(dolphinscheduler) branch dev updated: [Improvement] Abnormal characters check (#15824)

Thu, 11 Apr 2024 19:06:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

zihaoxiang pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new e5e7749251 [Improvement] Abnormal characters check (#15824)
e5e7749251 is described below

commit e5e77492518a198877171801c1cf484b86f852e3
Author: BaiJv <[email protected]>
AuthorDate: Fri Apr 12 10:06:32 2024 +0800

    [Improvement] Abnormal characters check (#15824)
    
    * abnormal characters check
    
    * add test case
    
    * remove error log
    
    * fix code style
    
    * fix import
---
 .../api/service/impl/ResourcesServiceImpl.java       |  5 +++++
 .../dolphinscheduler/api/utils/CheckUtils.java       | 10 ++++++++++
 .../dolphinscheduler/api/utils/CheckUtilsTest.java   | 20 ++++++++++++++++++++
 .../dolphinscheduler/common/constants/Constants.java |  5 +++++
 4 files changed, 40 insertions(+)

diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
index 6a15da17a8..1c039cdfbd 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
@@ -17,6 +17,7 @@
 
 package org.apache.dolphinscheduler.api.service.impl;
 
+import static org.apache.dolphinscheduler.api.utils.CheckUtils.checkFilePath;
 import static org.apache.dolphinscheduler.common.constants.Constants.ALIAS;
 import static org.apache.dolphinscheduler.common.constants.Constants.CONTENT;
 import static 
org.apache.dolphinscheduler.common.constants.Constants.EMPTY_STRING;
@@ -1290,6 +1291,10 @@ public class ResourcesServiceImpl extends 
BaseServiceImpl implements ResourcesSe
         if (FOLDER_SEPARATOR.equalsIgnoreCase(fullName)) {
             return;
         }
+        // abnormal characters check
+        if (!checkFilePath(fullName)) {
+            throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH);
+        }
         // Avoid returning to the parent directory
         if (fullName.contains("../")) {
             throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName);
diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
index 8b166a16dd..b394d4956c 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
@@ -158,4 +158,14 @@ public class CheckUtils {
 
         return pattern.matcher(str).matches();
     }
+
+    /**
+     * regex FilePath check,only use a to z, A to Z, 0 to 9, and _./- 
+     *
+     * @param str     input string
+     * @return true if regex pattern is right, otherwise return false
+     */
+    public static boolean checkFilePath(String str) {
+        return regexChecks(str, Constants.REGEX_FILE_PATH);
+    }
 }
diff --git 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
index bca8a69a16..da5ea88c83 100644
--- 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
+++ 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
@@ -92,4 +92,24 @@ public class CheckUtilsTest {
         Assertions.assertTrue(CheckUtils.checkPhone("17362537263"));
     }
 
+    /**
+     * check file path
+     */
+    @Test
+    public void testCheckFilePath() {
+        // true
+        Assertions.assertTrue(CheckUtils.checkFilePath("/"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("xx/"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("/xx"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("14567134578654"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/"));
+        
Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/1531531..13513/153135.."));
+        // false
+        Assertions.assertFalse(CheckUtils.checkFilePath(null));
+        Assertions.assertFalse(CheckUtils.checkFilePath("file://xxx/ss"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss;/dasd/123"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss && 
/dasd/123"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss || 
/dasd/123"));
+    }
+
 }
diff --git 
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java
 
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java
index 054a9410d5..19e1a1fabb 100644
--- 
a/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java
+++ 
b/dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java
@@ -252,6 +252,11 @@ public final class Constants {
      */
     public static final Pattern REGEX_USER_NAME = 
Pattern.compile("^[a-zA-Z0-9._-]{3,39}$");
 
+    /**
+     * file path regex 
+     */
+    public static final Pattern REGEX_FILE_PATH = 
Pattern.compile("^[a-zA-Z0-9_./-]+$");
+
     /**
      * read permission
      */

Reply via email to