From 88032fe16b6e2eba993bc838b70a0282c3c1329e Mon Sep 17 00:00:00 2001
From: wangjiahao <1522128093@qq.com>
Date: Tue, 9 Jun 2026 14:08:06 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E3=80=90=E6=BC=8F=E6=B4=9E=E3=80=91Exce?=
 =?UTF-8?q?lWatermarkUtils=20=E8=B5=84=E6=BA=90=E6=B3=A8=E5=85=A5=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

对 IP 输入进行正则白名单校验，限制仅允许合法 IPv4/IPv6 格式；
对水印文本长度和图片尺寸增加上限约束，防止资源耗尽攻击。
---
 .../commons/utils/ExcelWatermarkUtils.java     | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/core/core-backend/src/main/java/io/dataease/commons/utils/ExcelWatermarkUtils.java b/core/core-backend/src/main/java/io/dataease/commons/utils/ExcelWatermarkUtils.java
index a11cdddfa6..2a8bc193a7 100644
--- a/core/core-backend/src/main/java/io/dataease/commons/utils/ExcelWatermarkUtils.java
+++ b/core/core-backend/src/main/java/io/dataease/commons/utils/ExcelWatermarkUtils.java
@@ -16,10 +16,17 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
+import java.util.regex.Pattern;
 
 public class ExcelWatermarkUtils {
     private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
 
+    private static final int MAX_TEXT_LENGTH = 100;
+    private static final int MAX_IMAGE_WIDTH = 4096;
+    private static final int MAX_IMAGE_HEIGHT = 4096;
+    private static final Pattern IP_PATTERN = Pattern.compile(
+            "^([0-9]{1,3}\\.){3}[0-9]{1,3}$|^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$");
+
 
     public static String transContent(WatermarkContentDTO watermarkContent, UserFormVO userInfo) {
         String content = "";
@@ -31,7 +38,11 @@ public class ExcelWatermarkUtils {
             default -> content = "${username}";
         }
         String nickName = userInfo.getName().contains("i18n_") ?Translator.get(userInfo.getName()):userInfo.getName();
-        content = content.replaceAll("\\$\\{ip}", IPUtils.get() == null ? "127.0.0.1" : IPUtils.get());
+        String ip = IPUtils.get();
+        if (ip == null || !IP_PATTERN.matcher(ip.trim()).matches()) {
+            ip = "127.0.0.1";
+        }
+        content = content.replaceAll("\\$\\{ip}", ip);
         content = content.replaceAll("\\$\\{username}", userInfo.getAccount());
         content = content.replaceAll("\\$\\{nickName}", nickName);
         content = content.replaceAll("\\$\\{time}", sdf.format(new Date()));
@@ -89,9 +100,14 @@ public class ExcelWatermarkUtils {
     }
 
     public static byte[] createTextImage(String text, WatermarkContentDTO watermarkContent) {
+        if (text.length() > MAX_TEXT_LENGTH) {
+            text = text.substring(0, MAX_TEXT_LENGTH);
+        }
         double radians = Math.toRadians(15);// 15度偏转
         int width = watermarkContent.getWatermark_fontsize() * text.length();
         int height = (int) Math.round(watermarkContent.getWatermark_fontsize() + width * Math.sin(radians));
+        width = Math.min(width, MAX_IMAGE_WIDTH);
+        height = Math.min(height, MAX_IMAGE_HEIGHT);
         int fontSize = watermarkContent.getWatermark_fontsize();
         Color baseColor = Color.decode(watermarkContent.getWatermark_color());