public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-06-11 15:56:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

sqlInjection & style

Browse Source 
sqlInjection & style
This commit is contained in:
Crystal.Sea
2020-12-14 23:43:34 +08:00
parent fb8adb82d8
commit 64bed39ee9
22 changed files with 121 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
maxkey-core/src/main/java/org/maxkey/util/StringUtils.java
View File

@@ -518,4 +518,33 @@ public final class StringUtils {
return flag;
}
public static ArrayList<String> sqlInjection = null;
static{
sqlInjection = new ArrayList<String>();
sqlInjection.add("--");
sqlInjection.add(";");
sqlInjection.add("/");
sqlInjection.add("\\");
sqlInjection.add("#");
sqlInjection.add("drop");
sqlInjection.add("create");
sqlInjection.add("delete");
sqlInjection.add("alter");
sqlInjection.add("truncate");
sqlInjection.add("update");
sqlInjection.add("insert");
sqlInjection.add("and");
sqlInjection.add("or");
}
public static boolean filtersSQLInjection(String filters) {
for(String s : sqlInjection) {
if(filters.indexOf(s)>-1) {
return true;
}
}
return false;
}
}

17
maxkey-persistence/src/main/java/org/maxkey/persistence/service/GroupsService.java
View File

@@ -22,13 +22,16 @@ import java.util.List;
import org.apache.mybatis.jpa.persistence.JpaBaseService;
import org.maxkey.domain.Groups;
import org.maxkey.persistence.mapper.GroupsMapper;
import org.maxkey.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@Service
public class GroupsService extends JpaBaseService<Groups>{
final static Logger _logger = LoggerFactory.getLogger(GroupsService.class);
@Autowired
@Qualifier("groupMemberService")
GroupMemberService groupMemberService;
@@ -62,10 +65,22 @@ public class GroupsService extends JpaBaseService<Groups>{
if(dynamicGroup.getOrgIdsList()!=null && !dynamicGroup.getOrgIdsList().equals("")) {
dynamicGroup.setOrgIdsList("'"+dynamicGroup.getOrgIdsList().replace(",", "','")+"'");
}
String filters = dynamicGroup.getFilters();
if(StringUtils.filtersSQLInjection(filters.toLowerCase())) {
_logger.info("filters include SQL Injection Attack Risk.");
return;
}
filters = filters.replace("&", " AND ");
filters = filters.replace("|", " OR ");
dynamicGroup.setFilters(filters);
groupMemberService.deleteDynamicGroupMember(dynamicGroup);
groupMemberService.addDynamicGroupMember(dynamicGroup);
}
}
}

17
maxkey-persistence/src/main/java/org/maxkey/persistence/service/RolesService.java
View File

@@ -23,13 +23,17 @@ import org.apache.mybatis.jpa.persistence.JpaBaseService;
import org.maxkey.domain.RolePermissions;
import org.maxkey.domain.Roles;
import org.maxkey.persistence.mapper.RolesMapper;
import org.maxkey.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@Service
public class RolesService extends JpaBaseService<Roles>{
final static Logger _logger = LoggerFactory.getLogger(RolesService.class);
@Autowired
@Qualifier("roleMemberService")
RoleMemberService roleMemberService;
@@ -74,6 +78,17 @@ public class RolesService extends JpaBaseService<Roles>{
dynamicRole.setOrgIdsList("'"+dynamicRole.getOrgIdsList().replace(",", "','")+"'");
}
String filters = dynamicRole.getFilters();
if(StringUtils.filtersSQLInjection(filters.toLowerCase())) {
_logger.info("filters include SQL Injection Attack Risk.");
return;
}
filters = filters.replace("&", " AND ");
filters = filters.replace("|", " OR ");
dynamicRole.setFilters(filters);
roleMemberService.deleteDynamicRoleMember(dynamicRole);
roleMemberService.addDynamicRoleMember(dynamicRole);
}

6
maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/GroupMemberMapper.xml
View File

@@ -227,7 +227,7 @@
AND GM.TYPE='USER-DYNAMIC'
)
<if test="filters != null and filters != ''">
${filters}
AND (${filters})
</if>
<if test="orgIdsList != null and orgIdsList != ''">
AND U.DEPARTMENTID IN( ${orgIdsList})
@@ -244,10 +244,10 @@
WHERE 1 = 1
AND U.ID=GM.MEMBERID
<if test="filters != null and filters != ''">
${filters}
AND (${filters})
</if>
<if test="orgIdsList != null and orgIdsList != ''">
AND U.DEPARTMENTID IN( ${orgIdsList})
AND U.DEPARTMENTID IN ( ${orgIdsList})
</if>
)
</delete>

8
maxkey-web-manage/src/main/resources/static/css/base.css
View File

@@ -148,7 +148,7 @@ header .header-container .nav-left>li, .header .header-container .nav-right>li {
}
.page-container .main-content {
padding: calc(50px + 35px) 15px 15px;
padding: calc(35px + 35px) 15px 15px;
min-height: calc(100vh - 65px);
background: #e6e8ea;
width: 100%;
@@ -178,13 +178,17 @@ header .header-container .nav-left>li, .header .header-container .nav-right>li {
}
.breadcrumb-wrapper {
margin-bottom: 20px;
margin-bottom: 10px;
display: flex;
-webkit-box-align: center;
-ms-flex-align: center;
align-items: center;
}
.content-wrapper {
padding-top: 15px;
}
.breadcrumb-wrapper .breadcrumb li {
display: inline-block;
font-size: 14px;

3
maxkey-web-manage/src/main/resources/templates/views/accounts/appAccountsList.ftl
View File

@@ -33,7 +33,7 @@
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -113,6 +113,7 @@
</table>
</div>
</div>
</div>
</div>
<footer class="content-footer">

2
maxkey-web-manage/src/main/resources/templates/views/apps/appsList.ftl
View File

@@ -111,6 +111,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -209,6 +210,7 @@
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>

2
maxkey-web-manage/src/main/resources/templates/views/config/passwordpolicy/passwordpolicy.ftl
View File

@@ -57,6 +57,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-header border-bottom">
@@ -241,6 +242,7 @@
</div>
</div>
</div>
</div>
<footer class="content-footer">
<#include "../../layout/footer.ftl"/>
</footer>

3
maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl
View File

@@ -58,6 +58,7 @@
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -140,7 +141,7 @@
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>
</div>
</div>
</div>

2
maxkey-web-manage/src/main/resources/templates/views/groups/groupsList.ftl
View File

@@ -37,6 +37,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -113,6 +114,7 @@
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>

3
maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl
View File

@@ -57,6 +57,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -151,7 +152,7 @@
</footer>
</div>
</div>
</div>
</div>

26
maxkey-web-manage/src/main/resources/templates/views/layout/top.ftl
View File

@@ -11,28 +11,22 @@
<@locale code="global.application"/>
</ul>
<ul class="nav-right">
<li style="font-size: 18px; margin-top: 10px;">
<@locale code="global.text.welcome"/><b>
<li style="font-size: 16px; margin-top: 10px;">
<@locale code="global.text.welcome"/>:<b>
<#if Session["current_user"]?exists>
${Session["current_user"].displayName}
${Session["current_user"].displayName}
(${Session["current_user"].username})
</#if>
(
<#if Session["current_user"]?exists>
${Session["current_user"].username}
</#if>
)&nbsp;&nbsp;</b>
&nbsp;</b>
</li>
<li class="scale-left">
<a class="sidenav-fold-toggler" href="javascript:void(0);">
<img src="<@base/>/static/images/menu-left.png" alt="" style="width: 30px; height: 40px; padding-top: 10px;">
<li class="scale-left" style="margin-top: 5px;">
<a class="sidenav-fold-toggler" href="javascript:void(0);" >
<i class="fa fa-bars fa-2x" aria-hidden="true" style="border:0px"></i>
</a>
</li>
<li class="scale-left">
&nbsp;
</li>
<li class="scale-left">
<li class="scale-left" style="font-size: 18px; margin-top: 5px;">
<a href="<@base/>/logout?reLoginUrl=login">
<IMG SRC="<@base/>/static/images/exit4.png" alt="Exit" style="width: 40px; height: 45px; padding-top: 8px;">
<i class="fa fa-sign-out fa-2x" aria-hidden="true" style="border:0px;color:#e22a6f"></i>
</a>
</li>
</ul>

3
maxkey-web-manage/src/main/resources/templates/views/logs/loginAppsHistoryList.ftl
View File

@@ -37,7 +37,7 @@
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -121,6 +121,7 @@
</table>
</div>
</div>
</div>
</div>
<footer class="content-footer">

3
maxkey-web-manage/src/main/resources/templates/views/logs/loginHistoryList.ftl
View File

@@ -37,7 +37,7 @@
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -130,6 +130,7 @@
</table>
</div>
</div>
</div>
</div>
<footer class="content-footer">

3
maxkey-web-manage/src/main/resources/templates/views/logs/logsList.ftl
View File

@@ -37,7 +37,7 @@
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -124,6 +124,7 @@
</table>
</div>
</div>
</div>
</div>
<footer class="content-footer">

18
maxkey-web-manage/src/main/resources/templates/views/main.ftl
View File

@@ -41,10 +41,10 @@
</div>
<div class="container-fluid">
<div class="row">
<div class="row" style="height:115px; padding-top: 10px;">
<div class="col-lg-3 col-md-6 col-xs-12">
<div class="info-box bg-primary">
<div class="icon-box">
<div class="card text-white bg-primary">
<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
<i class="lni-home"></i>
</div>
<div class="info-box-content">
@@ -54,8 +54,8 @@
</div>
</div>
<div class="col-lg-3 col-md-6 col-xs-12">
<div class="info-box bg-success">
<div class="icon-box">
<div class="card text-white bg-info">
<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
<i class="lni-tag"></i>
</div>
<div class="info-box-content">
@@ -65,8 +65,8 @@
</div>
</div>
<div class="col-lg-3 col-md-6 col-xs-12">
<div class="info-box bg-info">
<div class="icon-box">
<div class="card text-white bg-warning">
<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
<i class="lni-cart"></i>
</div>
<div class="info-box-content">
@@ -76,8 +76,8 @@
</div>
</div>
<div class="col-lg-3 col-md-6 col-xs-12">
<div class="info-box bg-purple">
<div class="icon-box">
<div class="card text-white bg-danger">
<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
<i class="lni-wallet"></i>
</div>
<div class="info-box-content">

5
maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl
View File

@@ -163,7 +163,7 @@ $(function () {
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -249,10 +249,11 @@ $(function () {
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>
</div>
</div>
</div>

2
maxkey-web-manage/src/main/resources/templates/views/permissions/permissionsList.ftl
View File

@@ -232,6 +232,7 @@ $('#datagrid').on('click-row.bs.table', function (row, element, field) {
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -314,6 +315,7 @@ $('#datagrid').on('click-row.bs.table', function (row, element, field) {
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>

3
maxkey-web-manage/src/main/resources/templates/views/resources/resourcesList.ftl
View File

@@ -163,6 +163,7 @@ $(function () {
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -254,12 +255,12 @@ $(function () {
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>
</div>
</div>
</div>

3
maxkey-web-manage/src/main/resources/templates/views/roles/rolesList.ftl
View File

@@ -36,6 +36,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -112,10 +113,10 @@
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>
</div>
</div>

4
maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl
View File

@@ -57,6 +57,7 @@
</div>
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -146,10 +147,11 @@
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>
</div>
</div>
</div>

3
maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl
View File

@@ -177,7 +177,7 @@ $(function () {
</div>
<div class="container-fluid">
<div class="content-wrapper row">
<div class="col-12 grid-margin">
<div class="card">
<div class="card-body">
@@ -292,6 +292,7 @@ $(function () {
</div>
</div>
</div>
<footer class="content-footer">
<#include "../layout/footer.ftl"/>
</footer>