Browse Source

[Improvement] Abnormal characters check (#15824)

* abnormal characters check

* add test case

* remove error log

* fix code style

* fix import
3.2.2-release-bak
BaiJv 7 months ago committed by GitHub
parent
commit
e5e7749251
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 5
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
  2. 10
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
  3. 20
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
  4. 5
      dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java

5
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java

@ -17,6 +17,7 @@
package org.apache.dolphinscheduler.api.service.impl; package org.apache.dolphinscheduler.api.service.impl;
import static org.apache.dolphinscheduler.api.utils.CheckUtils.checkFilePath;
import static org.apache.dolphinscheduler.common.constants.Constants.ALIAS; import static org.apache.dolphinscheduler.common.constants.Constants.ALIAS;
import static org.apache.dolphinscheduler.common.constants.Constants.CONTENT; import static org.apache.dolphinscheduler.common.constants.Constants.CONTENT;
import static org.apache.dolphinscheduler.common.constants.Constants.EMPTY_STRING; import static org.apache.dolphinscheduler.common.constants.Constants.EMPTY_STRING;
@ -1290,6 +1291,10 @@ public class ResourcesServiceImpl extends BaseServiceImpl implements ResourcesSe
if (FOLDER_SEPARATOR.equalsIgnoreCase(fullName)) { if (FOLDER_SEPARATOR.equalsIgnoreCase(fullName)) {
return; return;
} }
// abnormal characters check
if (!checkFilePath(fullName)) {
throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH);
}
// Avoid returning to the parent directory // Avoid returning to the parent directory
if (fullName.contains("../")) { if (fullName.contains("../")) {
throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName); throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName);

10
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java

@ -158,4 +158,14 @@ public class CheckUtils {
return pattern.matcher(str).matches(); return pattern.matcher(str).matches();
} }
/**
* regex FilePath check,only use a to z, A to Z, 0 to 9, and _./-
*
* @param str input string
* @return true if regex pattern is right, otherwise return false
*/
public static boolean checkFilePath(String str) {
return regexChecks(str, Constants.REGEX_FILE_PATH);
}
} }

20
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java

@ -92,4 +92,24 @@ public class CheckUtilsTest {
Assertions.assertTrue(CheckUtils.checkPhone("17362537263")); Assertions.assertTrue(CheckUtils.checkPhone("17362537263"));
} }
/**
* check file path
*/
@Test
public void testCheckFilePath() {
// true
Assertions.assertTrue(CheckUtils.checkFilePath("/"));
Assertions.assertTrue(CheckUtils.checkFilePath("xx/"));
Assertions.assertTrue(CheckUtils.checkFilePath("/xx"));
Assertions.assertTrue(CheckUtils.checkFilePath("14567134578654"));
Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/"));
Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/1531531..13513/153135.."));
// false
Assertions.assertFalse(CheckUtils.checkFilePath(null));
Assertions.assertFalse(CheckUtils.checkFilePath("file://xxx/ss"));
Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss;/dasd/123"));
Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss && /dasd/123"));
Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss || /dasd/123"));
}
} }

5
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java

@ -252,6 +252,11 @@ public final class Constants {
*/ */
public static final Pattern REGEX_USER_NAME = Pattern.compile("^[a-zA-Z0-9._-]{3,39}$"); public static final Pattern REGEX_USER_NAME = Pattern.compile("^[a-zA-Z0-9._-]{3,39}$");
/**
* file path regex
*/
public static final Pattern REGEX_FILE_PATH = Pattern.compile("^[a-zA-Z0-9_./-]+$");
/** /**
* read permission * read permission
*/ */

Loading…
Cancel
Save