hz/java-servers
1
0
Fork 0
mirror of https://codeup.aliyun.com/67762337eccfc218f6110e0e/per-boe/java-servers.git synced 2025-12-11 03:46:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

路径遍历

Browse Source
This commit is contained in:
yang
2024-08-26 17:00:10 +08:00
parent 776e1e6cbc
commit bea6d680e9
8 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ContentPackageGenerator.java
View File

@@ -119,6 +119,10 @@ public class ContentPackageGenerator {
private String scormPkgDir; private String scormPkgDir;
public ContentPackage generateContentPackageFromFile(String scormPkgDir) { public ContentPackage generateContentPackageFromFile(String scormPkgDir) {
if (scormPkgDir.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (scormPkgDir == null) { if (scormPkgDir == null) {
log.error("scorm package directory is null"); log.error("scorm package directory is null");
return contentPackage; return contentPackage;

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/FileUtils.java
View File

@@ -44,6 +44,10 @@ public class FileUtils {
} }
public static File createFile(String dstPath, String fileName) throws IOException { public static File createFile(String dstPath, String fileName) throws IOException {
if (dstPath.contains("..") || fileName.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
String[] dirs = fileName.split("/"); String[] dirs = fileName.split("/");
File file = new File(dstPath); File file = new File(dstPath);

5
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/SCORMPackageManager.java
View File

@@ -119,6 +119,11 @@ public class SCORMPackageManager {
return null; return null;
} }
if (packagePath.contains("..")) {
// throw new SecurityException("输入路径包含不安全的字符");
return null;
}
// step 1: uncompress // step 1: uncompress
File f=new File(packagePath); File f=new File(packagePath);
if(!f.exists()) { if(!f.exists()) {

4
modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ZipUtils.java
View File

@@ -60,6 +60,10 @@ public class ZipUtils {
} }
public static boolean decompressZip(String zipFilePath, String saveFileDir) { public static boolean decompressZip(String zipFilePath, String saveFileDir) {
if (saveFileDir.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (!isEndWithZip(zipFilePath)) { if (!isEndWithZip(zipFilePath)) {
return false; return false;
} }

4
servers/boe-server-all/src/main/java/com/xboe/converter/ExcelToPdfConverter.java
View File

@@ -66,6 +66,10 @@ public class ExcelToPdfConverter implements ICourseFileConverter {
@Override @Override
public String convert(String fileType, String filePath) throws Exception{ public String convert(String fileType, String filePath) throws Exception{
if (filePath.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (this.getLicense()) { if (this.getLicense()) {
FileOutputStream fileOS=null; FileOutputStream fileOS=null;
String previewPath = null; String previewPath = null;

4
servers/boe-server-all/src/main/java/com/xboe/converter/PPTToPdfConverter.java
View File

@@ -65,6 +65,10 @@ public class PPTToPdfConverter implements ICourseFileConverter {
@Override @Override
public String convert(String fileType, String filePath) throws Exception{ public String convert(String fileType, String filePath) throws Exception{
if (filePath.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (this.getLicense()) { if (this.getLicense()) {
InputStream slides=null; InputStream slides=null;
Presentation pres=null; Presentation pres=null;

4
servers/boe-server-all/src/main/java/com/xboe/converter/WordToPdfConverter.java
View File

@@ -69,6 +69,10 @@ public class WordToPdfConverter implements ICourseFileConverter {
@Override @Override
public String convert(String fileType, String filePath) throws Exception{ public String convert(String fileType, String filePath) throws Exception{
if (filePath.contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
if (this.getLicense()) { if (this.getLicense()) {
File pdfFile=null; File pdfFile=null;
FileOutputStream fileOS=null; FileOutputStream fileOS=null;

11
servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseFileApi.java
View File

@@ -227,6 +227,10 @@ public class CourseFileApi extends ApiBaseController {
return badRequest("请先选择资源归属"); return badRequest("请先选择资源归属");
} }
if (file.getFilePath().contains("..")) {
throw new SecurityException("输入路径包含不安全的字符");
}
// 重设文件类型为小写 // 重设文件类型为小写
file.setFileType(file.getFileType().toLowerCase()); file.setFileType(file.getFileType().toLowerCase());
@@ -396,6 +400,13 @@ public class CourseFileApi extends ApiBaseController {
return; return;
} }
if (cf.contains("..")) {
log.error("参数错误");
// throw new SecurityException("输入路径包含不安全的字符");
return;
}
String cfPath=null; String cfPath=null;
String fileName =""; String fileName ="";
if(StringUtils.isNotBlank(cf)) { if(StringUtils.isNotBlank(cf)) {