHtmlCode(articleContent.getArticleContentHtml()));
             }
         }
         return article;
diff --git a/src/main/java/com/rymcu/forest/service/impl/CommentServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/CommentServiceImpl.java
index 111d52b..6773cc1 100644
--- a/src/main/java/com/rymcu/forest/service/impl/CommentServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/CommentServiceImpl.java
@@ -41,7 +41,7 @@ public class CommentServiceImpl extends AbstractService<Comment> implements Comm
     private List<CommentDTO> genComments(List<CommentDTO> commentDTOList) {
         commentDTOList.forEach(commentDTO -> {
             commentDTO.setTimeAgo(Utils.getTimeAgo(commentDTO.getCreatedTime()));
-            commentDTO.setCommentContent(XssUtils.replaceHtmlCode(commentDTO.getCommentContent()));
+            commentDTO.setCommentContent(XssUtils.filterHtmlCode(commentDTO.getCommentContent()));
             if (commentDTO.getCommentAuthorId() != null) {
                 Author author = commentMapper.selectAuthor(commentDTO.getCommentAuthorId());
                 if (author != null) {
@@ -88,7 +88,7 @@ public class CommentServiceImpl extends AbstractService<Comment> implements Comm
         comment.setCommentIP(ip);
         comment.setCommentUA(ua);
         comment.setCreatedTime(new Date());
-        comment.setCommentContent(XssUtils.replaceHtmlCode(comment.getCommentContent()));
+        comment.setCommentContent(XssUtils.filterHtmlCode(comment.getCommentContent()));
         commentMapper.insertSelective(comment);
         String commentSharpUrl = article.getArticlePermalink() + "#comment-" + comment.getIdComment();
         commentMapper.updateCommentSharpUrl(comment.getIdComment(), commentSharpUrl);
diff --git a/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java
index 08492dc..c0de668 100644
--- a/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/PortfolioServiceImpl.java
@@ -76,7 +76,7 @@ public class PortfolioServiceImpl extends AbstractService<Portfolio> implements
             portfolio.setPortfolioAuthorId(user.getIdUser());
             portfolio.setCreatedTime(new Date());
             portfolio.setUpdatedTime(portfolio.getCreatedTime());
-            portfolio.setPortfolioDescriptionHtml(XssUtils.replaceHtmlCode(portfolio.getPortfolioDescription()));
+            portfolio.setPortfolioDescriptionHtml(XssUtils.filterHtmlCode(portfolio.getPortfolioDescription()));
             portfolioMapper.insertSelective(portfolio);
             PortfolioIndexUtil.addIndex(
                     PortfolioLucene.builder()
diff --git a/src/main/java/com/rymcu/forest/service/impl/TagServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/TagServiceImpl.java
index 8524506..7b6bfdf 100644
--- a/src/main/java/com/rymcu/forest/service/impl/TagServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/TagServiceImpl.java
@@ -128,7 +128,7 @@ public class TagServiceImpl extends AbstractService<Tag> implements TagService {
         Integer result;
 
         Map map = new HashMap(1);
-        tag.setTagDescription(XssUtils.replaceHtmlCode(tag.getTagDescription()));
+        tag.setTagDescription(XssUtils.filterHtmlCode(tag.getTagDescription()));
         if (tag.getIdTag() == null) {
             if (StringUtils.isBlank(tag.getTagTitle())) {
                 map.put("message", "标签名不能为空!");
diff --git a/src/main/java/com/rymcu/forest/service/impl/TopicServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/TopicServiceImpl.java
index 8d261b3..bb81f9b 100644
--- a/src/main/java/com/rymcu/forest/service/impl/TopicServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/TopicServiceImpl.java
@@ -49,8 +49,8 @@ public class TopicServiceImpl extends AbstractService<Topic> implements TopicSer
     @Override
     @Transactional(rollbackFor = Exception.class)
     public Map saveTopic(Topic topic) {
-        Integer result = 0;
-        topic.setTopicDescriptionHtml(XssUtils.replaceHtmlCode(topic.getTopicDescriptionHtml()));
+        Integer result;
+        topic.setTopicDescriptionHtml(XssUtils.filterHtmlCode(topic.getTopicDescriptionHtml()));
         Map map = new HashMap(1);
         if (topic.getIdTopic() == null) {
             if (StringUtils.isBlank(topic.getTopicTitle())) {
diff --git a/src/main/java/com/rymcu/forest/util/XssUtils.java b/src/main/java/com/rymcu/forest/util/XssUtils.java
index d35f4c8..abc1343 100644
--- a/src/main/java/com/rymcu/forest/util/XssUtils.java
+++ b/src/main/java/com/rymcu/forest/util/XssUtils.java
@@ -1,8 +1,14 @@
 package com.rymcu.forest.util;
 
+import cn.hutool.core.util.ReUtil;
 import cn.hutool.http.HtmlUtil;
 import org.apache.commons.lang.StringUtils;
 
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import java.util.regex.Pattern;
+
 /**
  * Created on 2022/5/10 17:06.
  *
@@ -31,16 +37,8 @@ public class XssUtils {
                 "onrowenter", "onrowexit", "onselectstart", "onload", "onunload", "onbeforeunload", "onblur",
                 "onerror", "onfocus", "onresize", "onscroll", "oncontextmenu", "alert"
         };
-//        content = replace(content, "<script", "<script", false);
-//        content = replace(content, "</script", "</script", false);
-//        content = replace(content, "<marquee", "<marquee", false);
-//        content = replace(content, "</marquee", "</marquee", false);
         content = HtmlUtil.removeHtmlTag(content, "script");
         content = HtmlUtil.removeHtmlTag(content, "marquee");
-        // 将单引号替换成下划线
-//        content = replace(content, "'", "_", false);
-        // 将双引号替换成下划线
-//        content = replace(content, "\"", "_", false);
         // 滤除脚本事件代码
         for (int i = 0; i < eventKeywords.length; i++) {
             // 去除相关属性
@@ -49,60 +47,33 @@ public class XssUtils {
         return content;
     }
 
-    /**
-     * 将字符串 source 中的 oldStr 替换为 newStr, 并以大小写敏感方式进行查找
-     *
-     * @param source 需要替换的源字符串
-     * @param oldStr 需要被替换的老字符串
-     * @param newStr 替换为的新字符串
-     */
-    private static String replace(String source, String oldStr, String newStr) {
-        return replace(source, oldStr, newStr, true);
-    }
-
-    /**
-     * 将字符串 source 中的 oldStr 替换为 newStr, matchCase 为是否设置大小写敏感查找
-     *
-     * @param source    需要替换的源字符串
-     * @param oldStr    需要被替换的老字符串
-     * @param newStr    替换为的新字符串
-     * @param matchCase 是否需要按照大小写敏感方式查找
-     */
-    private static String replace(String source, String oldStr, String newStr,boolean matchCase) {
-        if (StringUtils.isBlank(source)) {
-            return null;
-        }
-        // 首先检查旧字符串是否存在, 不存在就不进行替换
-        if (!source.toLowerCase().contains(oldStr.toLowerCase())) {
-            return source;
-        }
-        int findStartPos = 0;
-        int a = 0;
-        while (a > -1) {
-            int b = 0;
-            String str1, str2, str3, str4, strA, strB;
-            str1 = source;
-            str2 = str1.toLowerCase();
-            str3 = oldStr;
-            str4 = str3.toLowerCase();
-            if (matchCase) {
-                strA = str1;
-                strB = str3;
-            } else {
-                strA = str2;
-                strB = str4;
-            }
-            a = strA.indexOf(strB, findStartPos);
-            if (a > -1) {
-                b = oldStr.length();
-                findStartPos = a + b;
-                StringBuilder stringBuilder = new StringBuilder(source);
-                source = stringBuilder.replace(a, a + b, newStr) + "";
-                // 新的查找开始点位于替换后的字符串的结尾
-                findStartPos = findStartPos + newStr.length() - b;
+    public static String filterHtmlCode(String content) {
+        String regex = "<pre>[\\s|\\S]+?</pre>";
+        // 拿到匹配的pre标签List
+        List<String> resultFindAll = ReUtil.findAll(regex, content, 0, new ArrayList<>());
+        String result = "";
+        // size大于0，就做替换
+        if (resultFindAll.size() > 0) {
+            // 生成一个待替换唯一字符串
+            String preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
+            // 判断替换字符串是否唯一
+            while (ReUtil.findAll(preTagReplace, content, 0, new ArrayList<>()).size() > 0) {
+                preTagReplace = UUID.randomUUID().toString() + System.currentTimeMillis();
             }
+            Pattern pattern = Pattern.compile(preTagReplace);
+            // 替换pre标签内容
+            String preFilter = ReUtil.replaceAll(content, regex, preTagReplace);
+            System.err.println("pre标签替换");
+            System.err.println(preFilter);
+            final String[] filterResult = {HtmlUtil.filter(preFilter)};
+            resultFindAll.forEach(obj -> {
+                filterResult[0] = ReUtil.replaceFirst(pattern, filterResult[0], obj);
+            });
+            result = filterResult[0];
+        } else {
+            result = HtmlUtil.filter(content);
         }
-        return source;
+        return result;
     }
 
 }