简柏林 / thingskit · Commits

Commit d4718ae3545f10c165255b49dfd0317273ae533b

Authored by Viacheslav Klimov
Committed by Andrew Shvayka
1 parent 54ba69a8

Fix XSS policy file loading

Inline Side-by-side
Showing 1 changed file with 11 additions and 7 deletions
... ... @@ -15,7 +15,6 @@
15 15 */
16 16 package org.thingsboard.server.dao.service;
17 17
18   -import com.google.common.io.Resources;
19 18 import lombok.extern.slf4j.Slf4j;
20 19 import org.owasp.validator.html.AntiSamy;
21 20 import org.owasp.validator.html.Policy;
... ... @@ -25,6 +24,7 @@ import org.thingsboard.server.common.data.validation.NoXss;
25 24
26 25 import javax.validation.ConstraintValidator;
27 26 import javax.validation.ConstraintValidatorContext;
  27 +import java.util.Optional;
28 28
29 29 @Slf4j
30 30 public class NoXssValidator implements ConstraintValidator<NoXss, Object> {
... ... @@ -34,17 +34,21 @@ public class NoXssValidator implements ConstraintValidator<NoXss, Object> {
34 34 @Override
35 35 public void initialize(NoXss constraintAnnotation) {
36 36 if (xssPolicy == null) {
37   - try {
38   - xssPolicy = Policy.getInstance(Resources.getResource("xss-policy.xml"));
39   - } catch (Exception e) {
40   - log.error("Failed to set xss policy: {}", e.getMessage());
41   - }
  37 + xssPolicy = Optional.ofNullable(getClass().getClassLoader().getResourceAsStream("xss-policy.xml"))
  38 + .map(inputStream -> {
  39 + try {
  40 + return Policy.getInstance(inputStream);
  41 + } catch (Exception e) {
  42 + throw new RuntimeException(e);
  43 + }
  44 + })
  45 + .orElseThrow(() -> new IllegalStateException("XSS policy file not found"));
42 46 }
43 47 }
44 48
45 49 @Override
46 50 public boolean isValid(Object value, ConstraintValidatorContext constraintValidatorContext) {
47   - if (!(value instanceof String) || ((String) value).isEmpty() || xssPolicy == null) {
  51 + if (!(value instanceof String) || ((String) value).isEmpty()) {
48 52 return true;
49 53 }
50 54
... ...