test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(缺陷管理): 修复上传附件路径穿梭漏洞

This commit is contained in:
song-cc-rock 2024-03-05 15:48:30 +08:00 committed by Craftsman
parent 728b1272fc
commit a22e40fc87
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/services/bug-management/src/main/java/io/metersphere/bug/service/BugAttachmentService.java
View File

@ -35,6 +35,7 @@ import io.metersphere.sdk.file.FileCenter;
import io.metersphere.sdk.file.FileRequest; import io.metersphere.sdk.file.FileRequest;
import io.metersphere.sdk.util.FileAssociationSourceUtil; import io.metersphere.sdk.util.FileAssociationSourceUtil;
import io.metersphere.sdk.util.LogUtils; import io.metersphere.sdk.util.LogUtils;
import io.metersphere.sdk.util.MsFileUtils;
import io.metersphere.sdk.util.Translator; import io.metersphere.sdk.util.Translator;
import io.metersphere.system.dto.sdk.OptionDTO; import io.metersphere.system.dto.sdk.OptionDTO;
import io.metersphere.system.log.constants.OperationLogModule; import io.metersphere.system.log.constants.OperationLogModule;
@ -478,6 +479,7 @@ public class BugAttachmentService {
*/ */
private List<SyncAttachmentToPlatformRequest> uploadLocalFile(String bugId, String platformBugKey, String projectId, File tmpFileDir, private List<SyncAttachmentToPlatformRequest> uploadLocalFile(String bugId, String platformBugKey, String projectId, File tmpFileDir,
MultipartFile file, String currentUser, String platformName) { MultipartFile file, String currentUser, String platformName) {
MsFileUtils.validateFileName(file.getOriginalFilename());
BugLocalAttachment record = new BugLocalAttachment(); BugLocalAttachment record = new BugLocalAttachment();
record.setId(IDGenerator.nextStr()); record.setId(IDGenerator.nextStr());
record.setBugId(bugId); record.setBugId(bugId);