test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(XML解析相关功能): 修复使用SAXReader导致的xxe攻击漏洞 

修复使用SAXReader导致的xxe攻击漏洞
This commit is contained in:
song-tianyang 2022-02-23 14:07:36 +08:00 committed by 刘瑞斌
parent d119ec6e05
commit d08d0c2158
3 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/src/main/java/io/metersphere/api/service/APITestService.java
View File

@ -30,6 +30,7 @@ import io.metersphere.controller.request.ScheduleRequest;
import io.metersphere.dto.ScheduleDao;
import io.metersphere.i18n.Translator;
import io.metersphere.job.sechedule.ApiTestJob;
import io.metersphere.performance.parse.EngineSourceParserFactory;
import io.metersphere.service.FileService;
import io.metersphere.service.ScheduleService;
import io.metersphere.track.service.TestCaseService;
@ -465,7 +466,7 @@ public class APITestService {
//获取要转化的文件
List<String> attachmentFilePathList = new ArrayList<>();
try {
Document doc = DocumentHelper.parseText(jmx);// 获取可续保保单列表报文模板
Document doc = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(jmx.getBytes("utf-8")));
Element root = doc.getRootElement();
Element rootHashTreeElement = root.element("hashTree");
List<Element> innerHashTreeElementList = rootHashTreeElement.elements("hashTree");

8
backend/src/main/java/io/metersphere/performance/parse/EngineSourceParserFactory.java
View File

@ -34,6 +34,14 @@ public class EngineSourceParserFactory {
public static Document getDocument(InputStream source) throws DocumentException {
SAXReader reader = new SAXReader();
try {
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
}catch (Exception e){
LogUtil.error(e);
}
if (!IS_TRANS) {
reader.setXMLFilter(EngineSourceParserFactory.getFilter());
}

6
backend/src/main/java/io/metersphere/xmind/parser/XmindLegacy.java
View File

@ -1,9 +1,11 @@
package io.metersphere.xmind.parser;
import io.metersphere.performance.parse.EngineSourceParserFactory;
import org.dom4j.*;
import org.json.JSONObject;
import org.json.XML;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@ -32,7 +34,7 @@ public class XmindLegacy {
//去除自由风格主题
xmlContent = xmlContent.replaceAll("<topics type=\"detached\">", "");
Document document = DocumentHelper.parseText(xmlContent);// 读取XML文件,获得document对象
Document document = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(xmlContent.getBytes("utf-8")));// 读取XML文件,获得document对象
Element root = document.getRootElement();
List<Node> topics = root.selectNodes("//topic");
@ -41,7 +43,7 @@ public class XmindLegacy {
xmlComments = xmlComments.replace("xmlns=\"urn:xmind:xmap:xmlns:comments:2.0\"", "");
// 添加评论到content中
Document commentDocument = DocumentHelper.parseText(xmlComments);
Document commentDocument = EngineSourceParserFactory.getDocument(new ByteArrayInputStream(xmlComments.getBytes("utf-8")));
List<Node> commentsList = commentDocument.selectNodes("//comment");
for (Node topic : topics) {