From 10b37b1a80dfc17882cff9f6685444b48a006bcf Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 14 十二月 2021 12:16:01 +0800
Subject: [PATCH] 升级log4j2到安全版本,防止漏洞风险
---
src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java | 28 ++++++++++++++++++++++------
1 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java b/src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java
index 77d1b99..fde6fd9 100644
--- a/src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java
+++ b/src/main/java/com/ruoyi/project/monitor/controller/SysJobController.java
@@ -1,6 +1,7 @@
package com.ruoyi.project.monitor.controller;
import java.util.List;
+import javax.servlet.http.HttpServletResponse;
import org.quartz.SchedulerException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -14,7 +15,6 @@
import org.springframework.web.bind.annotation.RestController;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.exception.job.TaskException;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.job.CronUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
@@ -55,12 +55,12 @@
*/
@PreAuthorize("@ss.hasPermi('monitor:job:export')")
@Log(title = "瀹氭椂浠诲姟", businessType = BusinessType.EXPORT)
- @GetMapping("/export")
- public AjaxResult export(SysJob sysJob)
+ @PostMapping("/export")
+ public void export(HttpServletResponse response, SysJob sysJob)
{
List<SysJob> list = jobService.selectJobList(sysJob);
ExcelUtil<SysJob> util = new ExcelUtil<SysJob>(SysJob.class);
- return util.exportExcel(list, "瀹氭椂浠诲姟");
+ util.exportExcel(response, list, "瀹氭椂浠诲姟");
}
/**
@@ -89,11 +89,19 @@
{
return error("鏂板浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'rmi://'璋冪敤");
}
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+ {
+ return error("鏂板浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'ldap://'璋冪敤");
+ }
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
{
return error("鏂板浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'http(s)//'璋冪敤");
}
- job.setCreateBy(SecurityUtils.getUsername());
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+ {
+ return error("鏂板浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆瀛樺湪杩濊");
+ }
+ job.setCreateBy(getUsername());
return toAjax(jobService.insertJob(job));
}
@@ -113,11 +121,19 @@
{
return error("淇敼浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'rmi://'璋冪敤");
}
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+ {
+ return error("淇敼浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'ldap://'璋冪敤");
+ }
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
{
return error("淇敼浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆涓嶅厑璁�'http(s)//'璋冪敤");
}
- job.setUpdateBy(SecurityUtils.getUsername());
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+ {
+ return error("淇敼浠诲姟'" + job.getJobName() + "'澶辫触锛岀洰鏍囧瓧绗︿覆瀛樺湪杩濊");
+ }
+ job.setUpdateBy(getUsername());
return toAjax(jobService.updateJob(job));
}
--
Gitblit v1.9.3