解决2022/3/29出现的Spring漏洞问题
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.InitBinder;
/**
*
* 此类用于解决2022/3/29出现的Spring漏洞问题
*
* 最好把这个类放到controller包中
*
* @author xingcheng.wang
*/
@ControllerAdvice
@Slf4j
public class FilterSpringBugAdvice {
@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
String[] leakStrings = new String[]{"class.*", "Class.*", "*.class.*", "*.Class.*"};
dataBinder.setDisallowedFields(leakStrings);
log.info("解决Spring漏洞类已加载#####################");
}
}