任务屏蔽违规字符

This commit is contained in:
RuoYi 2021-11-01 15:03:06 +08:00
parent bd09e5b11c
commit cc4c52c998
2 changed files with 15 additions and 1 deletions

View File

@ -148,4 +148,10 @@ public class Constants
* LDAP 远程方法调用 * LDAP 远程方法调用
*/ */
public static final String LOOKUP_LDAP = "ldap://"; public static final String LOOKUP_LDAP = "ldap://";
}
/**
* 定时任务违规的字符
*/
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
"org.springframework.jndi" };
}

View File

@ -96,6 +96,10 @@ public class SysJobController extends BaseController
{ {
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
} }
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
{
return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规");
}
job.setCreateBy(getUsername()); job.setCreateBy(getUsername());
return toAjax(jobService.insertJob(job)); return toAjax(jobService.insertJob(job));
} }
@ -124,6 +128,10 @@ public class SysJobController extends BaseController
{ {
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用"); return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
} }
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
{
return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规");
}
job.setUpdateBy(getUsername()); job.setUpdateBy(getUsername());
return toAjax(jobService.updateJob(job)); return toAjax(jobService.updateJob(job));
} }