Browse Source

Pull request #9253: KERNEL-11531 数据链接越权漏洞调用com.fr.invoke.ClassHelper中遍历搜索对象存在空间时间效率问题导致宕机

Merge in DESIGN/design from ~HENRY.WANG/design:release/11.0 to release/11.0

* commit '3d43b762187584ad75dc642ec460226d57fbf65f':
  KERNEL-11531  修改下设计,ColoneCollector中触发clone()
  KERNEL-11531 数据链接越权漏洞调用com.fr.invoke.ClassHelper中遍历搜索对象存在空间时间效率问题导致宕机
newui
Henry.Wang 2 years ago
parent
commit
b70ddc799a
  1. 37
      designer-base/src/main/java/com/fr/design/mainframe/authority/AuthorityTargetObjectCollector.java
  2. 66
      designer-base/src/main/java/com/fr/design/mainframe/authority/JTemplateAuthorityChecker.java

37
designer-base/src/main/java/com/fr/design/mainframe/authority/AuthorityTargetObjectCollector.java

@ -0,0 +1,37 @@
package com.fr.design.mainframe.authority;
import com.fr.base.CloneCollector;
import com.fr.base.Formula;
import com.fr.data.impl.NameDatabaseConnection;
import com.fr.data.impl.NameTableData;
import com.fr.report.cell.cellattr.core.group.DSColumn;
import com.fr.stable.FCloneable;
import java.util.ArrayList;
import java.util.List;
public class AuthorityTargetObjectCollector extends CloneCollector {
List<Object> targetObject = new ArrayList<>();
public AuthorityTargetObjectCollector(FCloneable rootObject) {
super(rootObject);
}
@Override
public void collect(Object object) {
if (object instanceof DSColumn || object instanceof Formula
|| object instanceof NameDatabaseConnection || object instanceof NameTableData) {
targetObject.add(object);
}
}
public List<Object> collectTargetObject() {
CloneCollector.setCollector(this);
this.targetObject = new ArrayList<>();
this.collect();
CloneCollector.clearCollector();
return targetObject;
}
}

66
designer-base/src/main/java/com/fr/design/mainframe/authority/JTemplateAuthorityChecker.java

@ -1,24 +1,24 @@
package com.fr.design.mainframe.authority;
import com.fr.base.CloneCollector;
import com.fr.design.dialog.FineJOptionPane;
import com.fr.design.i18n.Toolkit;
import com.fr.design.mainframe.DesignerContext;
import com.fr.design.mainframe.JTemplate;
import com.fr.design.mod.ModClassFilter;
import com.fr.file.ConnectionConfig;
import com.fr.file.TableDataConfig;
import com.fr.invoke.ClassHelper;
import com.fr.log.FineLoggerFactory;
import com.fr.stable.Filter;
import com.fr.workspace.WorkContext;
import com.fr.workspace.server.authority.user.UserAuthority;
import java.util.Collection;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -77,33 +77,42 @@ public class JTemplateAuthorityChecker {
public boolean isAuthority() {
long s = System.currentTimeMillis();
//遍历模板对象,根据checkerMap.keySet()把感兴趣的对象找出来
Map<String, Collection<Object>> targetObjects = ClassHelper.searchObject(jTemplate.getTarget(), checkerMap.keySet(), ClassFilter.getInstance());
List<Object> targetObjects = getTargetObjects();
//找到对应的checker,对对象进行检查
for (String name : targetObjects.keySet()) {
for (Object targetObject : targetObjects) {
String name = targetObject.getClass().getName();
ElementAuthorityChecker checker = checkerMap.get(name);
for (Object object : targetObjects.get(name)) {
if (authConnectionNames != null) {
Set<String> noAuthName = checker.getNoAuthConnectionNames(object, authConnectionNames);
Set<String> noAuthName = checker.getNoAuthConnectionNames(targetObject, authConnectionNames);
if (noAuthName != null) {
authFailConnectionNames.addAll(noAuthName);
}
}
if (authDatasetNames != null) {
Set<String> noAuthName = checker.getNoAuthDatasetNames(object, authDatasetNames);
Set<String> noAuthName = checker.getNoAuthDatasetNames(targetObject, authDatasetNames);
if (noAuthName != null) {
authFailDatasetNames.addAll(noAuthName);
}
}
}
}
authFailConnectionNames.retainAll(allConnectionNames);
authFailDatasetNames.retainAll(allDatasetNames);
FineLoggerFactory.getLogger().info("JTemplateAuthorityChecker check time consume:" + (System.currentTimeMillis() - s));
return authFailConnectionNames.size() == 0 && authFailDatasetNames.size() == 0;
}
private List<Object> getTargetObjects() {
List<Object> targetObjects = new ArrayList<>();
try {
AuthorityTargetObjectCollector authorityTargetObjectCollector
= new AuthorityTargetObjectCollector(jTemplate.getTarget());
targetObjects = authorityTargetObjectCollector.collectTargetObject();
} catch (Exception e) {
FineLoggerFactory.getLogger().error(e, e.getMessage());
}
return targetObjects;
}
public void showAuthorityFailPromptDialog() {
StringBuffer stringBuffer = new StringBuffer();
stringBuffer.append(Toolkit.i18nText("Fine-Design-Basic_Save_Failure"));
@ -151,38 +160,5 @@ public class JTemplateAuthorityChecker {
return stringBuffer.toString();
}
static class ClassFilter implements Filter<String> {
private static final Set<String> FILTER_SET = new HashSet<>();
private static final Set<String> START_WITH_SET = new HashSet<>();
private static final Filter<String> INSTANCE = new ModClassFilter();
public static Filter<String> getInstance() {
return INSTANCE;
}
static {
FILTER_SET.add("java.awt.image.BufferedImage");
FILTER_SET.add("sun.awt.AppContext");
FILTER_SET.add("com.fr.poly.creator.ECBlockCreator");
FILTER_SET.add("io.netty.channel.nio.SelectedSelectionKeySet");
FILTER_SET.add("com.fr.form.ui.ElementCaseImage");
FILTER_SET.add("this$0");
START_WITH_SET.add("com.fr.design");
}
@Override
public boolean accept(String s) {
if (FILTER_SET.contains(s)) {
return true;
}
for (String start : START_WITH_SET) {
if (s.startsWith(start)) {
return true;
}
}
return false;
}
}
}

Loading…
Cancel
Save