8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-05 04:50:55 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

reject req when uri contains ..

Browse Source
This commit is contained in:
zengqiao
2021-03-04 17:51:35 +08:00
parent 9a5b18c4e6
commit f33e585a71
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
View File

@@ -65,6 +65,11 @@ public class LoginServiceImpl implements LoginService {
@Override @Override
public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
String uri = request.getRequestURI(); String uri = request.getRequestURI();
if (uri.contains("..")) {
LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", uri);
return false;
}
if (!(uri.contains(ApiPrefix.API_V1_NORMAL_PREFIX) if (!(uri.contains(ApiPrefix.API_V1_NORMAL_PREFIX)
|| uri.contains(ApiPrefix.API_V1_RD_PREFIX) || uri.contains(ApiPrefix.API_V1_RD_PREFIX)
|| uri.contains(ApiPrefix.API_V1_OP_PREFIX))) { || uri.contains(ApiPrefix.API_V1_OP_PREFIX))) {