test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(测试跟踪): 缺陷平台请求转发添加白名单

This commit is contained in:
chenjianxing 2022-12-08 18:15:22 +08:00 committed by jianxing
parent 0dd34ef9ba
commit 2bbf1b49cb
1 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
backend/src/main/java/io/metersphere/service/ResourceService.java
View File

@ -1,12 +1,18 @@
package io.metersphere.service;
import com.alibaba.fastjson.JSON;
import io.metersphere.base.domain.ServiceIntegration;
import io.metersphere.commons.constants.IssuesManagePlatform;
import io.metersphere.commons.exception.MSException;
import io.metersphere.commons.utils.FileUtils;
import io.metersphere.commons.utils.LogUtil;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.controller.request.IntegrationRequest;
import io.metersphere.controller.request.MdUploadRequest;
import io.metersphere.i18n.Translator;
import io.metersphere.track.issue.IssueFactory;
import io.metersphere.track.issue.domain.jira.JiraConfig;
import io.metersphere.track.issue.domain.zentao.ZentaoConfig;
import io.metersphere.track.request.testcase.IssuesRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.io.FileSystemResource;
@ -22,6 +28,8 @@ import org.springframework.web.multipart.MultipartFile;
import javax.annotation.Resource;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Date;
@ -32,6 +40,8 @@ public class ResourceService {
@Resource
private RestTemplate restTemplate;
@Resource
private IntegrationService integrationService;
public String mdUpload(MdUploadRequest request, MultipartFile file) {
String fileName = request.getId() + request.getFileName().substring(request.getFileName().lastIndexOf("."));
@ -107,13 +117,46 @@ public class ResourceService {
if (url.contains("md/get/url")) {
MSException.throwException(Translator.get("invalid_parameter"));
}
String currentWorkspaceId = SessionUtils.getCurrentWorkspaceId();
IntegrationRequest request = new IntegrationRequest();
request.setPlatform(platform);
if (StringUtils.isBlank(platform)) {
request.setPlatform(IssuesManagePlatform.Zentao.name());
}
ServiceIntegration serviceIntegration = integrationService.get(request);
if (StringUtils.isNotBlank(platform)) {
JiraConfig jiraConfig = JSON.parseObject(serviceIntegration.getConfiguration(), JiraConfig.class);
validateUrl(url, jiraConfig.getUrl(), "/secure/attachment/", "/attachment/content");
IssuesRequest issuesRequest = new IssuesRequest();
issuesRequest.setProjectId(SessionUtils.getCurrentProjectId());
issuesRequest.setWorkspaceId(SessionUtils.getCurrentWorkspaceId());
issuesRequest.setWorkspaceId(currentWorkspaceId);
return IssueFactory.createPlatform(platform, issuesRequest)
.proxyForGet(url, byte[].class);
} else {
ZentaoConfig zentaoConfig = JSON.parseObject(serviceIntegration.getConfiguration(), ZentaoConfig.class);
validateUrl(url, zentaoConfig.getUrl(), "/index.php", "/file-read-");
return restTemplate.exchange(url, HttpMethod.GET, null, byte[].class);
}
}
private void validateUrl(String url, String platFormUrl, String ...path) {
boolean isValidate = true;
try {
URI platFormUri = new URI(platFormUrl);
URI resourceUri = new URI(url);
// 对比host
if (!StringUtils.equals(platFormUri.getHost(), resourceUri.getHost())) {
isValidate = false;
}
// 对比白名单
if (!StringUtils.containsAny(resourceUri.getPath(), path)) {
isValidate = false;
}
} catch (URISyntaxException e) {
isValidate = false;
}
if (!isValidate) {
MSException.throwException("illegal url");
}
return restTemplate.exchange(url, HttpMethod.GET, null, byte[].class);
}
}