From 9bb1ee8d456d1a6c1149963eeb9c8285844466ef Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期五, 16 一月 2026 17:39:12 +0800
Subject: [PATCH] 文件后缀校验逻辑修改
---
Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java | 49 ++++++++++++++++++++++++++++++++++---------------
1 files changed, 34 insertions(+), 15 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
index 7785b88..92229f9 100644
--- a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
@@ -8,20 +8,16 @@
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.baomidou.mybatisplus.extension.toolkit.SqlHelper;
-import com.vci.ubcs.deploy.entity.CmdConfig;
import com.vci.ubcs.deploy.entity.DeployApps;
import com.vci.ubcs.deploy.enumpack.CmdConfigEnum;
import com.vci.ubcs.deploy.mapper.DeployAppsMapper;
import com.vci.ubcs.deploy.service.IDeployAppsService;
import com.vci.ubcs.deploy.vo.DeployAppsVO;
import com.vci.ubcs.starter.util.HttpUtils;
-import jodd.io.StreamGobbler;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
-import org.springblade.core.secure.utils.AuthUtil;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.Func;
-import org.springblade.core.tool.utils.WebUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.client.ServiceInstance;
@@ -29,20 +25,14 @@
import org.springframework.context.EnvironmentAware;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import java.io.*;
-import java.net.InetAddress;
import java.net.URL;
-import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -51,10 +41,8 @@
import java.time.format.DateTimeFormatter;
import java.util.*;
import java.util.stream.Collectors;
-import java.util.stream.Stream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
-import java.util.zip.ZipInputStream;
/**
* @author ludc
@@ -114,15 +102,21 @@
String cookie = request.getHeaders("Cookie").nextElement();
// 鍏嶅瘑鐧诲綍鎺ュ彛鍦板潃
String loginUrl = "http://"+pwdFreeAddr+":"+this.getGatewayPort("ubcs-gateway")+"/ubcs-admin/applications";
- log.debug("鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+ log.info("鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+ System.out.println("=================鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+
// 璇锋眰ubcs-admin鑾峰彇鏈嶅姟淇℃伅
HttpHeaders headers = new HttpHeaders();
ArrayList<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON);
headers.set("Authorization","Basic c2FiZXI6c2FiZXJfc2VjcmV0");
headers.set("Blade-Auth",baldeAuth);
+ System.out.println("============Blade-Auth:"+baldeAuth);
headers.set("Cookie",cookie);
+ System.out.println("============Cookie:"+cookie);
+
headers.setAccept(mediaTypes);
+
List<DeployAppsVO> deployAppsVOList = new ArrayList<>();
try {
// 鍙戦�丟ET璇锋眰
@@ -202,8 +196,12 @@
* @throws ServiceException
*/
@Override
- public boolean saveOrUpdateServiceInfo(DeployAppsVO deployAppsVO) throws ServiceException {
- return this.saveOrUpdate(deployAppsVO);
+ public R saveOrUpdateServiceInfo(DeployAppsVO deployAppsVO) throws ServiceException {
+ boolean checkBoolean = checkCmdVer(deployAppsVO.getStartCmd()) && checkCmdVer(deployAppsVO.getStopCmd()) && checkCmdVer(deployAppsVO.getRestartCmd());
+ if(checkBoolean){
+ return R.fail("閰嶇疆鐨勫懡浠や腑鍖呭惈鍗遍櫓鍛戒护锛屽锛歳m銆乵v銆乺m -rf銆乧hmod绛夊懡浠ゅ拰鍏抽敭瀛楋紒 ");
+ }
+ return R.status(this.saveOrUpdate(deployAppsVO));
}
/**
@@ -349,6 +347,9 @@
if(Func.isEmpty(cmd)){
return "The executed command is empty";
}
+ if(checkCmdVer(cmd)){
+ return "閰嶇疆鐨勫懡浠や腑鍖呭惈鍗遍櫓鍛戒护锛屽锛歳m銆乵v銆乺m -rf銆乧hmod绛夊懡浠ゅ拰鍏抽敭璇嶏紒 ";
+ }
// 鎵цLinux鍛戒护
log.info("寮�濮嬫墽琛屽懡浠わ細"+cmd);
// Process process = Runtime.getRuntime().exec(cmd);
@@ -429,4 +430,22 @@
return "8080";
}
+ /**
+ * 鍚姩銆佸仠姝€�侀噸鍚懡浠ゆ牎楠�
+ * @param cmd
+ * @return true: 鍖呭惈楂橀闄╁懡浠わ紝 false锛氫笉鍖呭惈
+ */
+ private boolean checkCmdVer(String cmd){
+ if(Func.isEmpty(cmd)){
+ return false;
+ }
+ String[] highRiskCommands = {"rm", "rmdir", "mv", "unlink", "rm -rf", "mv -rf", "dd", "chmod", "chown", "mkfs", "shutdown", "reboot", "kill"};
+ for(String highRiskCmd : highRiskCommands){
+ if(cmd.contains(highRiskCmd)){
+ return true;
+ }
+ }
+ return false;
+ }
+
}
--
Gitblit v1.10.0