From 2b3849a573b76abd32fe0902c772c3519a8a35ef Mon Sep 17 00:00:00 2001 From: insistence <3055204202@qq.com> Date: Thu, 4 Jul 2024 10:57:37 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=96=B0=E5=A2=9E@Xss=E5=AD=97?= =?UTF-8?q?=E6=AE=B5=E6=A0=A1=E9=AA=8C=E8=A3=85=E9=A5=B0=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../annotation/check_annotation.py | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/ruoyi-fastapi-backend/module_admin/annotation/check_annotation.py b/ruoyi-fastapi-backend/module_admin/annotation/check_annotation.py index ab8c849..7ae15e1 100644 --- a/ruoyi-fastapi-backend/module_admin/annotation/check_annotation.py +++ b/ruoyi-fastapi-backend/module_admin/annotation/check_annotation.py @@ -1,7 +1,9 @@ +import re from functools import wraps from typing import Optional from pydantic import BaseModel from exceptions.exception import FieldValidatorException +from utils.string_util import StringUtil class ValidateFields: @@ -106,3 +108,33 @@ class Size: raise FieldValidatorException(message=self.message if self.message else f'{self.field_name}长度不能大于{self.max_length}') return func(*args, **kwargs) return wrapper + + +class Xss: + """ + 字段Xss校验装饰器 + """ + HTML_PATTERN = '<(\S*?)[^>]*>.*?|<.*? />' + + def __init__(self, field_name: str, message: Optional[str] = None): + """ + 字段Xss校验装饰器 + :param field_name: 需要校验的字段名称 + :param message: 校验失败的提示信息 + :return: + """ + self.field_name = field_name + self.message = message + + def __call__(self, func): + @wraps(func) + def wrapper(*args, **kwargs): + check_model = args[0] + if isinstance(check_model, BaseModel): + field_value = getattr(check_model, self.field_name) + if not StringUtil.is_blank(field_value): + pattern = re.compile(self.HTML_PATTERN) + if pattern.search(field_value): + raise FieldValidatorException(message=self.message if self.message else f'{self.field_name}不能包含脚本字符') + return func(*args, **kwargs) + return wrapper