forked from fanruan/demo-function-defender
richie
6 years ago
commit
d1256b9323
12 changed files with 425 additions and 0 deletions
@ -0,0 +1,5 @@ |
|||||||
|
*.iml |
||||||
|
.idea/ |
||||||
|
.DS_Store |
||||||
|
.classpath |
||||||
|
lib/report/* |
@ -0,0 +1,130 @@ |
|||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?> |
||||||
|
<project basedir="." default="jar" name="plugin"> |
||||||
|
<!-- JDK路径,根据自己机器上实际位置修改--> |
||||||
|
<property name="jdk.home" value="/Library/Java/JavaVirtualMachines/jdk1.8/Contents/Home"/> |
||||||
|
|
||||||
|
<property name="libs" value="${basedir}/lib"/> |
||||||
|
<property name="publicLibs" value=""/> |
||||||
|
<property name="reportLibs" value="lib/report"/> |
||||||
|
<property name="destLoc" value="."/> |
||||||
|
<property name="classes" value="classes"/> |
||||||
|
<xmlproperty file="${basedir}/plugin.xml"/> |
||||||
|
<property name="current-version" value="${plugin.version}"/> |
||||||
|
|
||||||
|
<!-- 插件版本--> |
||||||
|
<property name="plugin-version" value="${current-version}"/> |
||||||
|
<!-- 插件名字--> |
||||||
|
<property name="plugin-name" value="function-defender"/> |
||||||
|
<property name="plugin-jar" value="fr-plugin-${plugin-name}-${plugin-version}.jar"/> |
||||||
|
|
||||||
|
<target name="prepare"> |
||||||
|
<delete dir="${classes}"/> |
||||||
|
<delete dir="fr-plugin-${plugin-name}-${plugin-version}"/> |
||||||
|
<xmlproperty file="${basedir}/plugin.xml"/> |
||||||
|
<delete dir="${destLoc}/${plugin.name}"/> |
||||||
|
</target> |
||||||
|
<path id="compile.classpath"> |
||||||
|
<fileset dir="${libs}"> |
||||||
|
<include name="**/*.jar"/> |
||||||
|
</fileset> |
||||||
|
<fileset dir="${publicLibs}"> |
||||||
|
<include name="**/*.jar"/> |
||||||
|
</fileset> |
||||||
|
<fileset dir="${reportLibs}"> |
||||||
|
<include name="**/*.jar"/> |
||||||
|
</fileset> |
||||||
|
</path> |
||||||
|
<patternset id="resources4Jar"> |
||||||
|
<exclude name="**/.settings/**"/> |
||||||
|
<exclude name=".classpath"/> |
||||||
|
<exclude name=".project"/> |
||||||
|
|
||||||
|
<exclude name="**/*.java"/> |
||||||
|
<exclude name="**/*.db"/> |
||||||
|
<exclude name="**/*.g"/> |
||||||
|
<exclude name="**/package.html"/> |
||||||
|
</patternset> |
||||||
|
<target name="copy_resources"> |
||||||
|
<echo message="从${resources_from}拷贝图片,JS,CSS等资源文件"/> |
||||||
|
<delete dir="tmp"/> |
||||||
|
<copy todir="tmp"> |
||||||
|
<fileset dir="${resources_from}/src/main/resources"> |
||||||
|
<patternset refid="resources4Jar"/> |
||||||
|
</fileset> |
||||||
|
</copy> |
||||||
|
<copy todir="${classes}"> |
||||||
|
<fileset dir="tmp"/> |
||||||
|
</copy> |
||||||
|
<delete dir="tmp"/> |
||||||
|
</target> |
||||||
|
<target name="compile_javas"> |
||||||
|
<echo message="编译${compile_files}下的Java文件"/> |
||||||
|
<javac destdir="${classes}" debug="false" optimize="on" source="${source_jdk_version}" |
||||||
|
target="${target_jdk_version}" |
||||||
|
fork="true" memoryMaximumSize="512m" listfiles="false" srcdir="${basedir}" |
||||||
|
executable="${compile_jdk_version}/bin/javac"> |
||||||
|
<src path="${basedir}/src/main/java"/> |
||||||
|
<exclude name="**/.svn/**"/> |
||||||
|
<compilerarg line="-encoding UTF8 "/> |
||||||
|
<classpath refid="compile.classpath"/> |
||||||
|
</javac> |
||||||
|
<taskdef name="pretreatment" classname="com.fr.plugin.pack.PluginPretreatmentTask"> |
||||||
|
<classpath refid="compile.classpath"/> |
||||||
|
</taskdef> |
||||||
|
<pretreatment baseDir="${basedir}"/> |
||||||
|
</target> |
||||||
|
|
||||||
|
<target name="jar_classes"> |
||||||
|
<echo message="打Jar包:${jar_name}"/> |
||||||
|
<delete file="${basedir}/${jar_name}"/> |
||||||
|
<jar jarfile="${basedir}/${jar_name}"> |
||||||
|
<fileset dir="${classes}"> |
||||||
|
</fileset> |
||||||
|
</jar> |
||||||
|
</target> |
||||||
|
|
||||||
|
<target name="super_jar" depends="prepare"> |
||||||
|
<antcall target="copy_resources"> |
||||||
|
<param name="resources_from" value="${basedir}"/> |
||||||
|
</antcall> |
||||||
|
<antcall target="compile_javas"> |
||||||
|
<param name="source_jdk_version" value="1.6"/> |
||||||
|
<param name="target_jdk_version" value="1.6"/> |
||||||
|
<param name="compile_jdk_version" value="${jdk.home}"/> |
||||||
|
<param name="compile_files" value="${basedir}/src"/> |
||||||
|
</antcall> |
||||||
|
<echo message="compile plugin success!"/> |
||||||
|
|
||||||
|
<antcall target="jar_classes"> |
||||||
|
<param name="jar_name" value="${plugin-jar}"/> |
||||||
|
</antcall> |
||||||
|
<delete dir="${classes}"/> |
||||||
|
|
||||||
|
</target> |
||||||
|
|
||||||
|
<target name="jar" depends="super_jar"> |
||||||
|
<antcall target="zip"/> |
||||||
|
</target> |
||||||
|
|
||||||
|
<target name="zip"> |
||||||
|
<property name="plugin-folder" value="fr-plugin-${plugin-name}-${plugin-version}"/> |
||||||
|
<echo message="----------zip files----------"/> |
||||||
|
<mkdir dir="${plugin-folder}"/> |
||||||
|
<copy todir="${plugin-folder}"> |
||||||
|
<fileset dir="."> |
||||||
|
<include name="${plugin-jar}"/> |
||||||
|
<include name="plugin.xml"/> |
||||||
|
</fileset> |
||||||
|
<fileset dir="${libs}"> |
||||||
|
<include name="*.jar"/> |
||||||
|
<include name="*.dll"/> |
||||||
|
</fileset> |
||||||
|
</copy> |
||||||
|
<zip destfile="${basedir}/${plugin-folder}.zip" basedir="."> |
||||||
|
<include name="${plugin-folder}/*.jar"/> |
||||||
|
<include name="${plugin-folder}/*.dll"/> |
||||||
|
<include name="${plugin-folder}/plugin.xml"/> |
||||||
|
</zip> |
||||||
|
<move file="${plugin-folder}.zip" todir="${destLoc}/install"/> |
||||||
|
</target> |
||||||
|
</project> |
@ -0,0 +1,23 @@ |
|||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?> |
||||||
|
<plugin> |
||||||
|
<id>com.fr.security.function</id> |
||||||
|
<main-package>com.fr.security.function</main-package> |
||||||
|
<name><![CDATA[函数远程调用限制]]></name> |
||||||
|
<active>yes</active> |
||||||
|
<version>1.2</version> |
||||||
|
<env-version>10.0</env-version> |
||||||
|
<jartime>2019-01-11</jartime> |
||||||
|
<vendor>richie</vendor> |
||||||
|
<description><![CDATA[限制能够被远程调用的函数。]]></description> |
||||||
|
<change-notes><![CDATA[ |
||||||
|
[2019-01-14]增加数字签名生成函数。<br/> |
||||||
|
[2019-01-12]初始化插件。<br/> |
||||||
|
]]></change-notes> |
||||||
|
<extra-core> |
||||||
|
<LocaleFinder class="com.fr.security.function.RemoteEvalLocaleFinder"/> |
||||||
|
<FunctionDefendProvider class="com.fr.security.function.RemoteEvalFunctionDefender"/> |
||||||
|
<FunctionDefineProvider class="com.fr.security.function.signature.SignatureGenerator" name="SignatureGenerator" description="生成模板路径的数字签名"/> |
||||||
|
</extra-core> |
||||||
|
<function-recorder class="com.fr.security.function.RemoteEvalFunctionDefender"/> |
||||||
|
<lifecycle-monitor class="com.fr.security.function.RemoteEvalInitializeMonitor"/> |
||||||
|
</plugin> |
@ -0,0 +1,35 @@ |
|||||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" |
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> |
||||||
|
<modelVersion>4.0.0</modelVersion> |
||||||
|
|
||||||
|
<parent> |
||||||
|
<groupId>com.fr.maven</groupId> |
||||||
|
<artifactId>finereport-maven</artifactId> |
||||||
|
<version>10.0</version> |
||||||
|
</parent> |
||||||
|
<packaging>jar</packaging> |
||||||
|
<artifactId>demo-function-defender</artifactId> |
||||||
|
<dependencies> |
||||||
|
<dependency> |
||||||
|
<groupId>com.fr.core</groupId> |
||||||
|
<artifactId>fine-core-sdk</artifactId> |
||||||
|
<version>10.0</version> |
||||||
|
</dependency> |
||||||
|
</dependencies> |
||||||
|
<build> |
||||||
|
<!---如果要更改调试插件,改这里的配置就可以了--> |
||||||
|
<outputDirectory>${web-inf-path}/plugins/plugin-com.fr.security.function-1.0/classes</outputDirectory> |
||||||
|
<plugins> |
||||||
|
<plugin> |
||||||
|
<groupId>org.apache.maven.plugins</groupId> |
||||||
|
<artifactId>maven-compiler-plugin</artifactId> |
||||||
|
<configuration> |
||||||
|
<source>6</source> |
||||||
|
<target>6</target> |
||||||
|
</configuration> |
||||||
|
</plugin> |
||||||
|
</plugins> |
||||||
|
</build> |
||||||
|
</project> |
@ -0,0 +1,38 @@ |
|||||||
|
package com.fr.security.function; |
||||||
|
|
||||||
|
import com.fr.intelli.record.Focus; |
||||||
|
import com.fr.record.analyzer.EnableMetrics; |
||||||
|
import com.fr.security.function.conf.RemoteEvalConfig; |
||||||
|
import com.fr.security.function.holder.HolderFunction; |
||||||
|
import com.fr.stable.fun.impl.AbstractFunctionDefendProvider; |
||||||
|
import com.fr.stable.script.CalculatorProvider; |
||||||
|
import com.fr.stable.script.Function; |
||||||
|
|
||||||
|
import java.lang.annotation.Annotation; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-12 |
||||||
|
*/ |
||||||
|
@EnableMetrics |
||||||
|
public class RemoteEvalFunctionDefender extends AbstractFunctionDefendProvider { |
||||||
|
|
||||||
|
@Override |
||||||
|
@Focus(id = "com.fr.security.function", text = "defender") |
||||||
|
public Function replacer(CalculatorProvider calculator, Class clazz) { |
||||||
|
return HolderFunction.ONE; |
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public boolean match(CalculatorProvider calculator, Class clazz) { |
||||||
|
if (RemoteEvalConfig.getInstance().isEnable()) { |
||||||
|
Boolean mark = calculator.getAttribute(RestrictScriptKey.KEY); |
||||||
|
if (mark != null && mark) { |
||||||
|
Annotation restrict = clazz.getAnnotation(RestrictScript.class); |
||||||
|
return restrict != null; |
||||||
|
} |
||||||
|
} |
||||||
|
return false; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,22 @@ |
|||||||
|
package com.fr.security.function; |
||||||
|
|
||||||
|
import com.fr.plugin.context.PluginContext; |
||||||
|
import com.fr.plugin.observer.inner.AbstractPluginLifecycleMonitor; |
||||||
|
import com.fr.security.function.conf.RemoteEvalConfig; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-12 |
||||||
|
*/ |
||||||
|
public class RemoteEvalInitializeMonitor extends AbstractPluginLifecycleMonitor { |
||||||
|
@Override |
||||||
|
public void afterRun(PluginContext context) { |
||||||
|
RemoteEvalConfig.getInstance(); |
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public void beforeStop(PluginContext context) { |
||||||
|
|
||||||
|
} |
||||||
|
} |
@ -0,0 +1,15 @@ |
|||||||
|
package com.fr.security.function; |
||||||
|
|
||||||
|
import com.fr.stable.fun.impl.AbstractLocaleFinder; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-12 |
||||||
|
*/ |
||||||
|
public class RemoteEvalLocaleFinder extends AbstractLocaleFinder { |
||||||
|
@Override |
||||||
|
public String find() { |
||||||
|
return "com/fr/security/function/ref"; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,70 @@ |
|||||||
|
package com.fr.security.function.conf; |
||||||
|
|
||||||
|
import com.fr.config.ConfigContext; |
||||||
|
import com.fr.config.DefaultConfiguration; |
||||||
|
import com.fr.config.Identifier; |
||||||
|
import com.fr.config.Status; |
||||||
|
import com.fr.config.Visualization; |
||||||
|
import com.fr.config.holder.Conf; |
||||||
|
import com.fr.config.holder.factory.Holders; |
||||||
|
import com.fr.stable.StringUtils; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-12 |
||||||
|
*/ |
||||||
|
@Visualization(category = "Plugin-Security") |
||||||
|
public class RemoteEvalConfig extends DefaultConfiguration { |
||||||
|
|
||||||
|
private static volatile RemoteEvalConfig config = null; |
||||||
|
|
||||||
|
public static RemoteEvalConfig getInstance() { |
||||||
|
if (config == null) { |
||||||
|
config = ConfigContext.getConfigInstance(RemoteEvalConfig.class); |
||||||
|
} |
||||||
|
return config; |
||||||
|
} |
||||||
|
|
||||||
|
@Identifier(value = "enable", name = "Plugin-Remote_Eval_Restrict", description = "Plugin-Remote_Eval_Restrict_Description", status = Status.SHOW) |
||||||
|
private Conf<Boolean> enable = Holders.simple(true); |
||||||
|
|
||||||
|
@Identifier(value = "text", name = "Plugin-Remote_Eval_Restrict_Text", description = "Plugin-Remote_Eval_Restrict_Text_Description", status = Status.SHOW) |
||||||
|
private Conf<String> text = Holders.simple(StringUtils.EMPTY); |
||||||
|
|
||||||
|
@Identifier(value = "signatureText", name = "Plugin-Remote_Signature_Key", description = "Plugin-Remote_Signature_Key", status = Status.SHOW) |
||||||
|
private Conf<String> signatureText = Holders.simple(StringUtils.EMPTY); |
||||||
|
|
||||||
|
public boolean isEnable() { |
||||||
|
return enable.get(); |
||||||
|
} |
||||||
|
|
||||||
|
public void setEnable(boolean enable) { |
||||||
|
this.enable.set(enable); |
||||||
|
} |
||||||
|
|
||||||
|
public String getText() { |
||||||
|
return text.get(); |
||||||
|
} |
||||||
|
|
||||||
|
public void setText(String text) { |
||||||
|
this.text.set(text); |
||||||
|
} |
||||||
|
|
||||||
|
public String getSignatureText() { |
||||||
|
return signatureText.get(); |
||||||
|
} |
||||||
|
|
||||||
|
public void setSignatureText(String signatureText) { |
||||||
|
this.signatureText.set(signatureText); |
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public Object clone() throws CloneNotSupportedException { |
||||||
|
RemoteEvalConfig cloned = (RemoteEvalConfig) super.clone(); |
||||||
|
cloned.enable = (Conf<Boolean>) enable.clone(); |
||||||
|
cloned.text = (Conf<String>) text.clone(); |
||||||
|
cloned.signatureText = (Conf<String>) signatureText.clone(); |
||||||
|
return cloned; |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,29 @@ |
|||||||
|
package com.fr.security.function.holder; |
||||||
|
|
||||||
|
import com.fr.script.AbstractFunction; |
||||||
|
import com.fr.security.function.conf.RemoteEvalConfig; |
||||||
|
import com.fr.stable.StringUtils; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-12 |
||||||
|
*/ |
||||||
|
public class HolderFunction extends AbstractFunction { |
||||||
|
|
||||||
|
public static final HolderFunction ONE = new HolderFunction(); |
||||||
|
|
||||||
|
private HolderFunction() { |
||||||
|
|
||||||
|
} |
||||||
|
|
||||||
|
@Override |
||||||
|
public Object run(Object[] args) { |
||||||
|
String text = RemoteEvalConfig.getInstance().getText(); |
||||||
|
if (StringUtils.isBlank(text)) { |
||||||
|
throw new IllegalStateException("FR.remoteEvaluate cannot call this formula because of safety."); |
||||||
|
} else { |
||||||
|
return text; |
||||||
|
} |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,46 @@ |
|||||||
|
package com.fr.security.function.signature; |
||||||
|
|
||||||
|
import com.fr.cert.token.JwtBuilder; |
||||||
|
import com.fr.cert.token.Jwts; |
||||||
|
import com.fr.cert.token.SignatureAlgorithm; |
||||||
|
import com.fr.general.GeneralUtils; |
||||||
|
import com.fr.script.AbstractFunction; |
||||||
|
import com.fr.security.function.conf.RemoteEvalConfig; |
||||||
|
import com.fr.stable.ArrayUtils; |
||||||
|
import com.fr.stable.Primitive; |
||||||
|
|
||||||
|
import java.util.Date; |
||||||
|
|
||||||
|
/** |
||||||
|
* @author richie |
||||||
|
* @version 10.0 |
||||||
|
* Created by richie on 2019-01-14 |
||||||
|
*/ |
||||||
|
public class SignatureGenerator extends AbstractFunction { |
||||||
|
|
||||||
|
private static final long VALIDATE_TIME = 10 * 60 * 1000; |
||||||
|
@Override |
||||||
|
public Object run(Object[] args) { |
||||||
|
if (ArrayUtils.isEmpty(args)) { |
||||||
|
return Primitive.NULL; |
||||||
|
} |
||||||
|
return createJwt(GeneralUtils.objectToString(args[0]), RemoteEvalConfig.getInstance().getSignatureText()); |
||||||
|
} |
||||||
|
|
||||||
|
private String createJwt(String subject, String key) { |
||||||
|
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; |
||||||
|
Date currentTime = new Date(); |
||||||
|
Date expirationTime = new Date(currentTime.getTime() + VALIDATE_TIME); |
||||||
|
JwtBuilder builder = Jwts.builder() |
||||||
|
.setSubject(subject) |
||||||
|
.setIssuedAt(currentTime) |
||||||
|
.setExpiration(expirationTime) |
||||||
|
.signWith(signatureAlgorithm, key); |
||||||
|
return builder.compact(); |
||||||
|
} |
||||||
|
|
||||||
|
public static void main(String... args) { |
||||||
|
SignatureGenerator generator = new SignatureGenerator(); |
||||||
|
System.out.println(generator.createJwt("/习题9.cpt", "GhzUsb4fmGwmSk57d3uBZ9jVFCRgZ9CVMT3WoomMHi4=")); |
||||||
|
} |
||||||
|
} |
@ -0,0 +1,6 @@ |
|||||||
|
Plugin-Remote_Eval_Restrict=Remote Eval Enable |
||||||
|
Plugin-Remote_Eval_Restrict_Description=Allow Remote Function Eval |
||||||
|
Plugin-Security=Security |
||||||
|
Plugin-Remote_Eval_Restrict_Text=Return Error Text |
||||||
|
Plugin-Remote_Eval_Restrict_Text_Description=Replace the real formula |
||||||
|
Plugin-Remote_Signature_Key=Signature Key |
@ -0,0 +1,6 @@ |
|||||||
|
Plugin-Remote_Eval_Restrict=\u542F\u7528\u811A\u672C\u4E2D\u516C\u5F0F\u8C03\u7528\u9650\u5236 |
||||||
|
Plugin-Remote_Eval_Restrict_Description=\u4E0D\u5141\u8BB8\u5728\u811A\u672C\u51FD\u6570\u4E2D\u8C03\u7528\u6570\u636E\u5E93\u76F8\u5173\u7684\u51FD\u6570 |
||||||
|
Plugin-Security=\u5B89\u5168 |
||||||
|
Plugin-Remote_Eval_Restrict_Text=\u51FD\u6570\u8FD4\u56DE\u503C |
||||||
|
Plugin-Remote_Eval_Restrict_Text_Description=\u66FF\u6362\u6B63\u786E\u7684\u516C\u5F0F\u6267\u884C\u540E\u7684\u8FD4\u56DE\u503C |
||||||
|
Plugin-Remote_Signature_Key=\u6570\u5B57\u7B7E\u540D\u79D8\u94A5 |
Loading…
Reference in new issue