diff --git a/shenyu-admin/src/main/resources/sql-script/h2/schema.sql b/shenyu-admin/src/main/resources/sql-script/h2/schema.sql index ce1ba2ace8d6..fbb60f4080a9 100755 --- a/shenyu-admin/src/main/resources/sql-script/h2/schema.sql +++ b/shenyu-admin/src/main/resources/sql-script/h2/schema.sql @@ -505,13 +505,23 @@ INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_v INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1572621976689762308', 'loadBalance', 'LOAD_BALANCE', 'p2c', 'p2c', 'p2c', 0, 1); INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1572621976689762309', 'loadBalance', 'LOAD_BALANCE', 'shortestResponse', 'shortestResponse', 'shortestResponse', 0, 1); -/*plugin*/ +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367554', 'request', 'request', 'enable', 'enable', '', 2, 1); +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367555', 'request', 'request', 'close', 'close', '', 1, 1); + +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367556', 'response', 'response', 'enable', 'enable', '', 2, 1); +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367557', 'response', 'response', 'close', 'close', '', 1, 1); + +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367558', 'cookie', 'ATTACK', 'enable', 'enable', '', 2, 1); +INSERT IGNORE INTO `shenyu_dict` (`id`, `type`,`dict_code`, `dict_name`, `dict_value`, `desc`, `sort`, `enabled`) VALUES ('1630761984393367559', 'cookie', 'ATTACK', 'close', 'close', '', 1, 1); + + INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('1','sign','Authentication', 20, '0'); INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`,`config`,`enabled`) VALUES ('2','waf', 'Authentication', 50,'{"model":"black"}','0'); -INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('3','rewrite', 'HttpProcess', 90,'0'); -INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('4','rateLimiter','FaultTolerance', 60,'{"master":"mymaster","mode":"standalone","url":"192.168.1.1:6379","password":"abc"}', '0'); -INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('5','divide', 'Proxy', 200,'{"multiSelectorHandle":"1","multiRuleHandle":"0"}','1'); -INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('6','dubbo','Proxy', 310,'{"register":"zookeeper://localhost:2181","multiSelectorHandle":"1","threadpool":"shared","corethreads":0,"threads":2147483647,"queues":0}', '0'); +INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`,`config`,`enabled`) VALUES ('3','xss', 'Authentication', 55,'{"request":"intercept","response":"close","cookie":"close"}','1'); +INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('4','rewrite', 'HttpProcess', 90,'0'); +INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('5','rateLimiter','FaultTolerance', 60,'{"master":"mymaster","mode":"standalone","url":"192.168.1.1:6379","password":"abc"}', '0'); +INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('6','divide', 'Proxy', 200,'{"multiSelectorHandle":"1","multiRuleHandle":"0"}','1'); +INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`,`enabled`) VALUES ('7','dubbo','Proxy', 310,'{"register":"zookeeper://localhost:2181","multiSelectorHandle":"1","threadpool":"shared","corethreads":0,"threads":2147483647,"queues":0}', '0'); INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('8','springCloud','Proxy', 200, '0'); INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('9','hystrix', 'FaultTolerance', 130,'0'); INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('10','sentinel', 'FaultTolerance', 140,'0'); @@ -547,6 +557,11 @@ INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `enabled`) VALUES ('4 INSERT IGNORE INTO `plugin` (`id`, `name`, `role`, `sort`, `config`, `enabled`) VALUES ('41', 'brpc', 'Proxy', 310,'{"address":"127.0.0.1","port":"8005","corethreads":0,"threads":2147483647,"queues":0,"threadpool":"shared"}','0'); /*insert plugin_handle data for sentinel*/ +INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613204172963', '3', 'request', 'Request', 3, 3, 1, '{"required":"1","defaultValue":"enable","placeholder":"attack"}'); +INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613204172964', '3', 'response', 'Response', 3, 3, 2, '{"required":"1","defaultValue":"close","placeholder":"attack"}'); +INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613204172965', '3', 'cookie', 'Cookie', 3, 3, 3, '{"required":"1","defaultValue":"close","placeholder":"attack"}'); + + INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613195784246', '10', 'flowRuleGrade', 'flowRuleGrade', 3, 2, 8, '{"required":"1","defaultValue":"1","rule":""}'); INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613199978496', '10', 'flowRuleControlBehavior', 'flowRuleControlBehavior', 3, 2, 5, '{"required":"1","defaultValue":"0","rule":""}'); INSERT IGNORE INTO plugin_handle (`id`, `plugin_id`,`field`,`label`,`data_type`,`type`,`sort`,`ext_obj`) VALUES ('1529402613199978497', '10', 'flowRuleEnable', 'flowRuleEnable 1 or 0)', 1, 2, 7, '{"required":"1","defaultValue":"1","rule":"/^[01]$/"}'); diff --git a/shenyu-bootstrap/pom.xml b/shenyu-bootstrap/pom.xml index 135a3f805678..9eafaca12540 100644 --- a/shenyu-bootstrap/pom.xml +++ b/shenyu-bootstrap/pom.xml @@ -64,6 +64,14 @@ + + + org.apache.shenyu + shenyu-spring-boot-starter-plugin-xss + ${project.version} + + + org.apache.shenyu diff --git a/shenyu-common/src/main/java/org/apache/shenyu/common/dto/convert/rule/XssHandle.java b/shenyu-common/src/main/java/org/apache/shenyu/common/dto/convert/rule/XssHandle.java new file mode 100644 index 000000000000..e2552459c2e3 --- /dev/null +++ b/shenyu-common/src/main/java/org/apache/shenyu/common/dto/convert/rule/XssHandle.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.shenyu.common.dto.convert.rule; + +import java.util.Objects; + +/** + * this is Xss plugin handle. + */ +public class XssHandle { + + /** + * permission. + */ + private String permission; + + /** + * statusCode. + */ + private String statusCode; + + /** + * get permission. + * + * @return permission + */ + public String getPermission() { + return permission; + } + + /** + * set permission. + * + * @param permission permission + */ + public void setPermission(final String permission) { + this.permission = permission; + } + + /** + * get statusCode. + * + * @return statusCode + */ + public String getStatusCode() { + return statusCode; + } + + /** + * set statusCode. + * + * @param statusCode statusCode + */ + public void setStatusCode(final String statusCode) { + this.statusCode = statusCode; + } + + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + XssHandle XssHandle = (XssHandle) o; + return Objects.equals(permission, XssHandle.permission) && Objects.equals(statusCode, XssHandle.statusCode); + } + + @Override + public int hashCode() { + return Objects.hash(permission, statusCode); + } + + @Override + public String toString() { + return "XssHandle{" + + "permission='" + + permission + + '\'' + + ", statusCode='" + + statusCode + + '\'' + + '}'; + } +} diff --git a/shenyu-common/src/main/java/org/apache/shenyu/common/enums/PluginEnum.java b/shenyu-common/src/main/java/org/apache/shenyu/common/enums/PluginEnum.java index 8e28218de6fb..1af74ca03f81 100644 --- a/shenyu-common/src/main/java/org/apache/shenyu/common/enums/PluginEnum.java +++ b/shenyu-common/src/main/java/org/apache/shenyu/common/enums/PluginEnum.java @@ -75,7 +75,12 @@ public enum PluginEnum { * Waf plugin enum. */ WAF(50, 0, "waf"), - + + /** + * Xss plugin enum. + */ + XSS(55, 0, "xss"), + /** * Rate limiter plugin enum. */ diff --git a/shenyu-common/src/main/java/org/apache/shenyu/common/enums/XssEnum.java b/shenyu-common/src/main/java/org/apache/shenyu/common/enums/XssEnum.java new file mode 100644 index 000000000000..bbb0a4356b28 --- /dev/null +++ b/shenyu-common/src/main/java/org/apache/shenyu/common/enums/XssEnum.java @@ -0,0 +1,51 @@ +package org.apache.shenyu.common.enums; + +/** + * xss enum. + */ +public enum XssEnum { + + + /** + * Reject xss enum. + */ + REJECT(0, "reject"), + + /** + * Allow xss enum. + */ + ALLOW(1, "allow"); + + private final int code; + + private final String name; + + /** + * all args constructor. + * + * @param code code + * @param name name + */ + XssEnum(final int code, final String name) { + this.code = code; + this.name = name; + } + + /** + * get code. + * + * @return code + */ + public int getCode() { + return code; + } + + /** + * get name. + * + * @return name + */ + public String getName() { + return name; + } +} diff --git a/shenyu-plugin/pom.xml b/shenyu-plugin/pom.xml index fd9ad504bf0a..ddc6c849c6c0 100644 --- a/shenyu-plugin/pom.xml +++ b/shenyu-plugin/pom.xml @@ -65,5 +65,6 @@ shenyu-plugin-casdoor shenyu-plugin-key-auth shenyu-plugin-brpc + shenyu-plugin-xss diff --git a/shenyu-plugin/shenyu-plugin-xss/pom.xml b/shenyu-plugin/shenyu-plugin-xss/pom.xml new file mode 100644 index 000000000000..75bd1586ec14 --- /dev/null +++ b/shenyu-plugin/shenyu-plugin-xss/pom.xml @@ -0,0 +1,62 @@ + + + + + + org.apache.shenyu + shenyu-plugin + 2.6.0-SNAPSHOT + + 4.0.0 + shenyu-plugin-xss + + + + org.apache.shenyu + shenyu-plugin-base + ${project.version} + + + org.apache.shenyu + shenyu-loadbalancer + ${project.version} + + + io.projectreactor + reactor-test + test + + + org.assertj + assertj-core + test + + + com.fasterxml.jackson.module + jackson-module-kotlin + test + + + org.springframework + spring-test + test + + + \ No newline at end of file diff --git a/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/XssPlugin.java b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/XssPlugin.java new file mode 100644 index 000000000000..cd8a7491d3ad --- /dev/null +++ b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/XssPlugin.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.shenyu.plugin.xss; + +import org.apache.shenyu.common.dto.RuleData; +import org.apache.shenyu.common.dto.SelectorData; +import org.apache.shenyu.common.dto.convert.rule.XssHandle; +import org.apache.shenyu.common.enums.PluginEnum; +import org.apache.shenyu.common.utils.Singleton; +import org.apache.shenyu.plugin.api.ShenyuPluginChain; +import org.apache.shenyu.plugin.base.AbstractShenyuPlugin; +import org.apache.shenyu.plugin.base.utils.CacheKeyUtils; +import org.apache.shenyu.plugin.xss.config.XssConfig; +import org.apache.shenyu.plugin.xss.handler.XssPluginDataHandler; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpHeaders; +import org.springframework.http.server.reactive.ServerHttpRequest; +import org.springframework.http.server.reactive.ServerHttpResponse; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.util.HtmlUtils; +import org.springframework.web.util.UriComponentsBuilder; +import reactor.core.publisher.Mono; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +/** + * XSS plugin avoids common XSS attacks. + */ +public class XssPlugin extends AbstractShenyuPlugin { + + private static final Logger LOG = LoggerFactory.getLogger(XssPlugin.class); + + + @Override + protected Mono doExecute(final ServerWebExchange exchange, final ShenyuPluginChain chain, final SelectorData selector, final RuleData rule) { + LOG.info("Xss plugin doExecute start."); + + final XssConfig xssConfig = Singleton.INST.get(XssConfig.class); + XssHandle xssHandle = XssPluginDataHandler.CACHED_HANDLE.get().obtainHandle(CacheKeyUtils.INST.getKey(rule)); + + // Parameter attack + if (Objects.isNull(xssHandle)) { + LOG.error("xss handler can not configuration,skip."); + return chain.execute(exchange); + } + final HttpHeaders headers = exchange.getResponse().getHeaders(); + + +// ServerHttpRequest request = exchange.getRequest(); +// ServerWebExchange modifiedExchange = exchange.mutate() +// .request(originalRequest -> originalRequest.uri( +// UriComponentsBuilder.fromUri(exchange.getRequest() +// .getURI()) +// .replaceQueryParams(parameterToHtml(request, xssHandle)) +// .build() +// .encode() +// .toUri() +// ) +// ).build(); + + // Parameter attack + + + // CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + if (!headers.containsKey("Content-Security-Policy")) { + headers.add("Content-Security-Policy", "script-src 'self'"); + } + // CSP + + + // Cookie Http only + ServerHttpResponse response = exchange.getResponse(); + List cookies = headers.get(HttpHeaders.SET_COOKIE); + + if (cookies != null) { + final String cookieStr = String.join(",", cookies); + if (!cookieStr.contains("HttpOnly")) { + List newCookies = new ArrayList<>(cookies.size()); + for (String cookie : cookies) { + if (cookie.contains("JSESSIONID")) { + newCookies.add(cookie + "; HttpOnly"); + } else { + newCookies.add(cookie); + } + } + headers.put(HttpHeaders.SET_COOKIE, newCookies); + } + } + // Cookie Http only + + + LOG.info("Xss plugin doExecute end."); + return chain.execute(exchange); + } + + private MultiValueMap parameterToHtml(final ServerHttpRequest request, final XssHandle xssHandle) { + MultiValueMap queryParams = new LinkedMultiValueMap<>(request.getQueryParams()); + + queryParams.forEach((k, v) -> { + final List newValues = new ArrayList<>(); + for (final String value : v) { + newValues.add(HtmlUtils.htmlEscape(value)); + } + queryParams.replace(k, newValues); + }); + return queryParams; + } + + + @Override + public int getOrder() { + return PluginEnum.XSS.getCode(); + } + + @Override + public String named() { + return PluginEnum.XSS.getName(); + } + +} diff --git a/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/config/XssConfig.java b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/config/XssConfig.java new file mode 100644 index 000000000000..d650118eb88a --- /dev/null +++ b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/config/XssConfig.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.shenyu.plugin.xss.config; + +import java.io.Serializable; + +/** + * The type Xss config. + */ +public class XssConfig implements Serializable { + + private static final long serialVersionUID = 96834909685183123L; + + private String request; + + private String response; + + private String csp; + + private String httpOnly; + + + /** + * get request. + * + * @return request + */ + public String getRequest() { + return request; + } + + /** + * set request. + * + * @param request request + */ + public void setRequest(final String request) { + this.request = request; + } + + /** + * get response. + * + * @return response + */ + public String getResponse() { + return response; + } + + /** + * set response. + * + * @param response response + */ + public void setResponse(final String response) { + this.response = response; + } + + /** + * get csp. + * + * @return csp + */ + public String getCsp() { + return csp; + } + + /** + * set csp. + * + * @param csp csp + */ + public void setCsp(final String csp) { + this.csp = csp; + } + + /** + * get httpOnly. + * + * @return httpOnly + */ + public String getHttpOnly() { + return httpOnly; + } + + /** + * set httpOnly. + * + * @param httpOnly httpOnly + */ + public void setHttpOnly(final String httpOnly) { + this.httpOnly = httpOnly; + } + +// +// public Boolean enableHttpOnly() { +// +// } +} diff --git a/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/handler/XssPluginDataHandler.java b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/handler/XssPluginDataHandler.java new file mode 100644 index 000000000000..c818dd670723 --- /dev/null +++ b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/handler/XssPluginDataHandler.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.shenyu.plugin.xss.handler; + +import org.apache.shenyu.common.dto.PluginData; +import org.apache.shenyu.common.dto.RuleData; +import org.apache.shenyu.common.dto.convert.rule.XssHandle; +import org.apache.shenyu.common.enums.PluginEnum; +import org.apache.shenyu.common.utils.GsonUtils; +import org.apache.shenyu.common.utils.Singleton; +import org.apache.shenyu.plugin.base.cache.CommonHandleCache; +import org.apache.shenyu.plugin.base.handler.PluginDataHandler; +import org.apache.shenyu.plugin.base.utils.BeanHolder; +import org.apache.shenyu.plugin.base.utils.CacheKeyUtils; +import org.apache.shenyu.plugin.xss.config.XssConfig; + +import java.util.Optional; +import java.util.function.Supplier; + +/** + * The type Xss plugin data handler. + */ +public class XssPluginDataHandler implements PluginDataHandler { + + public static final Supplier> CACHED_HANDLE = new BeanHolder<>(CommonHandleCache::new); + + @Override + public void handlerPlugin(final PluginData pluginData) { + XssConfig XssConfig = GsonUtils.getInstance().fromJson(pluginData.getConfig(), XssConfig.class); + Singleton.INST.single(XssConfig.class, XssConfig); + } + + @Override + public void handlerRule(final RuleData ruleData) { + Optional.ofNullable(ruleData.getHandle()).ifPresent(s -> { + final XssHandle XssHandle = GsonUtils.getInstance().fromJson(s, XssHandle.class); + CACHED_HANDLE.get().cachedHandle(CacheKeyUtils.INST.getKey(ruleData), XssHandle); + }); + } + + @Override + public void removeRule(final RuleData ruleData) { + Optional.ofNullable(ruleData.getHandle()).ifPresent(s -> CACHED_HANDLE.get().removeHandle(CacheKeyUtils.INST.getKey(ruleData))); + } + + @Override + public String pluginNamed() { + return PluginEnum.XSS.getName(); + } +} diff --git a/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/utils/XSSUtils.java b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/utils/XSSUtils.java new file mode 100644 index 000000000000..d96c275a5e02 --- /dev/null +++ b/shenyu-plugin/shenyu-plugin-xss/src/main/java/org/apache/shenyu/plugin/xss/utils/XSSUtils.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.shenyu.plugin.xss.utils; + +import org.springframework.util.StringUtils; + +import java.util.regex.Pattern; + +/** + * xss utils. + */ +public final class XSSUtils { + + private XSSUtils() { + } + + private static final Pattern[] PATTERNS = { + // Avoid anything in a ", Pattern.CASE_INSENSITIVE), + // Avoid anything in a src='...' type of expression + Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), + Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), + // Remove any lonesome tag + Pattern.compile("", Pattern.CASE_INSENSITIVE), + // Avoid anything in a ", Pattern.CASE_INSENSITIVE), + // Remove any lonesome