test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(文件管理): 更换minio的文件名检察方式 

minio是可以带有文件路径的,所以更改minio文件名检查方式,不含有../这样的非法路径就可以
This commit is contained in:
song-tianyang 2022-12-28 11:10:58 +08:00 committed by 建国
parent 9ccb214247
commit 1c6b8d4b78
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/FileUtils.java
View File

@ -33,7 +33,18 @@ public class FileUtils {
public static final String ATTACHMENT_TMP_DIR = "/opt/metersphere/data/attachment/tmp";
public static void validateFileName(String fileName) {
if (StringUtils.isNotEmpty(fileName) && fileName.contains(File.separator)) {
if (StringUtils.isNotEmpty(fileName) && StringUtils.contains(fileName, File.separator)) {
MSException.throwException(Translator.get("invalid_parameter"));
}
}
/**
* 上传Minio的文件名称检查只需要判断是否带有./ ../ 这样的非法文件名
*
* @param fileName
*/
public static void validateMinIOFileName(String fileName) {
if (StringUtils.isNotEmpty(fileName) && StringUtils.contains(fileName, "." + File.separator)) {
MSException.throwException(Translator.get("invalid_parameter"));
}
}

2
framework/sdk-parent/sdk/src/main/java/io/metersphere/metadata/repository/MinIOFileRepository.java
View File

@ -28,7 +28,7 @@ public class MinIOFileRepository implements FileRepository {
@Override
public String saveFile(MultipartFile file, FileRequest request) throws Exception {
FileUtils.validateFileName(request.getFileName());
FileUtils.validateMinIOFileName(request.getFileName());
String bucket = minioProperties.getBucket();
String fileName = request.getProjectId() + "/" + request.getFileName();
minioClient.putObject(PutObjectArgs.builder()