Pull request #7368: REPORT-91727 对用户输入的参数进行统一校验

Merge in DEC/decision-webui-dcm from ~CRAWFORD.ZHOU/decision-webui-dcm:feature/x to feature/x * commit '9662daabda7970fca695dcad51759ccb984204e0': REPORT-91727 对用户输入的参数进行统一校验 feat：dcm仓库里面有两个场景，这里引入进来补充
2 years ago · ba69350d0a
5 changed files with 79 additions and 0 deletions
--- a/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts
+++ b/src/modules/core/checkIllegalStrings/checkIllegalStrings.ts
@ -0,0 +1,44 @@
+/*
+  https://work.fineres.com/browse/REPORT-91724 用于参数统一校验
+ */
+import { ILLEGAL_STRINGS } from "./constant";
+export type CheckResult = {
+    legal: boolean,
+    errorMsg: string,
+}
+export const CHECK_CORRECT: CheckResult = {
+    legal: true,
+    errorMsg: "",
+};
+
+/**
+ * 检测非法字符，返回错误提示
+  * @param value 要校验的字符串
+ */
+export function checkIllegalStrings(value: string): CheckResult {
+    // 后端传入的校验开关，如果没传，那也默认开启
+    const enabled = Dec.system.enableParameterVerify ?? true;
+    if (enabled) {
+        const illegalStringIndex = ILLEGAL_STRINGS.findIndex(s => value.includes(s));
+        if (illegalStringIndex === -1) {
+            return CHECK_CORRECT;
+        }
+
+        return {
+            legal: false,
+            errorMsg: `${BI.i18nText("Dec-Basic_Check_Illegal_Strings")}${ILLEGAL_STRINGS[illegalStringIndex]}`,
+        };
+    }
+
+    return CHECK_CORRECT;
+}
+
+export function checkIllegalStringsInWidgetAndShowError(widget: any) {
+    const value = widget.getValue();
+    const result = checkIllegalStrings(value);
+    if (!result.legal) {
+        widget.showError(result.errorMsg);
+    }
+
+    return result.legal;
+}
--- a/src/modules/core/checkIllegalStrings/constant.ts
+++ b/src/modules/core/checkIllegalStrings/constant.ts
@ -0,0 +1,15 @@
+/**
+ * 参数检验的非法字符数组
+ */
+export const ILLEGAL_STRINGS = [
+    "\"",
+    "<",
+    ">",
+    "&",
+    "/script",
+    "javascript:",
+    "onblur",
+    "getRuntime",
+    "ProcessBuilder",
+    "java.lang.ProcessImpl",
+];
--- a/src/modules/core/index.ts
+++ b/src/modules/core/index.ts
@ -0,0 +1 @@
+export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings"
--- a/src/modules/pages/connection/list/list_item/list_item.ts
+++ b/src/modules/pages/connection/list/list_item/list_item.ts
@ -7,6 +7,7 @@ import { connectionCanEdit, getTextByDatabaseType, getChartLength } from '../../
 import { testConnection } from '../../../maintain/forms/form.server';
 import { DownListCombo, Label, SignEditor } from '@fui/core';
 import { ApiFactory } from '../../../../crud/apiFactory';
+import { checkIllegalStrings } from "@core/index";

 const api = new ApiFactory().create();

@ -89,6 +90,17 @@ export class ListItem extends BI.BasicButton {

                                    return;
                                }
+                                const result = checkIllegalStrings(newName);
+                                if (!result.legal) {
+                                    BI.Msg.toast(result.errorMsg, {
+                                        level: 'error',
+                                    });
+                                    this.store.setIsEdit(false, name);
+                                    this.nameLabel.setText(name);
+                                    this.nameEditor.setValue(name);
+
+                                    return;
+                                }
                                this.store.changeName(name, newName).then(re => {
                                    this.store.setIsEdit(false, name);
                                    if (re.errorCode) {
--- a/src/modules/pages/maintain/forms/form.ts
+++ b/src/modules/pages/maintain/forms/form.ts
@ -8,6 +8,7 @@ import { ConnectionJDBC, Connection, ResultType } from 'src/modules/crud/crud.ty
 import { DEFAULT_JNDI_DATA, DEFAULT_JDBC_POOL, DATEBASE_FILTER_TYPE } from '@constants/constant';
 import { getJdbcDatabaseType, getChartLength } from '../../../app.service';
 import { NAME_MAX_LENGTH } from '../../../app.constant';
+import { checkIllegalStrings } from "@core/index";

@shortcut()
@store(MaintainFormModel)
@ -209,6 +210,12 @@ export class MaintainForm extends BI.Widget {
        if (this.form.validation && !this.form.validation()) {
            return false;
        }
+        const result = checkIllegalStrings(value.connectionName);
+        if (!result.legal) {
+            this.setFromError(result.errorMsg);
+
+            return false;
+        }

        return true;
    }
				`@ -0,0 +1 @@`
				`export { checkIllegalStringsInWidgetAndShowError, checkIllegalStrings } from "./checkIllegalStrings/checkIllegalStrings"`