feat: 增强防火墙 hook 校验能力

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForPathBannedCharacter.java

@@ -33,6 +33,21 @@ public class SaFirewallCheckHookForPathBannedCharacter implements SaFirewallChec
      */
     public static SaFirewallCheckHookForPathBannedCharacter instance = new SaFirewallCheckHookForPathBannedCharacter();
 
+    /**
+     * 是否严格禁止出现百分号字符 % （默认：否）
+     */
+    public boolean bannedPercentage = false;
+
+
+    /**
+     * 重载配置
+     * @param bannedPercentage 是否严格禁止出现百分号字符 % （默认：否）
+     */
+    public void resetConfig(boolean bannedPercentage) {
+        this.bannedPercentage = bannedPercentage;
+    }
+
+
     /**
      * 执行的方法
      *
@@ -47,7 +62,9 @@ public class SaFirewallCheckHookForPathBannedCharacter implements SaFirewallChec
         if(SaFoxUtil.hasNonPrintableASCII(requestPath)) {
             throw new RequestPathInvalidException("请求 path 包含禁止字符：" + requestPath, requestPath);
         }
-
+        if(bannedPercentage && requestPath.contains("%")) {
+            throw new RequestPathInvalidException("请求 path 包含禁止字符 %：" + requestPath, requestPath);
+        }
     }
 
 }

sa-token-core/src/main/java/cn/dev33/satoken/strategy/hooks/SaFirewallCheckHookForPathDangerCharacter.java

@@ -42,7 +42,12 @@ public class SaFirewallCheckHookForPathDangerCharacter implements SaFirewallChec
             "%2f", "%2F",	// /
             "%5c", "%5C",	// \
             ";", "%3b", "%3B",	// ;    // 参考资料：https://mp.weixin.qq.com/s/77CIDZbgBwRunJeluofPTA
-            "%25"			// 空格
+            "%25",			// 空格
+            "\0", "%00",	// 空字符
+            "\n", "%0a", "%0A",	// 换行符
+            "\r", "%0d", "%0D",	// 回车符
+            "\u2028",     // 行分隔符
+            "\u2029"    // 段分隔符
     };
 
     /**