diff --git a/eladmin-common/src/main/java/me/zhengjie/utils/SpringContextHolder.java b/eladmin-common/src/main/java/me/zhengjie/utils/SpringContextHolder.java index d5a50bcf..41ead386 100644 --- a/eladmin-common/src/main/java/me/zhengjie/utils/SpringContextHolder.java +++ b/eladmin-common/src/main/java/me/zhengjie/utils/SpringContextHolder.java @@ -21,7 +21,9 @@ import org.springframework.beans.factory.DisposableBean; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; import org.springframework.core.env.Environment; +import org.springframework.stereotype.Service; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; /** @@ -142,4 +144,13 @@ public class SpringContextHolder implements ApplicationContextAware, DisposableB } SpringContextHolder.addCallback = false; } + + /** + * 获取 @Service 的所有 bean 名称 + * @return / + */ + public static List getAllServiceBeanName() { + return new ArrayList<>(Arrays.asList(applicationContext + .getBeanNamesForAnnotation(Service.class))); + } } diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java index 31613572..0ffee652 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/rest/QuartzJobController.java @@ -24,6 +24,7 @@ import me.zhengjie.exception.BadRequestException; import me.zhengjie.modules.quartz.domain.QuartzJob; import me.zhengjie.modules.quartz.service.QuartzJobService; import me.zhengjie.modules.quartz.service.dto.JobQueryCriteria; +import me.zhengjie.utils.SpringContextHolder; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -84,6 +85,8 @@ public class QuartzJobController { if (resources.getId() != null) { throw new BadRequestException("A new "+ ENTITY_NAME +" cannot already have an ID"); } + // 验证Bean是不是合法的,合法的定时任务 Bean 需要用 @Service 定义 + checkBean(resources.getBeanName()); quartzJobService.create(resources); return new ResponseEntity<>(HttpStatus.CREATED); } @@ -93,6 +96,8 @@ public class QuartzJobController { @PutMapping @PreAuthorize("@el.check('timing:edit')") public ResponseEntity updateQuartzJob(@Validated(QuartzJob.Update.class) @RequestBody QuartzJob resources){ + // 验证Bean是不是合法的,合法的定时任务 Bean 需要用 @Service 定义 + checkBean(resources.getBeanName()); quartzJobService.update(resources); return new ResponseEntity<>(HttpStatus.NO_CONTENT); } @@ -123,4 +128,12 @@ public class QuartzJobController { quartzJobService.delete(ids); return new ResponseEntity<>(HttpStatus.OK); } + + private void checkBean(String beanName){ + // 避免调用攻击者可以从SpringContextHolder获得控制jdbcTemplate类 + // 并使用getDeclaredMethod调用jdbcTemplate的queryForMap函数,执行任意sql命令。 + if(!SpringContextHolder.getAllServiceBeanName().contains(beanName)){ + throw new BadRequestException("非法的 Bean,请重新输入!"); + } + } } diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/task/TestTask.java b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/task/TestTask.java index da1c8ff4..4cf34342 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/quartz/task/TestTask.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/quartz/task/TestTask.java @@ -16,7 +16,7 @@ package me.zhengjie.modules.quartz.task; import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; +import org.springframework.stereotype.Service; /** * 测试用 @@ -24,7 +24,7 @@ import org.springframework.stereotype.Component; * @date 2019-01-08 */ @Slf4j -@Component +@Service public class TestTask { public void run(){