From cc4c52c998f5ffd6adc63d62d870ce76ffa9ae61 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 01 十一月 2021 15:03:06 +0800
Subject: [PATCH] 任务屏蔽违规字符
---
ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java | 55 ++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
index f770a7d..2f3ddab 100644
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@@ -13,12 +13,13 @@
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.exception.job.TaskException;
-import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.quartz.domain.SysJob;
import com.ruoyi.quartz.service.ISysJobService;
@@ -77,14 +78,30 @@
@PreAuthorize("@ss.hasPermi('monitor:job:add')")
@Log(title = "定时任务", businessType = BusinessType.INSERT)
@PostMapping
- public AjaxResult add(@RequestBody SysJob sysJob) throws SchedulerException, TaskException
+ public AjaxResult add(@RequestBody SysJob job) throws SchedulerException, TaskException
{
- if (!CronUtils.isValid(sysJob.getCronExpression()))
+ if (!CronUtils.isValid(job.getCronExpression()))
{
- return AjaxResult.error("cron表达式不正确");
+ return error("新增任务'" + job.getJobName() + "'失败,Cron表达式不正确");
}
- sysJob.setCreateBy(SecurityUtils.getUsername());
- return toAjax(jobService.insertJob(sysJob));
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
+ {
+ return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
+ }
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+ {
+ return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用");
+ }
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+ {
+ return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
+ }
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+ {
+ return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规");
+ }
+ job.setCreateBy(getUsername());
+ return toAjax(jobService.insertJob(job));
}
/**
@@ -93,14 +110,30 @@
@PreAuthorize("@ss.hasPermi('monitor:job:edit')")
@Log(title = "定时任务", businessType = BusinessType.UPDATE)
@PutMapping
- public AjaxResult edit(@RequestBody SysJob sysJob) throws SchedulerException, TaskException
+ public AjaxResult edit(@RequestBody SysJob job) throws SchedulerException, TaskException
{
- if (!CronUtils.isValid(sysJob.getCronExpression()))
+ if (!CronUtils.isValid(job.getCronExpression()))
{
- return AjaxResult.error("cron表达式不正确");
+ return error("修改任务'" + job.getJobName() + "'失败,Cron表达式不正确");
}
- sysJob.setUpdateBy(SecurityUtils.getUsername());
- return toAjax(jobService.updateJob(sysJob));
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
+ {
+ return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
+ }
+ else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_LDAP))
+ {
+ return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'ldap://'调用");
+ }
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+ {
+ return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
+ }
+ else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+ {
+ return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规");
+ }
+ job.setUpdateBy(getUsername());
+ return toAjax(jobService.updateJob(job));
}
/**
--
Gitblit v1.9.2