解决安全漏扫问题

87d13112 · 阳浪 · 3035b591 · 87d13112 · 87d13112 · 87d13112
Commit 87d13112 authored Dec 26, 2024 by 阳浪
Showing with 38 additions and 0 deletions

src/main/java/com/yizhi/xxl/job/admin/controller/filter/DisableTraceFilter.java
+24 -0

src/main/java/com/yizhi/xxl/job/admin/controller/interceptor/WebMvcConfig.java
+13 -0

src/main/resources/application.properties
+1 -0

No files found.
--- a/src/main/java/com/yizhi/xxl/job/admin/controller/filter/DisableTraceFilter.java
+++ b/src/main/java/com/yizhi/xxl/job/admin/controller/filter/DisableTraceFilter.java
+package com.yizhi.xxl.job.admin.controller.filter;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class DisableTraceFilter implements Filter {
+ 
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        if (request instanceof HttpServletRequest) {
+            HttpServletRequest httpRequest = (HttpServletRequest) request;
+            if ("TRACE".equalsIgnoreCase(httpRequest.getMethod())||"TRACK".equalsIgnoreCase(httpRequest.getMethod())) {
+                HttpServletResponse httpResponse = (HttpServletResponse) response;
+                httpResponse.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+                return;
+            }
+        }
+        chain.doFilter(request, response);
+    }
+}
\ No newline at end of file
--- a/src/main/java/com/yizhi/xxl/job/admin/controller/interceptor/WebMvcConfig.java
+++ b/src/main/java/com/yizhi/xxl/job/admin/controller/interceptor/WebMvcConfig.java
 package com.yizhi.xxl.job.admin.controller.interceptor;

+import com.yizhi.xxl.job.admin.controller.filter.DisableTraceFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -25,4 +28,13 @@ public class WebMvcConfig implements WebMvcConfigurer {
        registry.addInterceptor(cookieInterceptor).addPathPatterns("/**");
    }

+    @Bean
+    public FilterRegistrationBean<DisableTraceFilter> disableTraceFilter() {
+        FilterRegistrationBean<DisableTraceFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(new DisableTraceFilter());
+        registrationBean.addUrlPatterns("/*");
+        registrationBean.setName("disableTraceFilter");
+        registrationBean.setOrder(1);
+        return registrationBean;
+    }
 }
\ No newline at end of file
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -59,3 +59,4 @@ xxl.job.triggerpool.slow.max=100

 ### xxl-job, log retention days
 xxl.job.logretentiondays=30
+spring.servlet.http.trace-enabled=false