This has been answered before with annotation syntax: Aspectj overwrite an argument of a method
But I can't figure out how to do it with the AspectJ declarative syntax. The following should add "Poop" in front of each string in the method but it does not.
public aspect UserInputSanitizerAdvisor {
pointcut unSafeString() : execution(@RequestMapping * * (..));
Object around() : unSafeString() {
//thisJoinPoint.getArgs();
//proceed();
System.out.println("I'm Around");
Object[] args = thisJoinPoint.getArgs();
if (args != null) {
for (int i = 0; i < args.length; i++) {
Object o = args[i];
if (o != null && o instanceof String) {
String s = (String) o;
args[i] = "poop: " + s;
}
}
}
return proceed();
}
}
I can't figure out how to give "proceed()开发者_如何学编程" all the arguments.
I got the annotation version working:
@SuppressWarnings("unused")
@Aspect
public class UserInputSanitizerAdivsor {
@Around("execution(@RequestMapping * * (..))")
public Object check(final ProceedingJoinPoint jp) throws Throwable {
Object[] args = jp.getArgs();
if (args != null) {
for (int i = 0; i < args.length; i++) {
Object o = args[i];
if (o != null && o instanceof String) {
String s = (String) o;
args[i] = UserInputSanitizer.sanitize(s);
}
}
}
return jp.proceed(args);
}
}
Now I have XSS protection for all my Spring MVC controllers. I was hoping to get the aspectJ syntax working though.
Does return thisJoinPoint.proceed(args); do what you want?
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论