Browse Source

KERNEL-11531 数据链接越权漏洞调用com.fr.invoke.ClassHelper中遍历搜索对象存在空间时间效率问题导致宕机

newui
Henry.Wang 2 years ago
parent
commit
dfb4108c7e
  1. 21
      designer-base/src/main/java/com/fr/design/mainframe/authority/AuthorityTargetObjectCollector.java
  2. 66
      designer-base/src/main/java/com/fr/design/mainframe/authority/JTemplateAuthorityChecker.java

21
designer-base/src/main/java/com/fr/design/mainframe/authority/AuthorityTargetObjectCollector.java

@ -0,0 +1,21 @@
package com.fr.design.mainframe.authority;
import com.fr.base.CloneCollector;
import java.util.ArrayList;
import java.util.List;
public class AuthorityTargetObjectCollector extends CloneCollector {
List<Object> targetObject = new ArrayList<>();
@Override
public void collect(Object object) {
targetObject.add(object);
}
public List<Object> getTargetObject() {
return targetObject;
}
}

66
designer-base/src/main/java/com/fr/design/mainframe/authority/JTemplateAuthorityChecker.java

@ -1,24 +1,23 @@
package com.fr.design.mainframe.authority; package com.fr.design.mainframe.authority;
import com.fr.base.CloneCollector;
import com.fr.design.dialog.FineJOptionPane; import com.fr.design.dialog.FineJOptionPane;
import com.fr.design.i18n.Toolkit; import com.fr.design.i18n.Toolkit;
import com.fr.design.mainframe.DesignerContext; import com.fr.design.mainframe.DesignerContext;
import com.fr.design.mainframe.JTemplate; import com.fr.design.mainframe.JTemplate;
import com.fr.design.mod.ModClassFilter;
import com.fr.file.ConnectionConfig; import com.fr.file.ConnectionConfig;
import com.fr.file.TableDataConfig; import com.fr.file.TableDataConfig;
import com.fr.invoke.ClassHelper;
import com.fr.log.FineLoggerFactory; import com.fr.log.FineLoggerFactory;
import com.fr.stable.Filter;
import com.fr.workspace.WorkContext; import com.fr.workspace.WorkContext;
import com.fr.workspace.server.authority.user.UserAuthority; import com.fr.workspace.server.authority.user.UserAuthority;
import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -77,33 +76,43 @@ public class JTemplateAuthorityChecker {
public boolean isAuthority() { public boolean isAuthority() {
long s = System.currentTimeMillis(); long s = System.currentTimeMillis();
//遍历模板对象,根据checkerMap.keySet()把感兴趣的对象找出来 List<Object> targetObjects = getTargetObjects();
Map<String, Collection<Object>> targetObjects = ClassHelper.searchObject(jTemplate.getTarget(), checkerMap.keySet(), ClassFilter.getInstance());
//找到对应的checker,对对象进行检查 //找到对应的checker,对对象进行检查
for (String name : targetObjects.keySet()) { for (Object targetObject : targetObjects) {
String name = targetObject.getClass().getName();
ElementAuthorityChecker checker = checkerMap.get(name); ElementAuthorityChecker checker = checkerMap.get(name);
for (Object object : targetObjects.get(name)) {
if (authConnectionNames != null) { if (authConnectionNames != null) {
Set<String> noAuthName = checker.getNoAuthConnectionNames(object, authConnectionNames); Set<String> noAuthName = checker.getNoAuthConnectionNames(targetObject, authConnectionNames);
if (noAuthName != null) { if (noAuthName != null) {
authFailConnectionNames.addAll(noAuthName); authFailConnectionNames.addAll(noAuthName);
} }
} }
if (authDatasetNames != null) { if (authDatasetNames != null) {
Set<String> noAuthName = checker.getNoAuthDatasetNames(object, authDatasetNames); Set<String> noAuthName = checker.getNoAuthDatasetNames(targetObject, authDatasetNames);
if (noAuthName != null) { if (noAuthName != null) {
authFailDatasetNames.addAll(noAuthName); authFailDatasetNames.addAll(noAuthName);
} }
} }
} }
}
authFailConnectionNames.retainAll(allConnectionNames); authFailConnectionNames.retainAll(allConnectionNames);
authFailDatasetNames.retainAll(allDatasetNames); authFailDatasetNames.retainAll(allDatasetNames);
FineLoggerFactory.getLogger().info("JTemplateAuthorityChecker check time consume:" + (System.currentTimeMillis() - s)); FineLoggerFactory.getLogger().info("JTemplateAuthorityChecker check time consume:" + (System.currentTimeMillis() - s));
return authFailConnectionNames.size() == 0 && authFailDatasetNames.size() == 0; return authFailConnectionNames.size() == 0 && authFailDatasetNames.size() == 0;
} }
private List<Object> getTargetObjects() {
AuthorityTargetObjectCollector authorityTargetObjectCollector = new AuthorityTargetObjectCollector();
CloneCollector.setCollector(authorityTargetObjectCollector);
try {
jTemplate.getTarget().clone();
} catch (Exception ignore) {
}
List<Object> targetObjects = authorityTargetObjectCollector.getTargetObject();
CloneCollector.clearCollector();
return targetObjects;
}
public void showAuthorityFailPromptDialog() { public void showAuthorityFailPromptDialog() {
StringBuffer stringBuffer = new StringBuffer(); StringBuffer stringBuffer = new StringBuffer();
stringBuffer.append(Toolkit.i18nText("Fine-Design-Basic_Save_Failure")); stringBuffer.append(Toolkit.i18nText("Fine-Design-Basic_Save_Failure"));
@ -151,38 +160,5 @@ public class JTemplateAuthorityChecker {
return stringBuffer.toString(); return stringBuffer.toString();
} }
static class ClassFilter implements Filter<String> {
private static final Set<String> FILTER_SET = new HashSet<>();
private static final Set<String> START_WITH_SET = new HashSet<>();
private static final Filter<String> INSTANCE = new ModClassFilter();
public static Filter<String> getInstance() {
return INSTANCE;
}
static {
FILTER_SET.add("java.awt.image.BufferedImage");
FILTER_SET.add("sun.awt.AppContext");
FILTER_SET.add("com.fr.poly.creator.ECBlockCreator");
FILTER_SET.add("io.netty.channel.nio.SelectedSelectionKeySet");
FILTER_SET.add("com.fr.form.ui.ElementCaseImage");
FILTER_SET.add("this$0");
START_WITH_SET.add("com.fr.design");
}
@Override
public boolean accept(String s) {
if (FILTER_SET.contains(s)) {
return true;
}
for (String start : START_WITH_SET) {
if (s.startsWith(start)) {
return true;
}
}
return false;
}
}
} }

Loading…
Cancel
Save