[Improvement] Abnormal characters check (#15824)

* abnormal characters check * add test case * remove error log * fix code style * fix import
apache · Apr 12, 2024 · e5e7749 · e5e7749
1 parent 883848f
commit e5e7749
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 0 deletions.
diff --git a/...-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java b/...-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ResourcesServiceImpl.java
@@ -17,6 +17,7 @@
 
 package org.apache.dolphinscheduler.api.service.impl;
 
+import static org.apache.dolphinscheduler.api.utils.CheckUtils.checkFilePath;
 import static org.apache.dolphinscheduler.common.constants.Constants.ALIAS;
 import static org.apache.dolphinscheduler.common.constants.Constants.CONTENT;
 import static org.apache.dolphinscheduler.common.constants.Constants.EMPTY_STRING;
@@ -1290,6 +1291,10 @@ private void checkFullName(String userTenantCode, String fullName) {
         if (FOLDER_SEPARATOR.equalsIgnoreCase(fullName)) {
             return;
         }
+        // abnormal characters check
+        if (!checkFilePath(fullName)) {
+            throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH);
+        }
         // Avoid returning to the parent directory
         if (fullName.contains("../")) {
             throw new ServiceException(Status.ILLEGAL_RESOURCE_PATH, fullName);

diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/utils/CheckUtils.java
@@ -158,4 +158,14 @@ private static boolean regexChecks(String str, Pattern pattern) {
 
         return pattern.matcher(str).matches();
     }
+
+    /**
+     * regex FilePath check,only use a to z, A to Z, 0 to 9, and _./- 
+     *
+     * @param str     input string
+     * @return true if regex pattern is right, otherwise return false
+     */
+    public static boolean checkFilePath(String str) {
+        return regexChecks(str, Constants.REGEX_FILE_PATH);
+    }
 }
diff --git a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/utils/CheckUtilsTest.java
@@ -92,4 +92,24 @@ public void testCheckPhone() {
         Assertions.assertTrue(CheckUtils.checkPhone("17362537263"));
     }
 
+    /**
+     * check file path
+     */
+    @Test
+    public void testCheckFilePath() {
+        // true
+        Assertions.assertTrue(CheckUtils.checkFilePath("/"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("xx/"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("/xx"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("14567134578654"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/"));
+        Assertions.assertTrue(CheckUtils.checkFilePath("/admin/root/1531531..13513/153135.."));
+        // false
+        Assertions.assertFalse(CheckUtils.checkFilePath(null));
+        Assertions.assertFalse(CheckUtils.checkFilePath("file://xxx/ss"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss;/dasd/123"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss && /dasd/123"));
+        Assertions.assertFalse(CheckUtils.checkFilePath("/xxx/ss || /dasd/123"));
+    }
+
 }
diff --git a/...cheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java b/...cheduler-common/src/main/java/org/apache/dolphinscheduler/common/constants/Constants.java
@@ -252,6 +252,11 @@ private Constants() {
      */
     public static final Pattern REGEX_USER_NAME = Pattern.compile("^[a-zA-Z0-9._-]{3,39}$");
 
+    /**
+     * file path regex 
+     */
+    public static final Pattern REGEX_FILE_PATH = Pattern.compile("^[a-zA-Z0-9_./-]+$");
+
     /**
      * read permission
      */