forked from fanruan/demo-function-defender
richie
6 years ago
commit
d1256b9323
12 changed files with 425 additions and 0 deletions
@ -0,0 +1,5 @@
|
||||
*.iml |
||||
.idea/ |
||||
.DS_Store |
||||
.classpath |
||||
lib/report/* |
@ -0,0 +1,130 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> |
||||
<project basedir="." default="jar" name="plugin"> |
||||
<!-- JDK路径,根据自己机器上实际位置修改--> |
||||
<property name="jdk.home" value="/Library/Java/JavaVirtualMachines/jdk1.8/Contents/Home"/> |
||||
|
||||
<property name="libs" value="${basedir}/lib"/> |
||||
<property name="publicLibs" value=""/> |
||||
<property name="reportLibs" value="lib/report"/> |
||||
<property name="destLoc" value="."/> |
||||
<property name="classes" value="classes"/> |
||||
<xmlproperty file="${basedir}/plugin.xml"/> |
||||
<property name="current-version" value="${plugin.version}"/> |
||||
|
||||
<!-- 插件版本--> |
||||
<property name="plugin-version" value="${current-version}"/> |
||||
<!-- 插件名字--> |
||||
<property name="plugin-name" value="function-defender"/> |
||||
<property name="plugin-jar" value="fr-plugin-${plugin-name}-${plugin-version}.jar"/> |
||||
|
||||
<target name="prepare"> |
||||
<delete dir="${classes}"/> |
||||
<delete dir="fr-plugin-${plugin-name}-${plugin-version}"/> |
||||
<xmlproperty file="${basedir}/plugin.xml"/> |
||||
<delete dir="${destLoc}/${plugin.name}"/> |
||||
</target> |
||||
<path id="compile.classpath"> |
||||
<fileset dir="${libs}"> |
||||
<include name="**/*.jar"/> |
||||
</fileset> |
||||
<fileset dir="${publicLibs}"> |
||||
<include name="**/*.jar"/> |
||||
</fileset> |
||||
<fileset dir="${reportLibs}"> |
||||
<include name="**/*.jar"/> |
||||
</fileset> |
||||
</path> |
||||
<patternset id="resources4Jar"> |
||||
<exclude name="**/.settings/**"/> |
||||
<exclude name=".classpath"/> |
||||
<exclude name=".project"/> |
||||
|
||||
<exclude name="**/*.java"/> |
||||
<exclude name="**/*.db"/> |
||||
<exclude name="**/*.g"/> |
||||
<exclude name="**/package.html"/> |
||||
</patternset> |
||||
<target name="copy_resources"> |
||||
<echo message="从${resources_from}拷贝图片,JS,CSS等资源文件"/> |
||||
<delete dir="tmp"/> |
||||
<copy todir="tmp"> |
||||
<fileset dir="${resources_from}/src/main/resources"> |
||||
<patternset refid="resources4Jar"/> |
||||
</fileset> |
||||
</copy> |
||||
<copy todir="${classes}"> |
||||
<fileset dir="tmp"/> |
||||
</copy> |
||||
<delete dir="tmp"/> |
||||
</target> |
||||
<target name="compile_javas"> |
||||
<echo message="编译${compile_files}下的Java文件"/> |
||||
<javac destdir="${classes}" debug="false" optimize="on" source="${source_jdk_version}" |
||||
target="${target_jdk_version}" |
||||
fork="true" memoryMaximumSize="512m" listfiles="false" srcdir="${basedir}" |
||||
executable="${compile_jdk_version}/bin/javac"> |
||||
<src path="${basedir}/src/main/java"/> |
||||
<exclude name="**/.svn/**"/> |
||||
<compilerarg line="-encoding UTF8 "/> |
||||
<classpath refid="compile.classpath"/> |
||||
</javac> |
||||
<taskdef name="pretreatment" classname="com.fr.plugin.pack.PluginPretreatmentTask"> |
||||
<classpath refid="compile.classpath"/> |
||||
</taskdef> |
||||
<pretreatment baseDir="${basedir}"/> |
||||
</target> |
||||
|
||||
<target name="jar_classes"> |
||||
<echo message="打Jar包:${jar_name}"/> |
||||
<delete file="${basedir}/${jar_name}"/> |
||||
<jar jarfile="${basedir}/${jar_name}"> |
||||
<fileset dir="${classes}"> |
||||
</fileset> |
||||
</jar> |
||||
</target> |
||||
|
||||
<target name="super_jar" depends="prepare"> |
||||
<antcall target="copy_resources"> |
||||
<param name="resources_from" value="${basedir}"/> |
||||
</antcall> |
||||
<antcall target="compile_javas"> |
||||
<param name="source_jdk_version" value="1.6"/> |
||||
<param name="target_jdk_version" value="1.6"/> |
||||
<param name="compile_jdk_version" value="${jdk.home}"/> |
||||
<param name="compile_files" value="${basedir}/src"/> |
||||
</antcall> |
||||
<echo message="compile plugin success!"/> |
||||
|
||||
<antcall target="jar_classes"> |
||||
<param name="jar_name" value="${plugin-jar}"/> |
||||
</antcall> |
||||
<delete dir="${classes}"/> |
||||
|
||||
</target> |
||||
|
||||
<target name="jar" depends="super_jar"> |
||||
<antcall target="zip"/> |
||||
</target> |
||||
|
||||
<target name="zip"> |
||||
<property name="plugin-folder" value="fr-plugin-${plugin-name}-${plugin-version}"/> |
||||
<echo message="----------zip files----------"/> |
||||
<mkdir dir="${plugin-folder}"/> |
||||
<copy todir="${plugin-folder}"> |
||||
<fileset dir="."> |
||||
<include name="${plugin-jar}"/> |
||||
<include name="plugin.xml"/> |
||||
</fileset> |
||||
<fileset dir="${libs}"> |
||||
<include name="*.jar"/> |
||||
<include name="*.dll"/> |
||||
</fileset> |
||||
</copy> |
||||
<zip destfile="${basedir}/${plugin-folder}.zip" basedir="."> |
||||
<include name="${plugin-folder}/*.jar"/> |
||||
<include name="${plugin-folder}/*.dll"/> |
||||
<include name="${plugin-folder}/plugin.xml"/> |
||||
</zip> |
||||
<move file="${plugin-folder}.zip" todir="${destLoc}/install"/> |
||||
</target> |
||||
</project> |
@ -0,0 +1,23 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> |
||||
<plugin> |
||||
<id>com.fr.security.function</id> |
||||
<main-package>com.fr.security.function</main-package> |
||||
<name><![CDATA[函数远程调用限制]]></name> |
||||
<active>yes</active> |
||||
<version>1.2</version> |
||||
<env-version>10.0</env-version> |
||||
<jartime>2019-01-11</jartime> |
||||
<vendor>richie</vendor> |
||||
<description><![CDATA[限制能够被远程调用的函数。]]></description> |
||||
<change-notes><![CDATA[ |
||||
[2019-01-14]增加数字签名生成函数。<br/> |
||||
[2019-01-12]初始化插件。<br/> |
||||
]]></change-notes> |
||||
<extra-core> |
||||
<LocaleFinder class="com.fr.security.function.RemoteEvalLocaleFinder"/> |
||||
<FunctionDefendProvider class="com.fr.security.function.RemoteEvalFunctionDefender"/> |
||||
<FunctionDefineProvider class="com.fr.security.function.signature.SignatureGenerator" name="SignatureGenerator" description="生成模板路径的数字签名"/> |
||||
</extra-core> |
||||
<function-recorder class="com.fr.security.function.RemoteEvalFunctionDefender"/> |
||||
<lifecycle-monitor class="com.fr.security.function.RemoteEvalInitializeMonitor"/> |
||||
</plugin> |
@ -0,0 +1,35 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||
<modelVersion>4.0.0</modelVersion> |
||||
|
||||
<parent> |
||||
<groupId>com.fr.maven</groupId> |
||||
<artifactId>finereport-maven</artifactId> |
||||
<version>10.0</version> |
||||
</parent> |
||||
<packaging>jar</packaging> |
||||
<artifactId>demo-function-defender</artifactId> |
||||
<dependencies> |
||||
<dependency> |
||||
<groupId>com.fr.core</groupId> |
||||
<artifactId>fine-core-sdk</artifactId> |
||||
<version>10.0</version> |
||||
</dependency> |
||||
</dependencies> |
||||
<build> |
||||
<!---如果要更改调试插件,改这里的配置就可以了--> |
||||
<outputDirectory>${web-inf-path}/plugins/plugin-com.fr.security.function-1.0/classes</outputDirectory> |
||||
<plugins> |
||||
<plugin> |
||||
<groupId>org.apache.maven.plugins</groupId> |
||||
<artifactId>maven-compiler-plugin</artifactId> |
||||
<configuration> |
||||
<source>6</source> |
||||
<target>6</target> |
||||
</configuration> |
||||
</plugin> |
||||
</plugins> |
||||
</build> |
||||
</project> |
@ -0,0 +1,38 @@
|
||||
package com.fr.security.function; |
||||
|
||||
import com.fr.intelli.record.Focus; |
||||
import com.fr.record.analyzer.EnableMetrics; |
||||
import com.fr.security.function.conf.RemoteEvalConfig; |
||||
import com.fr.security.function.holder.HolderFunction; |
||||
import com.fr.stable.fun.impl.AbstractFunctionDefendProvider; |
||||
import com.fr.stable.script.CalculatorProvider; |
||||
import com.fr.stable.script.Function; |
||||
|
||||
import java.lang.annotation.Annotation; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-12 |
||||
*/ |
||||
@EnableMetrics |
||||
public class RemoteEvalFunctionDefender extends AbstractFunctionDefendProvider { |
||||
|
||||
@Override |
||||
@Focus(id = "com.fr.security.function", text = "defender") |
||||
public Function replacer(CalculatorProvider calculator, Class clazz) { |
||||
return HolderFunction.ONE; |
||||
} |
||||
|
||||
@Override |
||||
public boolean match(CalculatorProvider calculator, Class clazz) { |
||||
if (RemoteEvalConfig.getInstance().isEnable()) { |
||||
Boolean mark = calculator.getAttribute(RestrictScriptKey.KEY); |
||||
if (mark != null && mark) { |
||||
Annotation restrict = clazz.getAnnotation(RestrictScript.class); |
||||
return restrict != null; |
||||
} |
||||
} |
||||
return false; |
||||
} |
||||
} |
@ -0,0 +1,22 @@
|
||||
package com.fr.security.function; |
||||
|
||||
import com.fr.plugin.context.PluginContext; |
||||
import com.fr.plugin.observer.inner.AbstractPluginLifecycleMonitor; |
||||
import com.fr.security.function.conf.RemoteEvalConfig; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-12 |
||||
*/ |
||||
public class RemoteEvalInitializeMonitor extends AbstractPluginLifecycleMonitor { |
||||
@Override |
||||
public void afterRun(PluginContext context) { |
||||
RemoteEvalConfig.getInstance(); |
||||
} |
||||
|
||||
@Override |
||||
public void beforeStop(PluginContext context) { |
||||
|
||||
} |
||||
} |
@ -0,0 +1,15 @@
|
||||
package com.fr.security.function; |
||||
|
||||
import com.fr.stable.fun.impl.AbstractLocaleFinder; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-12 |
||||
*/ |
||||
public class RemoteEvalLocaleFinder extends AbstractLocaleFinder { |
||||
@Override |
||||
public String find() { |
||||
return "com/fr/security/function/ref"; |
||||
} |
||||
} |
@ -0,0 +1,70 @@
|
||||
package com.fr.security.function.conf; |
||||
|
||||
import com.fr.config.ConfigContext; |
||||
import com.fr.config.DefaultConfiguration; |
||||
import com.fr.config.Identifier; |
||||
import com.fr.config.Status; |
||||
import com.fr.config.Visualization; |
||||
import com.fr.config.holder.Conf; |
||||
import com.fr.config.holder.factory.Holders; |
||||
import com.fr.stable.StringUtils; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-12 |
||||
*/ |
||||
@Visualization(category = "Plugin-Security") |
||||
public class RemoteEvalConfig extends DefaultConfiguration { |
||||
|
||||
private static volatile RemoteEvalConfig config = null; |
||||
|
||||
public static RemoteEvalConfig getInstance() { |
||||
if (config == null) { |
||||
config = ConfigContext.getConfigInstance(RemoteEvalConfig.class); |
||||
} |
||||
return config; |
||||
} |
||||
|
||||
@Identifier(value = "enable", name = "Plugin-Remote_Eval_Restrict", description = "Plugin-Remote_Eval_Restrict_Description", status = Status.SHOW) |
||||
private Conf<Boolean> enable = Holders.simple(true); |
||||
|
||||
@Identifier(value = "text", name = "Plugin-Remote_Eval_Restrict_Text", description = "Plugin-Remote_Eval_Restrict_Text_Description", status = Status.SHOW) |
||||
private Conf<String> text = Holders.simple(StringUtils.EMPTY); |
||||
|
||||
@Identifier(value = "signatureText", name = "Plugin-Remote_Signature_Key", description = "Plugin-Remote_Signature_Key", status = Status.SHOW) |
||||
private Conf<String> signatureText = Holders.simple(StringUtils.EMPTY); |
||||
|
||||
public boolean isEnable() { |
||||
return enable.get(); |
||||
} |
||||
|
||||
public void setEnable(boolean enable) { |
||||
this.enable.set(enable); |
||||
} |
||||
|
||||
public String getText() { |
||||
return text.get(); |
||||
} |
||||
|
||||
public void setText(String text) { |
||||
this.text.set(text); |
||||
} |
||||
|
||||
public String getSignatureText() { |
||||
return signatureText.get(); |
||||
} |
||||
|
||||
public void setSignatureText(String signatureText) { |
||||
this.signatureText.set(signatureText); |
||||
} |
||||
|
||||
@Override |
||||
public Object clone() throws CloneNotSupportedException { |
||||
RemoteEvalConfig cloned = (RemoteEvalConfig) super.clone(); |
||||
cloned.enable = (Conf<Boolean>) enable.clone(); |
||||
cloned.text = (Conf<String>) text.clone(); |
||||
cloned.signatureText = (Conf<String>) signatureText.clone(); |
||||
return cloned; |
||||
} |
||||
} |
@ -0,0 +1,29 @@
|
||||
package com.fr.security.function.holder; |
||||
|
||||
import com.fr.script.AbstractFunction; |
||||
import com.fr.security.function.conf.RemoteEvalConfig; |
||||
import com.fr.stable.StringUtils; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-12 |
||||
*/ |
||||
public class HolderFunction extends AbstractFunction { |
||||
|
||||
public static final HolderFunction ONE = new HolderFunction(); |
||||
|
||||
private HolderFunction() { |
||||
|
||||
} |
||||
|
||||
@Override |
||||
public Object run(Object[] args) { |
||||
String text = RemoteEvalConfig.getInstance().getText(); |
||||
if (StringUtils.isBlank(text)) { |
||||
throw new IllegalStateException("FR.remoteEvaluate cannot call this formula because of safety."); |
||||
} else { |
||||
return text; |
||||
} |
||||
} |
||||
} |
@ -0,0 +1,46 @@
|
||||
package com.fr.security.function.signature; |
||||
|
||||
import com.fr.cert.token.JwtBuilder; |
||||
import com.fr.cert.token.Jwts; |
||||
import com.fr.cert.token.SignatureAlgorithm; |
||||
import com.fr.general.GeneralUtils; |
||||
import com.fr.script.AbstractFunction; |
||||
import com.fr.security.function.conf.RemoteEvalConfig; |
||||
import com.fr.stable.ArrayUtils; |
||||
import com.fr.stable.Primitive; |
||||
|
||||
import java.util.Date; |
||||
|
||||
/** |
||||
* @author richie |
||||
* @version 10.0 |
||||
* Created by richie on 2019-01-14 |
||||
*/ |
||||
public class SignatureGenerator extends AbstractFunction { |
||||
|
||||
private static final long VALIDATE_TIME = 10 * 60 * 1000; |
||||
@Override |
||||
public Object run(Object[] args) { |
||||
if (ArrayUtils.isEmpty(args)) { |
||||
return Primitive.NULL; |
||||
} |
||||
return createJwt(GeneralUtils.objectToString(args[0]), RemoteEvalConfig.getInstance().getSignatureText()); |
||||
} |
||||
|
||||
private String createJwt(String subject, String key) { |
||||
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; |
||||
Date currentTime = new Date(); |
||||
Date expirationTime = new Date(currentTime.getTime() + VALIDATE_TIME); |
||||
JwtBuilder builder = Jwts.builder() |
||||
.setSubject(subject) |
||||
.setIssuedAt(currentTime) |
||||
.setExpiration(expirationTime) |
||||
.signWith(signatureAlgorithm, key); |
||||
return builder.compact(); |
||||
} |
||||
|
||||
public static void main(String... args) { |
||||
SignatureGenerator generator = new SignatureGenerator(); |
||||
System.out.println(generator.createJwt("/习题9.cpt", "GhzUsb4fmGwmSk57d3uBZ9jVFCRgZ9CVMT3WoomMHi4=")); |
||||
} |
||||
} |
@ -0,0 +1,6 @@
|
||||
Plugin-Remote_Eval_Restrict=Remote Eval Enable |
||||
Plugin-Remote_Eval_Restrict_Description=Allow Remote Function Eval |
||||
Plugin-Security=Security |
||||
Plugin-Remote_Eval_Restrict_Text=Return Error Text |
||||
Plugin-Remote_Eval_Restrict_Text_Description=Replace the real formula |
||||
Plugin-Remote_Signature_Key=Signature Key |
@ -0,0 +1,6 @@
|
||||
Plugin-Remote_Eval_Restrict=\u542F\u7528\u811A\u672C\u4E2D\u516C\u5F0F\u8C03\u7528\u9650\u5236 |
||||
Plugin-Remote_Eval_Restrict_Description=\u4E0D\u5141\u8BB8\u5728\u811A\u672C\u51FD\u6570\u4E2D\u8C03\u7528\u6570\u636E\u5E93\u76F8\u5173\u7684\u51FD\u6570 |
||||
Plugin-Security=\u5B89\u5168 |
||||
Plugin-Remote_Eval_Restrict_Text=\u51FD\u6570\u8FD4\u56DE\u503C |
||||
Plugin-Remote_Eval_Restrict_Text_Description=\u66FF\u6362\u6B63\u786E\u7684\u516C\u5F0F\u6267\u884C\u540E\u7684\u8FD4\u56DE\u503C |
||||
Plugin-Remote_Signature_Key=\u6570\u5B57\u7B7E\u540D\u79D8\u94A5 |
Loading…
Reference in new issue