From fabf5ed317ec368c2e65030d4bd2f42a410f924c Mon Sep 17 00:00:00 2001 From: fit2-zhao Date: Mon, 20 Mar 2023 16:26:38 +0800 Subject: [PATCH] =?UTF-8?q?refactor(=E6=8E=A5=E5=8F=A3=E6=B5=8B=E8=AF=95):?= =?UTF-8?q?=20=E4=BC=98=E5=8C=96=E8=84=9A=E6=9C=AC=E5=85=B3=E9=94=AE?= =?UTF-8?q?=E5=AD=97=E8=BF=87=E6=BB=A4=E6=9C=BA=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: fit2-zhao --- .../api/dto/shell/filter/ScriptFilter.java | 17 ++++++++++++++++- .../listener/ApiAppStartListener.java | 6 ++++++ .../listener/ApiExecutionQueueListener.java | 2 +- .../src/main/resources/blacklist/beanshell.bk | 0 .../src/main/resources/blacklist/groovy.bk | 0 .../src/main/resources/blacklist/python.bk | 1 + 6 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 api-test/backend/src/main/resources/blacklist/beanshell.bk create mode 100644 api-test/backend/src/main/resources/blacklist/groovy.bk create mode 100644 api-test/backend/src/main/resources/blacklist/python.bk diff --git a/api-test/backend/src/main/java/io/metersphere/api/dto/shell/filter/ScriptFilter.java b/api-test/backend/src/main/java/io/metersphere/api/dto/shell/filter/ScriptFilter.java index 7352ae7ab9..274872cdad 100644 --- a/api-test/backend/src/main/java/io/metersphere/api/dto/shell/filter/ScriptFilter.java +++ b/api-test/backend/src/main/java/io/metersphere/api/dto/shell/filter/ScriptFilter.java @@ -9,17 +9,32 @@ import org.apache.commons.lang3.StringUtils; import java.io.InputStream; import java.nio.charset.Charset; +import java.util.HashMap; import java.util.List; +import java.util.Map; public class ScriptFilter { public static final String beanshell = "/blacklist/beanshell.bk"; public static final String groovy = "/blacklist/groovy.bk"; public static final String python = "/blacklist/python.bk"; + // 关键字内容较小,全局缓存下来避免重复读取 + public static final Map> scriptCache = new HashMap<>(); - private static void blackList(StringBuffer buffer, String script, String path) { + public static void initScript(String path) { try { InputStream in = ScriptFilter.class.getResourceAsStream(path); List bks = IOUtils.readLines(in, Charset.defaultCharset()); + if (CollectionUtils.isNotEmpty(bks)) { + scriptCache.put(path, bks); + } + } catch (Exception ex) { + LogUtil.error(ex.getMessage()); + } + } + + private static void blackList(StringBuffer buffer, String script, String path) { + try { + List bks = scriptCache.get(path); if (CollectionUtils.isNotEmpty(bks)) { bks.forEach(item -> { if (script.contains(item) && script.indexOf(item) != -1) { diff --git a/api-test/backend/src/main/java/io/metersphere/listener/ApiAppStartListener.java b/api-test/backend/src/main/java/io/metersphere/listener/ApiAppStartListener.java index da7d2f9612..4b64f220a9 100644 --- a/api-test/backend/src/main/java/io/metersphere/listener/ApiAppStartListener.java +++ b/api-test/backend/src/main/java/io/metersphere/listener/ApiAppStartListener.java @@ -1,6 +1,7 @@ package io.metersphere.listener; import com.mchange.lang.IntegerUtils; +import io.metersphere.api.dto.shell.filter.ScriptFilter; import io.metersphere.api.exec.queue.ExecThreadPoolExecutor; import io.metersphere.api.jmeter.JMeterService; import io.metersphere.commons.constants.ScheduleGroup; @@ -56,6 +57,11 @@ public class ApiAppStartListener implements ApplicationRunner { LogUtil.info("================= API 应用启动 ================="); System.setProperty("jmeter.home", jmeterHome); + LogUtil.info("初始化安全过滤脚本"); + ScriptFilter.initScript(ScriptFilter.beanshell); + ScriptFilter.initScript(ScriptFilter.python); + ScriptFilter.initScript(ScriptFilter.groovy); + LogUtil.info("加载自定义插件"); pluginService.loadPlugins(); diff --git a/api-test/backend/src/main/java/io/metersphere/listener/ApiExecutionQueueListener.java b/api-test/backend/src/main/java/io/metersphere/listener/ApiExecutionQueueListener.java index e1ae1420bc..30673f4f53 100644 --- a/api-test/backend/src/main/java/io/metersphere/listener/ApiExecutionQueueListener.java +++ b/api-test/backend/src/main/java/io/metersphere/listener/ApiExecutionQueueListener.java @@ -9,7 +9,7 @@ import org.springframework.stereotype.Component; public class ApiExecutionQueueListener { private ApiExecutionQueueService queueService; - @Scheduled(cron = "0 0/5 * * * ?") + @Scheduled(cron = "0 0/10 0/1 * * ?") public void execute() { if (queueService == null) { queueService = CommonBeanFactory.getBean(ApiExecutionQueueService.class); diff --git a/api-test/backend/src/main/resources/blacklist/beanshell.bk b/api-test/backend/src/main/resources/blacklist/beanshell.bk new file mode 100644 index 0000000000..e69de29bb2 diff --git a/api-test/backend/src/main/resources/blacklist/groovy.bk b/api-test/backend/src/main/resources/blacklist/groovy.bk new file mode 100644 index 0000000000..e69de29bb2 diff --git a/api-test/backend/src/main/resources/blacklist/python.bk b/api-test/backend/src/main/resources/blacklist/python.bk new file mode 100644 index 0000000000..4c486af918 --- /dev/null +++ b/api-test/backend/src/main/resources/blacklist/python.bk @@ -0,0 +1 @@ +os.system \ No newline at end of file