|
|
@ -26,8 +26,11 @@ import org.apache.commons.collections4.MapUtils; |
|
|
|
|
|
|
|
|
|
|
|
import java.text.MessageFormat; |
|
|
|
import java.text.MessageFormat; |
|
|
|
import java.util.Map; |
|
|
|
import java.util.Map; |
|
|
|
|
|
|
|
import java.util.Set; |
|
|
|
import java.util.regex.Pattern; |
|
|
|
import java.util.regex.Pattern; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
import com.google.common.collect.Sets; |
|
|
|
|
|
|
|
|
|
|
|
public abstract class AbstractDataSourceProcessor implements DataSourceProcessor { |
|
|
|
public abstract class AbstractDataSourceProcessor implements DataSourceProcessor { |
|
|
|
|
|
|
|
|
|
|
|
private static final Pattern IPV4_PATTERN = Pattern.compile("^[a-zA-Z0-9\\_\\-\\.\\,]+$"); |
|
|
|
private static final Pattern IPV4_PATTERN = Pattern.compile("^[a-zA-Z0-9\\_\\-\\.\\,]+$"); |
|
|
@ -38,6 +41,8 @@ public abstract class AbstractDataSourceProcessor implements DataSourceProcessor |
|
|
|
|
|
|
|
|
|
|
|
private static final Pattern PARAMS_PATTER = Pattern.compile("^[a-zA-Z0-9\\-\\_\\/\\@\\.]+$"); |
|
|
|
private static final Pattern PARAMS_PATTER = Pattern.compile("^[a-zA-Z0-9\\-\\_\\/\\@\\.]+$"); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static final Set<String> POSSIBLE_MALICIOUS_KEYS = Sets.newHashSet("allowLoadLocalInfile"); |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public void checkDatasourceParam(BaseDataSourceParamDTO baseDataSourceParamDTO) { |
|
|
|
public void checkDatasourceParam(BaseDataSourceParamDTO baseDataSourceParamDTO) { |
|
|
|
checkHost(baseDataSourceParamDTO.getHost()); |
|
|
|
checkHost(baseDataSourceParamDTO.getHost()); |
|
|
@ -76,6 +81,9 @@ public abstract class AbstractDataSourceProcessor implements DataSourceProcessor |
|
|
|
if (MapUtils.isEmpty(other)) { |
|
|
|
if (MapUtils.isEmpty(other)) { |
|
|
|
return; |
|
|
|
return; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (!Sets.intersection(other.keySet(), POSSIBLE_MALICIOUS_KEYS).isEmpty()) { |
|
|
|
|
|
|
|
throw new IllegalArgumentException("Other params include possible malicious keys."); |
|
|
|
|
|
|
|
} |
|
|
|
boolean paramsCheck = other.entrySet().stream().allMatch(p -> PARAMS_PATTER.matcher(p.getValue()).matches()); |
|
|
|
boolean paramsCheck = other.entrySet().stream().allMatch(p -> PARAMS_PATTER.matcher(p.getValue()).matches()); |
|
|
|
if (!paramsCheck) { |
|
|
|
if (!paramsCheck) { |
|
|
|
throw new IllegalArgumentException("datasource other params illegal"); |
|
|
|
throw new IllegalArgumentException("datasource other params illegal"); |
|
|
@ -85,6 +93,7 @@ public abstract class AbstractDataSourceProcessor implements DataSourceProcessor |
|
|
|
@Override |
|
|
|
@Override |
|
|
|
public String getDatasourceUniqueId(ConnectionParam connectionParam, DbType dbType) { |
|
|
|
public String getDatasourceUniqueId(ConnectionParam connectionParam, DbType dbType) { |
|
|
|
BaseConnectionParam baseConnectionParam = (BaseConnectionParam) connectionParam; |
|
|
|
BaseConnectionParam baseConnectionParam = (BaseConnectionParam) connectionParam; |
|
|
|
return MessageFormat.format("{0}@{1}@{2}@{3}", dbType.getDescp(), baseConnectionParam.getUser(), PasswordUtils.encodePassword(baseConnectionParam.getPassword()), baseConnectionParam.getJdbcUrl()); |
|
|
|
return MessageFormat.format("{0}@{1}@{2}@{3}", dbType.getDescp(), baseConnectionParam.getUser(), |
|
|
|
|
|
|
|
PasswordUtils.encodePassword(baseConnectionParam.getPassword()), baseConnectionParam.getJdbcUrl()); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|