任务屏蔽违规字符

2021-11-01 15:03:06 +08:00 · 2021-11-01 15:03:06 +08:00 · cc4c52c998
commit cc4c52c998
parent bd09e5b11c
2 changed files with 15 additions and 1 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
@ -148,4 +148,10 @@ public class Constants
     * LDAP 远程方法调用
     */
    public static final String LOOKUP_LDAP = "ldap://";
-}
+
+    /**
+     * 定时任务违规的字符
+     */
+    public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
+            "org.springframework.jndi" };
+}
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@ -96,6 +96,10 @@ public class SysJobController extends BaseController
        {
            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
        }
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+        {
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串存在违规");
+        }
        job.setCreateBy(getUsername());
        return toAjax(jobService.insertJob(job));
    }
@ -124,6 +128,10 @@ public class SysJobController extends BaseController
        {
            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
        }
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
+        {
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串存在违规");
+        }
        job.setUpdateBy(getUsername());
        return toAjax(jobService.updateJob(job));
    }