fix: 修复运维管理:数据库和部署管理中存在任意文件上传和删除漏洞,添加非法文件名过滤

close https://github.com/elunez/eladmin/issues/851
pull/872/head
Jie Zheng 2025-01-15 10:30:39 +08:00
parent 5a3786bd03
commit 008181b079
2 changed files with 15 additions and 11 deletions

View File

@ -111,8 +111,8 @@ public class DatabaseController {
DatabaseDto database = databaseService.findById(id); DatabaseDto database = databaseService.findById(id);
String fileName; String fileName;
if(database != null){ if(database != null){
fileName = file.getOriginalFilename(); fileName = FileUtil.verifyFilename(file.getOriginalFilename());
File executeFile = new File(fileSavePath+fileName); File executeFile = new File(fileSavePath + fileName);
FileUtil.del(executeFile); FileUtil.del(executeFile);
file.transferTo(executeFile); file.transferTo(executeFile);
String result = SqlUtils.executeFile(database.getJdbcUrl(), database.getUserName(), database.getPwd(), executeFile); String result = SqlUtils.executeFile(database.getJdbcUrl(), database.getUserName(), database.getPwd(), executeFile);

View File

@ -18,6 +18,7 @@ package me.zhengjie.modules.mnt.rest;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import me.zhengjie.annotation.Log; import me.zhengjie.annotation.Log;
import me.zhengjie.modules.mnt.domain.Deploy; import me.zhengjie.modules.mnt.domain.Deploy;
import me.zhengjie.modules.mnt.domain.DeployHistory; import me.zhengjie.modules.mnt.domain.DeployHistory;
@ -39,13 +40,13 @@ import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Objects;
import java.util.Set; import java.util.Set;
/** /**
* @author zhanghouying * @author zhanghouying
* @date 2019-08-24 * @date 2019-08-24
*/ */
@Slf4j
@RestController @RestController
@Api(tags = "运维:部署管理") @Api(tags = "运维:部署管理")
@RequiredArgsConstructor @RequiredArgsConstructor
@ -67,7 +68,7 @@ public class DeployController {
@GetMapping @GetMapping
@PreAuthorize("@el.check('deploy:list')") @PreAuthorize("@el.check('deploy:list')")
public ResponseEntity<PageResult<DeployDto>> queryDeployData(DeployQueryCriteria criteria, Pageable pageable){ public ResponseEntity<PageResult<DeployDto>> queryDeployData(DeployQueryCriteria criteria, Pageable pageable){
return new ResponseEntity<>(deployService.queryAll(criteria,pageable),HttpStatus.OK); return new ResponseEntity<>(deployService.queryAll(criteria,pageable),HttpStatus.OK);
} }
@Log("新增部署") @Log("新增部署")
@ -105,21 +106,21 @@ public class DeployController {
Long id = Long.valueOf(request.getParameter("id")); Long id = Long.valueOf(request.getParameter("id"));
String fileName = ""; String fileName = "";
if(file != null){ if(file != null){
fileName = file.getOriginalFilename(); fileName = FileUtil.verifyFilename(file.getOriginalFilename());
File deployFile = new File(fileSavePath+fileName); File deployFile = new File(fileSavePath + fileName);
FileUtil.del(deployFile); FileUtil.del(deployFile);
file.transferTo(deployFile); file.transferTo(deployFile);
//文件下一步要根据文件名字来 //文件下一步要根据文件名字来
deployService.deploy(fileSavePath+fileName ,id); deployService.deploy(fileSavePath + fileName ,id);
}else{ }else{
System.out.println("没有找到相对应的文件"); log.warn("没有找到相对应的文件");
} }
System.out.println("文件上传的原名称为:"+ Objects.requireNonNull(file).getOriginalFilename());
Map<String,Object> map = new HashMap<>(2); Map<String,Object> map = new HashMap<>(2);
map.put("errno",0); map.put("error",0);
map.put("id",fileName); map.put("id",fileName);
return new ResponseEntity<>(map,HttpStatus.OK); return new ResponseEntity<>(map,HttpStatus.OK);
} }
@Log("系统还原") @Log("系统还原")
@ApiOperation(value = "系统还原") @ApiOperation(value = "系统还原")
@PostMapping(value = "/serverReduction") @PostMapping(value = "/serverReduction")
@ -128,14 +129,16 @@ public class DeployController {
String result = deployService.serverReduction(resources); String result = deployService.serverReduction(resources);
return new ResponseEntity<>(result,HttpStatus.OK); return new ResponseEntity<>(result,HttpStatus.OK);
} }
@Log("服务运行状态") @Log("服务运行状态")
@ApiOperation(value = "服务运行状态") @ApiOperation(value = "服务运行状态")
@PostMapping(value = "/serverStatus") @PostMapping(value = "/serverStatus")
@PreAuthorize("@el.check('deploy:edit')") @PreAuthorize("@el.check('deploy:edit')")
public ResponseEntity<Object> serverStatus(@Validated @RequestBody Deploy resources){ public ResponseEntity<Object> serverStatus(@Validated @RequestBody Deploy resources){
String result = deployService.serverStatus(resources); String result = deployService.serverStatus(resources);
return new ResponseEntity<>(result,HttpStatus.OK); return new ResponseEntity<>(result,HttpStatus.OK);
} }
@Log("启动服务") @Log("启动服务")
@ApiOperation(value = "启动服务") @ApiOperation(value = "启动服务")
@PostMapping(value = "/startServer") @PostMapping(value = "/startServer")
@ -144,6 +147,7 @@ public class DeployController {
String result = deployService.startServer(resources); String result = deployService.startServer(resources);
return new ResponseEntity<>(result,HttpStatus.OK); return new ResponseEntity<>(result,HttpStatus.OK);
} }
@Log("停止服务") @Log("停止服务")
@ApiOperation(value = "停止服务") @ApiOperation(value = "停止服务")
@PostMapping(value = "/stopServer") @PostMapping(value = "/stopServer")