Pull request #7368: REPORT-91727 对用户输入的参数进行统一校验

Merge in DEC/decision-webui-dcm from ~CRAWFORD.ZHOU/decision-webui-dcm:feature/x to feature/x * commit '9662daabda7970fca695dcad51759ccb984204e0': REPORT-91727 对用户输入的参数进行统一校验 feat：dcm仓库里面有两个场景，这里引入进来补充
2 years ago · ba69350d0a
5 changed files with 79 additions and 0 deletions
--- a/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts
+++ b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts
@ -0,0 +1,44 @@
 /*
  https://work.fineres.com/browse/REPORT-91724 用于参数统一校验
 */
 import { ILLEGAL_STRINGS } from "./constant";
 export type CheckResult = {
    legal: boolean,
    errorMsg: string,
 }
 export const CHECK_CORRECT: CheckResult = {
    legal: true,
    errorMsg: "",
 };
 /**
 * 检测非法字符，返回错误提示
  * @param value 要校验的字符串
 */
 export function checkIllegalStrings(value: string): CheckResult {
    // 后端传入的校验开关，如果没传，那也默认开启
    const enabled = Dec.system.enableParameterVerify ?? true;
    if (enabled) {
        const illegalStringIndex = ILLEGAL_STRINGS.findIndex(s => value.includes(s));
        if (illegalStringIndex === -1) {
            return CHECK_CORRECT;
        }
        return {
            legal: false,
            errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${ILLEGAL_STRINGS[illegalStringIndex]}`,
        };
    }
    return CHECK_CORRECT;
 }
 export function checkIllegalStringsInWidgetAndShowError(widget: any) {
    const value = widget.getValue();
    const result = checkIllegalStrings(value);
    if (!result.legal) {
        widget.showError(result.errorMsg);
    }
    return result.legal;
 }
--- a/src/modules/core/checkIllegalStrings/constant.ts
+++ b/src/modules/core/checkIllegalStrings/constant.ts
@ -0,0 +1,15 @@
 /**
 * 参数检验的非法字符数组
 */
 export const ILLEGAL_STRINGS = [
    "\"",
    "<",
    ">",
    "&",
    "/script",
    "javascript:",
    "onblur",
    "getRuntime",
    "ProcessBuilder",
    "java.lang.ProcessImpl",
 ];
--- a/src/modules/core/index.ts
+++ b/src/modules/core/index.ts
@ -0,0 +1 @@
 export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings"
--- a/src/modules/pages/connection/list/list_item/list_item.ts
+++ b/src/modules/pages/connection/list/list_item/list_item.ts
@ -7,6 +7,7 @@ import { connectionCanEdit, getTextByDatabaseType, getChartLength } from '../../
 import { testConnection } from '../../../maintain/forms/form.server';
 import { DownListCombo, Label, SignEditor } from '@fui/core';
 import { ApiFactory } from '../../../../crud/apiFactory';
 import { checkIllegalStrings } from "@core/index";
 const api = new ApiFactory().create();
@ -89,6 +90,17 @@ export class ListItem extends BI.BasicButton {
                                    return;
                                }
                                const result = checkIllegalStrings(newName);
                                if (!result.legal) {
                                    BI.Msg.toast(result.errorMsg, {
                                        level: 'error',
                                    });
                                    this.store.setIsEdit(false, name);
                                    this.nameLabel.setText(name);
                                    this.nameEditor.setValue(name);
                                    return;
                                }
                                this.store.changeName(name, newName).then(re => {
                                    this.store.setIsEdit(false, name);
                                    if (re.errorCode) {
--- a/src/modules/pages/maintain/forms/form.ts
+++ b/src/modules/pages/maintain/forms/form.ts
@ -8,6 +8,7 @@ import { ConnectionJDBC, Connection, ResultType } from 'src/modules/crud/crud.ty
 import { DEFAULT_JNDI_DATA, DEFAULT_JDBC_POOL, DATEBASE_FILTER_TYPE } from '@constants/constant';
 import { getJdbcDatabaseType, getChartLength } from '../../../app.service';
 import { NAME_MAX_LENGTH } from '../../../app.constant';
 import { checkIllegalStrings } from "@core/index";
@shortcut()
@store(MaintainFormModel)
@ -209,6 +210,12 @@ export class MaintainForm extends BI.Widget {
        if (this.form.validation && !this.form.validation()) {
            return false;
        }
        const result = checkIllegalStrings(value.connectionName);
        if (!result.legal) {
            this.setFromError(result.errorMsg);
            return false;
        }
        return true;
    }
		`@ -0,0 +1 @@`
							`export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings"`