mirror of https://github.com/elunez/eladmin
fix: 修复运维管理:数据库和部署管理中存在任意文件上传和删除漏洞,添加非法文件名过滤
close https://github.com/elunez/eladmin/issues/851pull/872/head
parent
5a3786bd03
commit
008181b079
|
@ -111,8 +111,8 @@ public class DatabaseController {
|
||||||
DatabaseDto database = databaseService.findById(id);
|
DatabaseDto database = databaseService.findById(id);
|
||||||
String fileName;
|
String fileName;
|
||||||
if(database != null){
|
if(database != null){
|
||||||
fileName = file.getOriginalFilename();
|
fileName = FileUtil.verifyFilename(file.getOriginalFilename());
|
||||||
File executeFile = new File(fileSavePath+fileName);
|
File executeFile = new File(fileSavePath + fileName);
|
||||||
FileUtil.del(executeFile);
|
FileUtil.del(executeFile);
|
||||||
file.transferTo(executeFile);
|
file.transferTo(executeFile);
|
||||||
String result = SqlUtils.executeFile(database.getJdbcUrl(), database.getUserName(), database.getPwd(), executeFile);
|
String result = SqlUtils.executeFile(database.getJdbcUrl(), database.getUserName(), database.getPwd(), executeFile);
|
||||||
|
|
|
@ -18,6 +18,7 @@ package me.zhengjie.modules.mnt.rest;
|
||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import me.zhengjie.annotation.Log;
|
import me.zhengjie.annotation.Log;
|
||||||
import me.zhengjie.modules.mnt.domain.Deploy;
|
import me.zhengjie.modules.mnt.domain.Deploy;
|
||||||
import me.zhengjie.modules.mnt.domain.DeployHistory;
|
import me.zhengjie.modules.mnt.domain.DeployHistory;
|
||||||
|
@ -39,13 +40,13 @@ import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Objects;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author zhanghouying
|
* @author zhanghouying
|
||||||
* @date 2019-08-24
|
* @date 2019-08-24
|
||||||
*/
|
*/
|
||||||
|
@Slf4j
|
||||||
@RestController
|
@RestController
|
||||||
@Api(tags = "运维:部署管理")
|
@Api(tags = "运维:部署管理")
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
|
@ -67,7 +68,7 @@ public class DeployController {
|
||||||
@GetMapping
|
@GetMapping
|
||||||
@PreAuthorize("@el.check('deploy:list')")
|
@PreAuthorize("@el.check('deploy:list')")
|
||||||
public ResponseEntity<PageResult<DeployDto>> queryDeployData(DeployQueryCriteria criteria, Pageable pageable){
|
public ResponseEntity<PageResult<DeployDto>> queryDeployData(DeployQueryCriteria criteria, Pageable pageable){
|
||||||
return new ResponseEntity<>(deployService.queryAll(criteria,pageable),HttpStatus.OK);
|
return new ResponseEntity<>(deployService.queryAll(criteria,pageable),HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Log("新增部署")
|
@Log("新增部署")
|
||||||
|
@ -105,21 +106,21 @@ public class DeployController {
|
||||||
Long id = Long.valueOf(request.getParameter("id"));
|
Long id = Long.valueOf(request.getParameter("id"));
|
||||||
String fileName = "";
|
String fileName = "";
|
||||||
if(file != null){
|
if(file != null){
|
||||||
fileName = file.getOriginalFilename();
|
fileName = FileUtil.verifyFilename(file.getOriginalFilename());
|
||||||
File deployFile = new File(fileSavePath+fileName);
|
File deployFile = new File(fileSavePath + fileName);
|
||||||
FileUtil.del(deployFile);
|
FileUtil.del(deployFile);
|
||||||
file.transferTo(deployFile);
|
file.transferTo(deployFile);
|
||||||
//文件下一步要根据文件名字来
|
//文件下一步要根据文件名字来
|
||||||
deployService.deploy(fileSavePath+fileName ,id);
|
deployService.deploy(fileSavePath + fileName ,id);
|
||||||
}else{
|
}else{
|
||||||
System.out.println("没有找到相对应的文件");
|
log.warn("没有找到相对应的文件");
|
||||||
}
|
}
|
||||||
System.out.println("文件上传的原名称为:"+ Objects.requireNonNull(file).getOriginalFilename());
|
|
||||||
Map<String,Object> map = new HashMap<>(2);
|
Map<String,Object> map = new HashMap<>(2);
|
||||||
map.put("errno",0);
|
map.put("error",0);
|
||||||
map.put("id",fileName);
|
map.put("id",fileName);
|
||||||
return new ResponseEntity<>(map,HttpStatus.OK);
|
return new ResponseEntity<>(map,HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Log("系统还原")
|
@Log("系统还原")
|
||||||
@ApiOperation(value = "系统还原")
|
@ApiOperation(value = "系统还原")
|
||||||
@PostMapping(value = "/serverReduction")
|
@PostMapping(value = "/serverReduction")
|
||||||
|
@ -128,14 +129,16 @@ public class DeployController {
|
||||||
String result = deployService.serverReduction(resources);
|
String result = deployService.serverReduction(resources);
|
||||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Log("服务运行状态")
|
@Log("服务运行状态")
|
||||||
@ApiOperation(value = "服务运行状态")
|
@ApiOperation(value = "服务运行状态")
|
||||||
@PostMapping(value = "/serverStatus")
|
@PostMapping(value = "/serverStatus")
|
||||||
@PreAuthorize("@el.check('deploy:edit')")
|
@PreAuthorize("@el.check('deploy:edit')")
|
||||||
public ResponseEntity<Object> serverStatus(@Validated @RequestBody Deploy resources){
|
public ResponseEntity<Object> serverStatus(@Validated @RequestBody Deploy resources){
|
||||||
String result = deployService.serverStatus(resources);
|
String result = deployService.serverStatus(resources);
|
||||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Log("启动服务")
|
@Log("启动服务")
|
||||||
@ApiOperation(value = "启动服务")
|
@ApiOperation(value = "启动服务")
|
||||||
@PostMapping(value = "/startServer")
|
@PostMapping(value = "/startServer")
|
||||||
|
@ -144,6 +147,7 @@ public class DeployController {
|
||||||
String result = deployService.startServer(resources);
|
String result = deployService.startServer(resources);
|
||||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Log("停止服务")
|
@Log("停止服务")
|
||||||
@ApiOperation(value = "停止服务")
|
@ApiOperation(value = "停止服务")
|
||||||
@PostMapping(value = "/stopServer")
|
@PostMapping(value = "/stopServer")
|
||||||
|
|
Loading…
Reference in New Issue