简柏林 / thingskit · Commits

Commit d4718ae3545f10c165255b49dfd0317273ae533b

Authored by Viacheslav Klimov
Committed by Andrew Shvayka
1 parent 54ba69a8

Fix XSS policy file loading

Inline Side-by-side
Showing 1 changed file with 11 additions and 7 deletions
@@ -15,7 +15,6 @@ @@ -15,7 +15,6 @@
15 */ 15 */
16 package org.thingsboard.server.dao.service; 16 package org.thingsboard.server.dao.service;
17 17
18 -import com.google.common.io.Resources;  
19 import lombok.extern.slf4j.Slf4j; 18 import lombok.extern.slf4j.Slf4j;
20 import org.owasp.validator.html.AntiSamy; 19 import org.owasp.validator.html.AntiSamy;
21 import org.owasp.validator.html.Policy; 20 import org.owasp.validator.html.Policy;
@@ -25,6 +24,7 @@ import org.thingsboard.server.common.data.validation.NoXss; @@ -25,6 +24,7 @@ import org.thingsboard.server.common.data.validation.NoXss;
25 24
26 import javax.validation.ConstraintValidator; 25 import javax.validation.ConstraintValidator;
27 import javax.validation.ConstraintValidatorContext; 26 import javax.validation.ConstraintValidatorContext;
  27 +import java.util.Optional;
28 28
29 @Slf4j 29 @Slf4j
30 public class NoXssValidator implements ConstraintValidator<NoXss, Object> { 30 public class NoXssValidator implements ConstraintValidator<NoXss, Object> {
@@ -34,17 +34,21 @@ public class NoXssValidator implements ConstraintValidator<NoXss, Object> { @@ -34,17 +34,21 @@ public class NoXssValidator implements ConstraintValidator<NoXss, Object> {
34 @Override 34 @Override
35 public void initialize(NoXss constraintAnnotation) { 35 public void initialize(NoXss constraintAnnotation) {
36 if (xssPolicy == null) { 36 if (xssPolicy == null) {
37 - try {  
38 - xssPolicy = Policy.getInstance(Resources.getResource("xss-policy.xml"));  
39 - } catch (Exception e) {  
40 - log.error("Failed to set xss policy: {}", e.getMessage());  
41 - } 37 + xssPolicy = Optional.ofNullable(getClass().getClassLoader().getResourceAsStream("xss-policy.xml"))
  38 + .map(inputStream -> {
  39 + try {
  40 + return Policy.getInstance(inputStream);
  41 + } catch (Exception e) {
  42 + throw new RuntimeException(e);
  43 + }
  44 + })
  45 + .orElseThrow(() -> new IllegalStateException("XSS policy file not found"));
42 } 46 }
43 } 47 }
44 48
45 @Override 49 @Override
46 public boolean isValid(Object value, ConstraintValidatorContext constraintValidatorContext) { 50 public boolean isValid(Object value, ConstraintValidatorContext constraintValidatorContext) {
47 - if (!(value instanceof String) || ((String) value).isEmpty() || xssPolicy == null) { 51 + if (!(value instanceof String) || ((String) value).isEmpty()) {
48 return true; 52 return true;
49 } 53 }
50 54