diff --git a/pear-modules/pear-system/src/main/java/com/pearadmin/system/service/impl/SysNoticeServiceImpl.java b/pear-modules/pear-system/src/main/java/com/pearadmin/system/service/impl/SysNoticeServiceImpl.java index c54496b3a2e423e6128c380945dfc30ec1eb780c..95ee3e30a38e59e601e4aec23d4ca7939e4944d4 100644 --- a/pear-modules/pear-system/src/main/java/com/pearadmin/system/service/impl/SysNoticeServiceImpl.java +++ b/pear-modules/pear-system/src/main/java/com/pearadmin/system/service/impl/SysNoticeServiceImpl.java @@ -8,6 +8,7 @@ import com.pearadmin.system.mapper.SysNoticeMapper; import com.pearadmin.system.service.ISysNoticeService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import com.coverity.security.Escape; import java.time.LocalDateTime; import java.util.List; @@ -42,7 +43,14 @@ public class SysNoticeServiceImpl implements ISysNoticeService { */ @Override public List selectSysNoticeList(SysNotice sysNotice) { - return sysNoticeMapper.selectSysNoticeList(sysNotice); + List sysNoticeList = sysNoticeMapper.selectSysNoticeList(sysNotice); + for (SysNotice notice : sysNoticeList) { + String escapedTitle = Escape.html(notice.getTitle()); + String escapedContent = Escape.html(notice.getContent()); + notice.setTitle(escapedTitle); + notice.setContent(escapedContent); + } + return sysNoticeList; } /** diff --git a/pom.xml b/pom.xml index 93c277c667844361d3053a690ebe7bba3aa70b66..f48d93213f2fe6486e20c9b848d6f6d4365bb8bd 100644 --- a/pom.xml +++ b/pom.xml @@ -73,6 +73,8 @@ 5.7.0 3.8.0 + + 1.1.1 8 8 @@ -271,6 +273,12 @@ ${commons.net.version} compile + + + com.coverity.security + coverity-escapers + ${coverity.security.version} +