mirror of https://github.com/elunez/eladmin
fix: 修复运维管理:数据库和部署管理中存在任意文件上传和删除漏洞,添加非法文件名过滤
close https://github.com/elunez/eladmin/issues/851pull/872/head
parent
5a3786bd03
commit
008181b079
|
@ -111,7 +111,7 @@ public class DatabaseController {
|
|||
DatabaseDto database = databaseService.findById(id);
|
||||
String fileName;
|
||||
if(database != null){
|
||||
fileName = file.getOriginalFilename();
|
||||
fileName = FileUtil.verifyFilename(file.getOriginalFilename());
|
||||
File executeFile = new File(fileSavePath + fileName);
|
||||
FileUtil.del(executeFile);
|
||||
file.transferTo(executeFile);
|
||||
|
|
|
@ -18,6 +18,7 @@ package me.zhengjie.modules.mnt.rest;
|
|||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import me.zhengjie.annotation.Log;
|
||||
import me.zhengjie.modules.mnt.domain.Deploy;
|
||||
import me.zhengjie.modules.mnt.domain.DeployHistory;
|
||||
|
@ -39,13 +40,13 @@ import java.io.File;
|
|||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author zhanghouying
|
||||
* @date 2019-08-24
|
||||
*/
|
||||
@Slf4j
|
||||
@RestController
|
||||
@Api(tags = "运维:部署管理")
|
||||
@RequiredArgsConstructor
|
||||
|
@ -105,21 +106,21 @@ public class DeployController {
|
|||
Long id = Long.valueOf(request.getParameter("id"));
|
||||
String fileName = "";
|
||||
if(file != null){
|
||||
fileName = file.getOriginalFilename();
|
||||
fileName = FileUtil.verifyFilename(file.getOriginalFilename());
|
||||
File deployFile = new File(fileSavePath + fileName);
|
||||
FileUtil.del(deployFile);
|
||||
file.transferTo(deployFile);
|
||||
//文件下一步要根据文件名字来
|
||||
deployService.deploy(fileSavePath + fileName ,id);
|
||||
}else{
|
||||
System.out.println("没有找到相对应的文件");
|
||||
log.warn("没有找到相对应的文件");
|
||||
}
|
||||
System.out.println("文件上传的原名称为:"+ Objects.requireNonNull(file).getOriginalFilename());
|
||||
Map<String,Object> map = new HashMap<>(2);
|
||||
map.put("errno",0);
|
||||
map.put("error",0);
|
||||
map.put("id",fileName);
|
||||
return new ResponseEntity<>(map,HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Log("系统还原")
|
||||
@ApiOperation(value = "系统还原")
|
||||
@PostMapping(value = "/serverReduction")
|
||||
|
@ -128,6 +129,7 @@ public class DeployController {
|
|||
String result = deployService.serverReduction(resources);
|
||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Log("服务运行状态")
|
||||
@ApiOperation(value = "服务运行状态")
|
||||
@PostMapping(value = "/serverStatus")
|
||||
|
@ -136,6 +138,7 @@ public class DeployController {
|
|||
String result = deployService.serverStatus(resources);
|
||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Log("启动服务")
|
||||
@ApiOperation(value = "启动服务")
|
||||
@PostMapping(value = "/startServer")
|
||||
|
@ -144,6 +147,7 @@ public class DeployController {
|
|||
String result = deployService.startServer(resources);
|
||||
return new ResponseEntity<>(result,HttpStatus.OK);
|
||||
}
|
||||
|
||||
@Log("停止服务")
|
||||
@ApiOperation(value = "停止服务")
|
||||
@PostMapping(value = "/stopServer")
|
||||
|
|
Loading…
Reference in New Issue