From 9662daabda7970fca695dcad51759ccb984204e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=97=AD=E6=97=AD?= Date: Thu, 6 Apr 2023 17:11:47 +0800 Subject: [PATCH] =?UTF-8?q?REPORT-91727=20=E5=AF=B9=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E8=BE=93=E5=85=A5=E7=9A=84=E5=8F=82=E6=95=B0=E8=BF=9B=E8=A1=8C?= =?UTF-8?q?=E7=BB=9F=E4=B8=80=E6=A0=A1=E9=AA=8C=20feat=EF=BC=9Adcm?= =?UTF-8?q?=E4=BB=93=E5=BA=93=E9=87=8C=E9=9D=A2=E6=9C=89=E4=B8=A4=E4=B8=AA?= =?UTF-8?q?=E5=9C=BA=E6=99=AF=EF=BC=8C=E8=BF=99=E9=87=8C=E5=BC=95=E5=85=A5?= =?UTF-8?q?=E8=BF=9B=E6=9D=A5=E8=A1=A5=E5=85=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../checkIllegalStrings.ts | 44 +++++++++++++++++++ .../core/checkIllegalStrings/constant.ts | 15 +++++++ src/modules/core/index.ts | 1 + .../connection/list/list_item/list_item.ts | 12 +++++ src/modules/pages/maintain/forms/form.ts | 7 +++ 5 files changed, 79 insertions(+) create mode 100644 src/modules/core/checkIllegalStrings/checkIllegalStrings.ts create mode 100644 src/modules/core/checkIllegalStrings/constant.ts create mode 100644 src/modules/core/index.ts diff --git a/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts new file mode 100644 index 0000000..696d8fb --- /dev/null +++ b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts @@ -0,0 +1,44 @@ +/* + https://work.fineres.com/browse/REPORT-91724 用于参数统一校验 + */ +import { ILLEGAL_STRINGS } from "./constant"; +export type CheckResult = { + legal: boolean, + errorMsg: string, +} +export const CHECK_CORRECT: CheckResult = { + legal: true, + errorMsg: "", +}; + +/** + * 检测非法字符,返回错误提示 + * @param value 要校验的字符串 + */ +export function checkIllegalStrings(value: string): CheckResult { + // 后端传入的校验开关,如果没传,那也默认开启 + const enabled = Dec.system.enableParameterVerify ?? true; + if (enabled) { + const illegalStringIndex = ILLEGAL_STRINGS.findIndex(s => value.includes(s)); + if (illegalStringIndex === -1) { + return CHECK_CORRECT; + } + + return { + legal: false, + errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${ILLEGAL_STRINGS[illegalStringIndex]}`, + }; + } + + return CHECK_CORRECT; +} + +export function checkIllegalStringsInWidgetAndShowError(widget: any) { + const value = widget.getValue(); + const result = checkIllegalStrings(value); + if (!result.legal) { + widget.showError(result.errorMsg); + } + + return result.legal; +} diff --git a/src/modules/core/checkIllegalStrings/constant.ts b/src/modules/core/checkIllegalStrings/constant.ts new file mode 100644 index 0000000..a034a3f --- /dev/null +++ b/src/modules/core/checkIllegalStrings/constant.ts @@ -0,0 +1,15 @@ +/** + * 参数检验的非法字符数组 + */ +export const ILLEGAL_STRINGS = [ + "\"", + "<", + ">", + "&", + "/script", + "javascript:", + "onblur", + "getRuntime", + "ProcessBuilder", + "java.lang.ProcessImpl", +]; diff --git a/src/modules/core/index.ts b/src/modules/core/index.ts new file mode 100644 index 0000000..efe056c --- /dev/null +++ b/src/modules/core/index.ts @@ -0,0 +1 @@ +export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings" diff --git a/src/modules/pages/connection/list/list_item/list_item.ts b/src/modules/pages/connection/list/list_item/list_item.ts index 60736d3..e61114c 100644 --- a/src/modules/pages/connection/list/list_item/list_item.ts +++ b/src/modules/pages/connection/list/list_item/list_item.ts @@ -7,6 +7,7 @@ import { connectionCanEdit, getTextByDatabaseType, getChartLength } from '../../ import { testConnection } from '../../../maintain/forms/form.server'; import { DownListCombo, Label, SignEditor } from '@fui/core'; import { ApiFactory } from '../../../../crud/apiFactory'; +import { checkIllegalStrings } from "@core/index"; const api = new ApiFactory().create(); @@ -89,6 +90,17 @@ export class ListItem extends BI.BasicButton { return; } + const result = checkIllegalStrings(newName); + if (!result.legal) { + BI.Msg.toast(result.errorMsg, { + level: 'error', + }); + this.store.setIsEdit(false, name); + this.nameLabel.setText(name); + this.nameEditor.setValue(name); + + return; + } this.store.changeName(name, newName).then(re => { this.store.setIsEdit(false, name); if (re.errorCode) { diff --git a/src/modules/pages/maintain/forms/form.ts b/src/modules/pages/maintain/forms/form.ts index 609b880..4039f81 100644 --- a/src/modules/pages/maintain/forms/form.ts +++ b/src/modules/pages/maintain/forms/form.ts @@ -8,6 +8,7 @@ import { ConnectionJDBC, Connection, ResultType } from 'src/modules/crud/crud.ty import { DEFAULT_JNDI_DATA, DEFAULT_JDBC_POOL, DATEBASE_FILTER_TYPE } from '@constants/constant'; import { getJdbcDatabaseType, getChartLength } from '../../../app.service'; import { NAME_MAX_LENGTH } from '../../../app.constant'; +import { checkIllegalStrings } from "@core/index"; @shortcut() @store(MaintainFormModel) @@ -209,6 +210,12 @@ export class MaintainForm extends BI.Widget { if (this.form.validation && !this.form.validation()) { return false; } + const result = checkIllegalStrings(value.connectionName); + if (!result.legal) { + this.setFromError(result.errorMsg); + + return false; + } return true; }