漏洞修复

ruoyi-admin/pom.xml

@@ -119,6 +119,11 @@
             <version>3.3.3</version>
         </dependency>
         -->
+        <dependency>
+            <groupId>org.apache.pdfbox</groupId>
+            <artifactId>pdfbox</artifactId>
+            <version>2.0.31</version>
+        </dependency>
     </dependencies>
 
     <build>

ruoyi-admin/src/main/java/com/ruoyi/web/controller/cas/CASLoginController.java

@@ -200,8 +200,8 @@ public class CASLoginController {
      * @param loginBody 登录信息
      * @return 结果
      */
-    @RequestMapping("/postcheck/login")
-    @ResponseBody
+//    @RequestMapping("/postcheck/login")
+//    @ResponseBody
     public AjaxResult casLogin(@RequestBody LoginBody loginBody, HttpServletRequest request) {
 //        String serverLoginUrl = casConfig.getServerLoginUrl();
 //        String serverLogoutUrl = casConfig.getServerLogoutUrl();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java

@@ -14,6 +14,7 @@ import javax.servlet.http.HttpServletResponse;
 import com.ruoyi.common.annotation.Anonymous;
 import com.ruoyi.common.utils.AntiVirus;
 import com.ruoyi.postCheck.service.IPostCheckedService;
+import com.ruoyi.web.controller.utils.PdfUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -103,6 +104,18 @@ public class CommonController {
             if (!AntiVirus.scanFileName(file.getOriginalFilename())) {
                 return AjaxResult.error("危险文件，不可以上传。");
             }
+            // 文件后缀
+            String fileNameXSS = file.getOriginalFilename();
+            String suffix = fileNameXSS.substring(fileNameXSS.lastIndexOf(".") + 1).toLowerCase();
+
+            // 判断是否是pdf文件类型
+            if (StringUtils.equals(suffix, "pdf")) {
+                // 判断文件xss攻击
+                boolean haveJavaScript = PdfUtils.containsJavaScript(PdfUtils.multipartFileToFile(file));
+                if (haveJavaScript) {
+//                    return ("对不起,您上传的文件[" + fileName + "]包含xss脚本代码!");
+                }
+            }
 //            System.out.println("file ============================= " + file);
 //            System.out.println("unid ============================= " + unid);
 //            System.out.println("returnImage ============================= " + returnImage);

ruoyi-admin/src/main/java/com/ruoyi/web/controller/utils/PdfUtils.java

@@ -0,0 +1,95 @@
+package com.ruoyi.web.controller.utils;
+
+
+import com.ruoyi.common.utils.uuid.UUID;
+import lombok.extern.log4j.Log4j2;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.*;
+
+/**
+ * @Author: Ljx
+ * @Date: 2023/12/20
+ **/
+@Log4j2
+public class PdfUtils {
+
+    /**
+     * 获取不带扩展名的文件名
+     */
+    public static String getFileNameNoSuffix(String filename) {
+        if ((filename != null) && (filename.length() > 0)) {
+            int dot = filename.lastIndexOf('.');
+            if ((dot > -1) && (dot < (filename.length()))) {
+                return filename.substring(0, dot);
+            }
+        }
+        return filename;
+    }
+
+    /**
+     * 获取文件扩展名
+     */
+    public static String getSuffixNameName(String filename) {
+        if ((filename != null) && (filename.length() > 0)) {
+            int dot = filename.lastIndexOf('.');
+            if ((dot > -1) && (dot < (filename.length() - 1))) {
+                return filename.substring(dot + 1);
+            }
+        }
+        return filename;
+    }
+
+
+    /**
+     * File转MultipartFile
+     *
+     * @param mulFile 文件对象
+     * @return Multipart文件对象
+     */
+    public static File multipartFileToFile(MultipartFile mulFile) throws IOException {
+        InputStream ins = mulFile.getInputStream();
+        String fileName = mulFile.getOriginalFilename();
+        String prefix = getFileNameNoSuffix(fileName) + UUID.randomUUID().toString();
+        String suffix = "." + getSuffixNameName(fileName);
+        File toFile = File.createTempFile(prefix, suffix);
+        OutputStream os = new FileOutputStream(toFile);
+        int bytesRead = 0;
+        byte[] buffer = new byte[8192];
+        while ((bytesRead = ins.read(buffer, 0, 8192)) != -1) {
+            os.write(buffer, 0, bytesRead);
+        }
+        os.close();
+        ins.close();
+        return toFile;
+    }
+
+
+    /**
+     * 校验pdf文件是否包含js脚本
+     **/
+    public static boolean containsJavaScript(File file) throws IOException {
+
+//        RandomAccessFile is = new RandomAccessFile(file, "r");
+        try (PDDocument document = PDDocument.load(file)){
+            String CosName = document.getDocument().getTrailer().toString();
+            if (CosName.contains("COSName{JavaScript}")
+                    || CosName.contains("COSName{JS}")
+                    || CosName.contains("COSName{alert}")
+                    || CosName.contains("COSName{onmouseover}")
+                    || CosName.contains("COSName{alalertert}")
+                    || CosName.contains("COSName{embed}")
+            ) {
+                return true;
+            }
+        } catch (Exception e) {
+            log.error("PDF效验异常：" + e.getMessage());
+            return true;
+        }
+        return false;
+    }
+
+
+
+}

ruoyi-common/src/main/java/com/ruoyi/common/filter/MyResponseHeaderFilter.java

@@ -0,0 +1,20 @@
+package com.ruoyi.common.filter;
+
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class MyResponseHeaderFilter implements Filter {
+    //防止站点劫持
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        HttpServletResponse res = (HttpServletResponse) response;
+        res.setHeader("X-Frame-Options", "SAMEORIGIN");
+        chain.doFilter(request, response);
+    }
+
+}

ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

@@ -0,0 +1,44 @@
+package com.ruoyi.common.filter;
+
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class RestCorsFilter implements Filter {
+
+    public RestCorsFilter() {
+    }
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) res;
+        HttpServletRequest request = (HttpServletRequest) req;
+        response.setHeader("Access-Control-Allow-Origin", "*"); // 可写成受信任的站点
+        response.setHeader("Access-Control-Allow-Credentials","true");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
+        response.setHeader("Access-Control-Max-Age", "31536000");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+            response.setStatus(HttpServletResponse.SC_OK);
+        } else {
+            chain.doFilter(req, res);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) {
+    }
+
+
+
+    @Override
+    public void destroy() {
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java

@@ -3,6 +3,8 @@ package com.ruoyi.framework.config;
 import java.util.HashMap;
 import java.util.Map;
 import javax.servlet.DispatcherType;
+
+import com.ruoyi.common.filter.MyResponseHeaderFilter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -54,5 +56,12 @@ public class FilterConfig
         registration.setOrder(FilterRegistrationBean.LOWEST_PRECEDENCE);
         return registration;
     }
-
+    @Bean
+    public FilterRegistrationBean<MyResponseHeaderFilter> clickJackingProtectionFilter() {
+        FilterRegistrationBean<MyResponseHeaderFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(new MyResponseHeaderFilter());
+        registrationBean.addUrlPatterns("/*");
+        registrationBean.setOrder(1);
+        return registrationBean;
+    }
 }