高危漏洞修复

6eec98c3 · 罗胜 · 75185be9 · 6eec98c3 · 6eec98c3 · 6eec98c3
Commit 6eec98c3 authored Aug 30, 2024 by 罗胜
11 changed files
--- a/resources/esdk_ec_config.properties
+++ b/resources/esdk_ec_config.properties
@@ -6,7 +6,6 @@ username=f387adfd9ac040d78061c890ead8e215
 #username=esdk_user

 #connection user password
-#password=Huawei@123
 password=c49bc828b17297f1dbcfd394c7835dc6

 #gwIp

--- a/resources/jdbc.properties
+++ b/resources/jdbc.properties
@@ -4,8 +4,6 @@ jdbc.type=mysql
 jdbc.driver.class=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
 jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
-#jdbc.username=sms_develop
-#jdbc.password=Develop2018!@#
 jdbc.password=33c9745f057ba48a41d8043f1a007100
 #\u521d\u59cb\u5316\u8fde\u63a5
 jdbc.initialSize=0

--- a/src/com/ejweb/core/conf/GConstants.java
+++ b/src/com/ejweb/core/conf/GConstants.java
@@ -127,6 +127,9 @@ public class GConstants {
        Resource resource = null;
        for (String location : resources) {// 加载配置文件
            try {
+                if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
+                    continue;
+                }
                resourceLoader = new DefaultResourceLoader();
                resource = resourceLoader.getResource(location);
                is = resource.getInputStream();
@@ -213,7 +216,7 @@ public class GConstants {
     * @return
     */
    public static String getValue(String key) {
-        if(StrUtil.contains(key, "/")||StrUtil.contains(key, "\\")){
+        if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
            return null;
        }
        if (key == null)
@@ -222,7 +225,7 @@ public class GConstants {
            return P.getProperty(key);
        }
        String property = System.getProperty(key);
-        if (StrUtil.isBlank(property)) {
+        if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
            return null;
        }
        return property;

--- a/src/com/ejweb/core/file/Html2File.java
+++ b/src/com/ejweb/core/file/Html2File.java
@@ -100,8 +100,11 @@ public class Html2File {
 //            String md5 = DigestUtils.md5Hex(buf);
            String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
            // 上传文件基本地址
-            File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR,
-                    baseDir);
+            String path = GConstants.FILE_UPLOAD_DIR + baseDir;
+            if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
+                throw new RuntimeException("文件路径非法");
+            }
+            File baseUploadDir = new File(path);
            if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
                
                baseUploadDir.mkdirs();

--- a/src/com/ejweb/core/geoip/IPSeeker.java
+++ b/src/com/ejweb/core/geoip/IPSeeker.java
@@ -14,6 +14,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;

+import cn.hutool.core.util.StrUtil;
 import org.apache.log4j.Logger;
 import org.geo.split.RegionEntity;
 import org.geo.split.RegionSplit;
@@ -78,8 +79,11 @@ public final class IPSeeker {
                    dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
                }
            }
-
-            File db = new File(dir+"QQWry.dat");
+            String path = dir + "QQWry.dat";
+            if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
+                throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
+            }
+            File db = new File(path);
            LOG.info("加载QQWry.dat数据："+db.getAbsolutePath());
            if(db.exists()){
                this.ipFile = new RandomAccessFile(db, "r");
@@ -98,7 +102,11 @@ public final class IPSeeker {
            e.printStackTrace();
        }
        try {
-            File db = new File(dir+"GeoLite2-City.mmdb");
+            String path = dir + "GeoLite2-City.mmdb";
+            if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
+                return ;
+            }
+            File db = new File(path);
            LOG.info("加载GeoLite2-City.mmdb数据："+db.getAbsolutePath());
            if(db.exists()){
                reader = new DatabaseReader.Builder(db).build();

--- a/src/com/ejweb/core/util/ImageUtil.java
+++ b/src/com/ejweb/core/util/ImageUtil.java
@@ -145,7 +145,11 @@ public final class ImageUtil {
            src = FileManipulation.validateFile(src);
            File srcfile = new File(src);
            if (!srcfile.exists()) {
-                srcfile = new File(GConstants.FILE_UPLOAD_DIR + src);
+                String path = GConstants.FILE_UPLOAD_DIR + src;
+                if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
+                    return null;
+                }
+                srcfile = new File(path);
                if (!srcfile.exists()) {
 //                    System.out.println("文件不存在");
                    return null;
@@ -233,8 +237,11 @@ public final class ImageUtil {
                    bufferedImages.add(ImageUtil.resize(paths.get(i), 100, 100, true));
                    realPaths.add(paths.get(i));
                } else {
-
-                    f = new File(GConstants.FILE_UPLOAD_DIR + paths.get(i));
+                    String path1 = GConstants.FILE_UPLOAD_DIR + paths.get(i);
+                    f = new File(path1);
+                    if (StrUtil.contains(path1, "../")||StrUtil.contains(path1, "..\\")) {
+                        continue;
+                    }
                    if (f.exists()) {
                        j++;
                        realPaths.add(GConstants.FILE_UPLOAD_DIR + paths.get(i));
@@ -315,7 +322,11 @@ public final class ImageUtil {
            if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
                return null;
            }
-            File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
+            String path = GConstants.FILE_UPLOAD_DIR + baseDatePath;
+            if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
+                return null;
+            }
+            File baseUploadDir = new File(path);
            if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建

                baseUploadDir.mkdirs();

--- a/src/com/ejweb/core/util/PlanUtil.java
+++ b/src/com/ejweb/core/util/PlanUtil.java
@@ -37,12 +37,12 @@ public class PlanUtil {
    public static  List<ConnectionPlan> planlist(String fileName,String filePath){
        //读取文件  
        try {
-            if (StrUtil.contains(filePath, "../")||StrUtil.contains(filePath, "..\\")||
-                    StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
-                return null;
-            }
+
            //获取目标文件的绝对路径  
            String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
+            if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
+                return null;
+            }
            InputStream in = null;
         in = new FileInputStream(fullFileName);
         ImportExcel ei = new ImportExcel(fileName,in, 1, 0);

--- a/src/com/ejweb/core/util/ireport/JRView.java
+++ b/src/com/ejweb/core/util/ireport/JRView.java
 package com.ejweb.core.util.ireport;
+import cn.hutool.core.util.StrUtil;
 import net.sf.jasperreports.engine.JasperPrint;
 import net.sf.jasperreports.engine.JasperReport;
 import org.springframework.core.io.Resource;
@@ -85,7 +86,11 @@ public class JRView extends JasperReportsMultiFormatView {

                @Override
                public InputStream getInputStream() throws IOException {
-                    return new FileInputStream(String.valueOf(model.get("url")));
+                    String url = String.valueOf(model.get("url"));
+                    if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
+                        throw new RuntimeException("文件路径不合法");
+                    }
+                    return new FileInputStream(url);
                }
            });
        }

--- a/src/com/ejweb/modules/upload/api/UploadController.java
+++ b/src/com/ejweb/modules/upload/api/UploadController.java
@@ -307,8 +307,11 @@ public class UploadController {
            // 设置Content-Disposition
            response.setHeader("Content-Disposition", "attachment; filename=\"" + downloadFileName + "\"");
            // 获取目标文件的绝对路径
-//            String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
-            File downloadFile = new File(GConstants.FILE_UPLOAD_DIR, bean.getPath());
+            String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
+            if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")) {
+                throw new RuntimeException("文件路径异常!");
+            }
+            File downloadFile = new File(fullFileName);
            LOG.error("文件下载地址：" + downloadFile.getAbsolutePath());
            System.out.println("文件下载地址：" + downloadFile.getAbsolutePath());
            // 读取文件
@@ -420,16 +423,19 @@ public class UploadController {
            directory.createDocument("WordDocument", bais);

            // 文件保存地址
-            File uploadFilePath = new File(GConstants.FILE_UPLOAD_DIR, filePath);
+            String path = GConstants.FILE_UPLOAD_DIR + filePath;
+            if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
+                throw new RuntimeException("文件路径非法");
+            }
+            File uploadFilePath = new File(path);
            if (uploadFilePath.exists()) {
                return responseBean;
            }
-
-            if (StrUtil.contains(filePath,"../")||StrUtil.contains(filePath,"..\\")
-                    ||StrUtil.contains(fileDir,"../")||StrUtil.contains(fileDir,"..\\")) {
+            String path = GConstants.FILE_UPLOAD_DIR + fileDir;
+            if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
                throw new RuntimeException("文件路径非法");
            }
-            File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, fileDir);
+            File baseUploadDir = new File(path);
            if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
                baseUploadDir.mkdirs();
            }

--- a/src/com/ejweb/modules/upload/service/UploadService.java
+++ b/src/com/ejweb/modules/upload/service/UploadService.java
@@ -356,7 +356,11 @@ public class UploadService extends BaseService<UploadDao>{
            }
            String basePath     = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
            // 上传文件基本地址
-            File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath);
+            String path = GConstants.FILE_UPLOAD_DIR + baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath;
+            if(StrUtil.contains(path,"../")||StrUtil.contains(path, "..\\")) {
+                throw new RuntimeException("文件路径不正确");
+            }
+            File baseUploadDir = new File(path);
            if(!baseUploadDir.exists()){// 如果文件夹不存在则创建
                baseUploadDir.mkdirs();
            }
@@ -374,7 +378,11 @@ public class UploadService extends BaseService<UploadDao>{
 //                    +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
            
            // 文件保存地址
-            File uploadFilePath = new File(baseUploadDir, md5);
+            String path2 = baseUploadDir + md5;
+            if(StrUtil.contains(path2,"../")||StrUtil.contains(path2, "..\\")) {
+                throw new RuntimeException("文件路径不正确");
+            }
+            File uploadFilePath = new File(path2);
            LOG.info("原文件服务器绝对路径："+uploadFilePath);
            // 将数据保存到指定文件
            os = new FileOutputStream(uploadFilePath);
@@ -396,9 +404,12 @@ public class UploadService extends BaseService<UploadDao>{
                        int with   = GConstants.getIntValue("file.image.thumb.width", 640);
                        int height = GConstants.getIntValue("file.image.thumb.height", 640);
                        if(image.getWidth()>with || image.getHeight()>height){
-                            
-                            File baseUploadThumbsDir = new File(GConstants.FILE_UPLOAD_DIR, 
-                                    baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath);
+                            String path1 = GConstants.FILE_UPLOAD_DIR +
+                                    baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_THUMBS + GConstants.FS + basePath;
+                            if (StrUtil.contains(path1,"../")||StrUtil.contains(path1, "..\\")) {
+                                throw new RuntimeException("文件路径不正确");
+                            }
+                            File baseUploadThumbsDir = new File(path1);
                            if(!baseUploadThumbsDir.exists()){// 如果文件夹不存在则创建
                                baseUploadThumbsDir.mkdirs();
                            }

--- a/src/com/ejweb/modules/verify/api/AirlineVerifyController.java
+++ b/src/com/ejweb/modules/verify/api/AirlineVerifyController.java
@@ -737,7 +737,10 @@ public class AirlineVerifyController {
            response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
            //获取目标文件的绝对路径
            String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
+            if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
+                throw new RuntimeException("文件名包含非法字符");

+            }
            //读取文件
            in = new FileInputStream(fullFileName);
            out = response.getOutputStream();