feat(net): normalize http urls to prevent attacks

xxo1shine · xxo1shine · commit 02d2e9f7b175 · 2023-03-22T12:20:00.000+08:00
diff --git a/framework/src/main/java/org/tron/core/services/filter/HttpApiAccessFilter.java b/framework/src/main/java/org/tron/core/services/filter/HttpApiAccessFilter.java
@@ -1,6 +1,7 @@
 package org.tron.core.services.filter;
 
 import com.alibaba.fastjson.JSONObject;
+import java.net.URI;
 import java.util.List;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -58,6 +59,7 @@ private boolean isDisabled(String endpoint) {
     boolean disabled = false;
 
     try {
+      endpoint = URI.create(endpoint).normalize().toString();
       List<String> disabledApiList = CommonParameter.getInstance().getDisabledApiList();
       if (!disabledApiList.isEmpty()) {
         disabled = disabledApiList.contains(endpoint.split("/")[2].toLowerCase());
