【修复】修复可通过UA设置长文本绕过日志记录的漏洞

12 months ago · 5b9d2866ee
1 changed files with 6 additions and 0 deletions
--- a/snowy-common/src/main/java/vip/xiaonuo/common/util/CommonUaUtil.java
+++ b/snowy-common/src/main/java/vip/xiaonuo/common/util/CommonUaUtil.java
@ -41,6 +41,9 @@ public class CommonUaUtil {
            return StrUtil.DASHED;
        } else {
            String browser = userAgent.getBrowser().toString();
+            if (StrUtil.isNotBlank(browser) && browser.length() > 250) {
+                browser = browser.substring(0, 250);
+            }
            return "Unknown".equals(browser) ? StrUtil.DASHED : browser;
        }
    }
@ -57,6 +60,9 @@ public class CommonUaUtil {
            return StrUtil.DASHED;
        } else {
            String os = userAgent.getOs().toString();
+            if (StrUtil.isNotBlank(os) && os.length() > 250) {
+                os = os.substring(0, 250);
+            }
            return "Unknown".equals(os) ? StrUtil.DASHED : os;
        }
    }