zhuyijun/nacos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ISSUE #10734] Refactor the ParamChecker and ParamExtractor (#10775)

Browse Source 
* For #10734,refactor the paramextractor and ParamChecker

* For #10734,alter the rules of ParamCheck

* For #10734,alter the rules of ParamCheck

* For #10734,fix bug

* For #10734,fix bug and alter the ParamCheckRules.java

* For #10734,fix code style

* For #10734,fix the param check rules

* For #10734,implement the server param check config

* For #10734,optimize the logic

* For #10734,optimize the logic

* For #10734,optimize the logic
This commit is contained in:
Sunrisea 2023-07-19 16:34:03 +08:00 committed by GitHub
parent e57b43c218
commit 8adca685f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
46 changed files with 625 additions and 439 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
common/src/main/java/com/alibaba/nacos/common/paramcheck/AbstractParamChecker.java Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.paramcheck;
import java.util.List;
/**
* The type Abstract param checker.
*
* @author zhuoguang
*/
public abstract class AbstractParamChecker {
/**
* Gets checker type.
*
* @return the checker type
*/
public abstract String getCheckerType();
/**
* Check param info list.
*
* @param paramInfos the param infos
*/
public abstract void checkParamInfoList(List<ParamInfo> paramInfos);
}

79
common/src/main/java/com/alibaba/nacos/common/paramcheck/ParamCheckUtils.java → common/src/main/java/com/alibaba/nacos/common/paramcheck/DefaultParamChecker.java
View File

@ -18,15 +18,18 @@ package com.alibaba.nacos.common.paramcheck;
import com.alibaba.nacos.common.utils.StringUtils;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
/**
* Param Check Utils.
* The type Default param checker.
*
* @author zhuoguang
*/
public class ParamCheckUtils {
public class DefaultParamChecker extends AbstractParamChecker {
private static final Pattern NAMESPACE_SHOW_NAME_PATTERN = Pattern.compile(ParamCheckRules.NAMESPACE_SHOW_NAME_PATTERN_STRING);
private static final Pattern NAMESPACE_ID_PATTERN = Pattern.compile(ParamCheckRules.NAMESPACE_ID_PATTERN_STRING);
@ -40,12 +43,29 @@ public class ParamCheckUtils {
private static final Pattern IP_PATTERN = Pattern.compile(ParamCheckRules.IP_PATTERN_STRING);
private static final String CHECKER_TYPE = "default";
@Override
public String getCheckerType() {
return CHECKER_TYPE;
}
@Override
public void checkParamInfoList(List<ParamInfo> paramInfos) {
if (paramInfos == null) {
return;
}
for (ParamInfo paramInfo : paramInfos) {
checkParamInfoFormat(paramInfo);
}
}
/**
* Check param info format.
*
* @param paramInfo the param info
*/
public static void checkParamInfoFormat(ParamInfo paramInfo) {
public void checkParamInfoFormat(ParamInfo paramInfo) {
if (paramInfo == null) {
return;
}
@ -54,7 +74,8 @@ public class ParamCheckUtils {
checkDataIdFormat(paramInfo.getDataId());
checkServiceNameFormat(paramInfo.getServiceName());
checkGroupFormat(paramInfo.getGroup());
checkClusterFormat(paramInfo.getCluster());
checkClusterFormat(paramInfo.getClusters());
checkSingleClusterFormat(paramInfo.getCluster());
checkIpFormat(paramInfo.getIp());
checkPortFormat(paramInfo.getPort());
checkMetadataFormat(paramInfo.getMetadata());
@ -65,7 +86,7 @@ public class ParamCheckUtils {
*
* @param namespaceShowName the namespace show name
*/
public static void checkNamespaceShowNameFormat(String namespaceShowName) {
public void checkNamespaceShowNameFormat(String namespaceShowName) {
if (StringUtils.isBlank(namespaceShowName)) {
return;
}
@ -74,6 +95,10 @@ public class ParamCheckUtils {
String.format("Param 'namespaceShowName' is illegal, the param length should not exceed %d.",
ParamCheckRules.MAX_NAMESPACE_SHOW_NAME_LENGTH));
}
if (!NAMESPACE_SHOW_NAME_PATTERN.matcher(namespaceShowName).matches()) {
throw new IllegalArgumentException(
"Param 'namespaceShowName' is illegal, illegal characters should not appear in the param.");
}
}
/**
@ -81,7 +106,7 @@ public class ParamCheckUtils {
*
* @param namespaceId the namespace id
*/
public static void checkNamespaceIdFormat(String namespaceId) {
public void checkNamespaceIdFormat(String namespaceId) {
if (StringUtils.isBlank(namespaceId)) {
return;
}
@ -92,7 +117,7 @@ public class ParamCheckUtils {
}
if (!NAMESPACE_ID_PATTERN.matcher(namespaceId).matches()) {
throw new IllegalArgumentException(
"Param 'namespaceId/tenant' is illegal, Chinese characters should not appear in the param.");
"Param 'namespaceId/tenant' is illegal, illegal characters should not appear in the param.");
}
}
@ -101,7 +126,7 @@ public class ParamCheckUtils {
*
* @param dataId the data id
*/
public static void checkDataIdFormat(String dataId) {
public void checkDataIdFormat(String dataId) {
if (StringUtils.isBlank(dataId)) {
return;
}
@ -112,7 +137,7 @@ public class ParamCheckUtils {
}
if (!DATA_ID_PATTERN.matcher(dataId).matches()) {
throw new IllegalArgumentException(
"Param 'dataId' is illegal, Chinese characters and '@@' should not appear in the param.");
"Param 'dataId' is illegal, illegal characters should not appear in the param.");
}
}
@ -121,7 +146,7 @@ public class ParamCheckUtils {
*
* @param serviceName the service name
*/
public static void checkServiceNameFormat(String serviceName) {
public void checkServiceNameFormat(String serviceName) {
if (StringUtils.isBlank(serviceName)) {
return;
}
@ -132,7 +157,7 @@ public class ParamCheckUtils {
}
if (!SERVICE_NAME_PATTERN.matcher(serviceName).matches()) {
throw new IllegalArgumentException(
"Param 'serviceName' is illegal, Chinese characters and '@@' should not appear in the param.");
"Param 'serviceName' is illegal, illegal characters should not appear in the param.");
}
}
@ -141,7 +166,7 @@ public class ParamCheckUtils {
*
* @param group the group
*/
public static void checkGroupFormat(String group) {
public void checkGroupFormat(String group) {
if (StringUtils.isBlank(group)) {
return;
}
@ -152,19 +177,35 @@ public class ParamCheckUtils {
}
if (!GROUP_PATTERN.matcher(group).matches()) {
throw new IllegalArgumentException(
"Param 'group' is illegal, Chinese characters and '@@' should not appear in the param");
"Param 'group' is illegal, illegal characters should not appear in the param.");
}
}
/**
* Check cluster format.
*
* @param clusterString the cluster string
*/
public void checkClusterFormat(String clusterString) {
if (StringUtils.isBlank(clusterString)) {
return;
}
String[] clusters = clusterString.split(",");
for (String cluster : clusters) {
checkSingleClusterFormat(cluster);
}
}
/**
* Check single cluster format.
*
* @param cluster the cluster
*/
public static void checkClusterFormat(String cluster) {
public void checkSingleClusterFormat(String cluster) {
if (StringUtils.isBlank(cluster)) {
return;
}
if (cluster.length() > ParamCheckRules.MAX_CLUSTER_LENGTH) {
throw new IllegalArgumentException(
String.format("Param 'cluster' is illegal, the param length should not exceed %d.",
@ -172,7 +213,7 @@ public class ParamCheckUtils {
}
if (!CLUSTER_PATTERN.matcher(cluster).matches()) {
throw new IllegalArgumentException(
"Param 'cluster' is illegal, Chinese characters and ',' should not appear in the param");
"Param 'cluster' is illegal, illegal characters should not appear in the param.");
}
}
@ -181,7 +222,7 @@ public class ParamCheckUtils {
*
* @param ip the ip
*/
public static void checkIpFormat(String ip) {
public void checkIpFormat(String ip) {
if (StringUtils.isBlank(ip)) {
return;
}
@ -192,7 +233,7 @@ public class ParamCheckUtils {
}
if (!IP_PATTERN.matcher(ip).matches()) {
throw new IllegalArgumentException(
"Param 'ip' is illegal, Chinese characters should not appear in the param");
"Param 'ip' is illegal, illegal characters should not appear in the param.");
}
}
@ -201,7 +242,7 @@ public class ParamCheckUtils {
*
* @param port the port
*/
public static void checkPortFormat(String port) {
public void checkPortFormat(String port) {
if (StringUtils.isBlank(port)) {
return;
}
@ -225,7 +266,7 @@ public class ParamCheckUtils {
*
* @param metadata the metadata
*/
public static void checkMetadataFormat(Map<String, String> metadata) {
public void checkMetadataFormat(Map<String, String> metadata) {
if (metadata == null || metadata.isEmpty()) {
return;
}

12
common/src/main/java/com/alibaba/nacos/common/paramcheck/ParamCheckRules.java
View File

@ -25,25 +25,27 @@ public class ParamCheckRules {
public static final int MAX_NAMESPACE_SHOW_NAME_LENGTH = 256;
public static final String NAMESPACE_SHOW_NAME_PATTERN_STRING = "^[^@#$%^&*]+$";
public static final int MAX_NAMESPACE_ID_LENGTH = 64;
public static final String NAMESPACE_ID_PATTERN_STRING = "^[^\\u4E00-\\u9FA5]+$";
public static final String NAMESPACE_ID_PATTERN_STRING = "^[\\w-]+";
public static final int MAX_DATA_ID_LENGTH = 512;
public static final String DATA_ID_PATTERN_STRING = "^((?!@@)[^\\u4E00-\\u9FA5])*$";
public static final String DATA_ID_PATTERN_STRING = "^[a-zA-Z0-9-_:\\.]*$";
public static final int MAX_SERVICE_NAME_LENGTH = 512;
public static final String SERVICE_NAME_PATTERN_STRING = "^((?!@@)[^\\u4E00-\\u9FA5])*$";
public static final String SERVICE_NAME_PATTERN_STRING = "^(?!@).((?!@@)[^\\u4E00-\\u9FA5])*$";
public static final int MAX_GROUP_LENGTH = 64;
public static final String GROUP_PATTERN_STRING = "^((?!@@)[^\\u4E00-\\u9FA5])*$";
public static final String GROUP_PATTERN_STRING = "^[a-zA-Z0-9-_:\\.]*$";
public static final int MAX_CLUSTER_LENGTH = 64;
public static final String CLUSTER_PATTERN_STRING = "^[^\\u4E00-\\u9FA5,]*$";
public static final String CLUSTER_PATTERN_STRING = "^[0-9a-zA-Z-_]+$";
public static final int MAX_IP_LENGTH = 128;

61
common/src/main/java/com/alibaba/nacos/common/paramcheck/ParamCheckerManager.java Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.paramcheck;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.common.utils.StringUtils;
import java.util.Collection;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* The type Param checker manager.
*
* @author zhuoguang
*/
public class ParamCheckerManager {
private static final ParamCheckerManager INSTANCE = new ParamCheckerManager();
private static final AbstractParamChecker DEFAULT_PARAM_CHECKER = new DefaultParamChecker();
private final Map<String, AbstractParamChecker> paramCheckerMap = new ConcurrentHashMap<>();
private ParamCheckerManager() {
Collection<AbstractParamChecker> paramCheckers = NacosServiceLoader.load(AbstractParamChecker.class);
for (AbstractParamChecker paramChecker : paramCheckers) {
String checkerType = paramChecker.getCheckerType();
paramCheckerMap.put(checkerType, paramChecker);
}
}
public static ParamCheckerManager getInstance() {
return INSTANCE;
}
public AbstractParamChecker getParamChecker(String checkerType) {
if (StringUtils.isBlank(checkerType)) {
return DEFAULT_PARAM_CHECKER;
}
AbstractParamChecker paramChecker = paramCheckerMap.get(checkerType);
if (paramChecker == null) {
paramChecker = DEFAULT_PARAM_CHECKER;
}
return paramChecker;
}
}

10
common/src/main/java/com/alibaba/nacos/common/paramcheck/ParamInfo.java
View File

@ -36,6 +36,8 @@ public class ParamInfo {
private String cluster;
private String clusters;
private String ip;
private String port;
@ -90,6 +92,14 @@ public class ParamInfo {
this.cluster = cluster;
}
public String getClusters() {
return clusters;
}
public void setClusters(String clusters) {
this.clusters = clusters;
}
public String getIp() {
return ip;
}

17
common/src/main/resources/META-INF/services/com.alibaba.nacos.common.paramcheck.AbstractParamChecker Normal file
View File

@ -0,0 +1,17 @@
#
# Copyright 1999-2023 Alibaba Group Holding Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
com.alibaba.nacos.common.paramcheck.DefaultParamChecker

41
common/src/test/java/com/alibaba/nacos/common/paramcheck/DefaultParamCheckerTest.java Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.paramcheck;
import org.junit.Test;
import java.util.ArrayList;
/**
* The type Default param checker test.
*
* @author zhuoguang
*/
public class DefaultParamCheckerTest {
/**
* Check param info list.
*/
@Test
public void checkParamInfoList() {
AbstractParamChecker paramChecker = new DefaultParamChecker();
ParamInfo paramInfo = new ParamInfo();
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
paramChecker.checkParamInfoList(paramInfos);
}
}

290
common/src/test/java/com/alibaba/nacos/common/paramcheck/ParamCheckUtilsTest.java
View File

@ -1,290 +0,0 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.common.paramcheck;
import junit.framework.TestCase;
import java.util.HashMap;
import java.util.Map;
/**
* The type Param check utils test.
*/
public class ParamCheckUtilsTest extends TestCase {
/**
* Test check param info format.
*/
public void testCheckParamInfoFormat() {
ParamInfo paramInfo = new ParamInfo();
ParamCheckUtils.checkParamInfoFormat(paramInfo);
}
/**
* Test check namespace show name format.
*/
public void testCheckNamespaceShowNameFormat() {
StringBuilder builder = new StringBuilder();
ParamCheckUtils.checkNamespaceShowNameFormat(builder.toString());
for (int i = 0; i < 256; i++) {
builder.append("a");
}
ParamCheckUtils.checkNamespaceShowNameFormat(builder.toString());
builder.append("a");
try {
ParamCheckUtils.checkNamespaceShowNameFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check namespace id format.
*/
public void testCheckNamespaceIdFormat() {
StringBuilder namespaceid = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_NAMESPACE_ID_LENGTH; i++) {
namespaceid.append("@");
}
ParamCheckUtils.checkNamespaceIdFormat(namespaceid.toString());
namespaceid.append("@");
try {
ParamCheckUtils.checkNamespaceIdFormat(namespaceid.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String namespaceId = "";
try {
ParamCheckUtils.checkNamespaceIdFormat(namespaceId);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check data id format.
*/
public void testCheckDataIdFormat() {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_DATA_ID_LENGTH; i++) {
builder.append("a");
}
ParamCheckUtils.checkDataIdFormat(builder.toString());
try {
builder.append("a");
ParamCheckUtils.checkDataIdFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String dataid = "@##@";
ParamCheckUtils.checkDataIdFormat(dataid);
dataid = "你好";
try {
ParamCheckUtils.checkDataIdFormat(dataid);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
dataid = "@@aaaaa";
try {
ParamCheckUtils.checkDataIdFormat(dataid);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check service name format.
*/
public void testCheckServiceNameFormat() {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_SERVICE_NAME_LENGTH; i++) {
builder.append("a");
}
ParamCheckUtils.checkServiceNameFormat(builder.toString());
try {
builder.append("a");
ParamCheckUtils.checkServiceNameFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String servicename = "@##@";
ParamCheckUtils.checkServiceNameFormat(servicename);
servicename = "你好";
try {
ParamCheckUtils.checkServiceNameFormat(servicename);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
servicename = "@@aaaaa";
try {
ParamCheckUtils.checkServiceNameFormat(servicename);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check group format.
*/
public void testCheckGroupFormat() {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_GROUP_LENGTH; i++) {
builder.append("a");
}
ParamCheckUtils.checkGroupFormat(builder.toString());
builder.append("a");
try {
ParamCheckUtils.checkGroupFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String group = "@@aa";
try {
ParamCheckUtils.checkGroupFormat(group);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
group = "你好";
try {
ParamCheckUtils.checkGroupFormat(group);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check cluster format.
*/
public void testCheckClusterFormat() {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_CLUSTER_LENGTH; i++) {
builder.append("@");
}
ParamCheckUtils.checkClusterFormat(builder.toString());
builder.append("@");
try {
ParamCheckUtils.checkClusterFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String cluster = "你好a";
try {
ParamCheckUtils.checkClusterFormat(cluster);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
cluster = ",a";
try {
ParamCheckUtils.checkClusterFormat(cluster);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check ip format.
*/
public void testCheckIpFormat() {
StringBuilder builder = new StringBuilder();
for (int i = 0; i < ParamCheckRules.MAX_IP_LENGTH; i++) {
builder.append("0");
}
ParamCheckUtils.checkIpFormat(builder.toString());
builder.append("1");
try {
ParamCheckUtils.checkIpFormat(builder.toString());
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
String ip = "你好";
try {
ParamCheckUtils.checkIpFormat(ip);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
System.out.println(e.getMessage());
assertTrue(e instanceof IllegalArgumentException);
}
}
/**
* Test check port format.
*/
public void testCheckPortFormat() {
String port = "-10";
try {
ParamCheckUtils.checkPortFormat(port);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
port = "65536";
try {
ParamCheckUtils.checkPortFormat(port);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
port = "aaa";
try {
ParamCheckUtils.checkPortFormat(port);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
port = "0";
ParamCheckUtils.checkPortFormat(port);
port = "65535";
ParamCheckUtils.checkPortFormat(port);
}
/**
* Test check metadata format.
*/
public void testCheckMetadataFormat() {
Map<String, String> metadata = new HashMap<>();
StringBuilder builder = new StringBuilder();
for (int i = 0; i < 511; i++) {
builder.append("a");
}
metadata.put("a", builder.toString());
metadata.put("b", builder.toString());
ParamCheckUtils.checkMetadataFormat(metadata);
metadata.put("c", "");
try {
ParamCheckUtils.checkMetadataFormat(metadata);
fail("expected a illegalArgumentException to be thrown");
} catch (Exception e) {
assertTrue(e instanceof IllegalArgumentException);
}
}
}

15
config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java
View File

@ -16,9 +16,12 @@
package com.alibaba.nacos.config.server.filter;
import com.alibaba.nacos.common.paramcheck.AbstractParamChecker;
import com.alibaba.nacos.common.paramcheck.ParamCheckerManager;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.core.paramcheck.ServerParamCheckConfig;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@ -29,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
/**
* Config param check filter.
@ -42,8 +46,8 @@ public class ConfigParamCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
if (!ifParamCheck) {
boolean paramCheckEnabled = ServerParamCheckConfig.getInstance().isParamCheckEnabled();
if (!paramCheckEnabled) {
chain.doFilter(request, response);
return;
}
@ -54,7 +58,10 @@ public class ConfigParamCheckFilter implements Filter {
String method = req.getMethod();
HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
paramExtractor.extractParamAndCheck(req);
List<ParamInfo> paramInfoList = paramExtractor.extractParam(req);
ParamCheckerManager paramCheckerManager = ParamCheckerManager.getInstance();
AbstractParamChecker paramChecker = paramCheckerManager.getParamChecker(ServerParamCheckConfig.getInstance().getActiveParamChecker());
paramChecker.checkParamInfoList(paramInfoList);
chain.doFilter(req, resp);
} catch (Exception e) {
resp.setStatus(400);

58
config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigBlurSearchHttpParamExtractor.java Normal file
View File

@ -0,0 +1,58 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.config.server.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.HttpMethod;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.config.server.constant.Constants;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* The type Config blur search http param extractor.
*
* @author zhuoguang
*/
public class ConfigBlurSearchHttpParamExtractor extends AbstractHttpParamExtractor {
private static final String BLUR_SEARCH_MODE = "blur";
@Override
public void init() {
addTargetRequest(Constants.CONFIG_CONTROLLER_PATH, HttpMethod.GET);
addTargetRequest(Constants.CONFIG_CONTROLLER_PATH + "/", HttpMethod.GET);
}
@Override
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
String searchMode = request.getParameter("search");
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
if (StringUtils.equals(searchMode, BLUR_SEARCH_MODE)) {
return paramInfos;
}
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(request.getParameter("tenant"));
paramInfo.setDataId(request.getParameter("dataId"));
paramInfo.setGroup(request.getParameter("group"));
paramInfos.add(paramInfo);
return paramInfos;
}
}

9
config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java
View File

@ -16,12 +16,13 @@
package com.alibaba.nacos.config.server.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* Config default http param extractor.
@ -36,13 +37,15 @@ public class ConfigDefaultHttpParamExtractor extends AbstractHttpParamExtractor
}
@Override
public void extractParamAndCheck(HttpServletRequest request) {
public List<ParamInfo> extractParam(HttpServletRequest request) {
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(getAliasNamespaceId(request));
paramInfo.setDataId(getAliasDataId(request));
paramInfo.setGroup(getAliasGroup(request));
paramInfo.setIp(getAliasIp(request));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
private String getAliasNamespaceId(HttpServletRequest request) {

13
config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java
View File

@ -16,7 +16,6 @@
package com.alibaba.nacos.config.server.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.HttpMethod;
import com.alibaba.nacos.common.utils.StringUtils;
@ -25,6 +24,8 @@ import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import javax.servlet.http.HttpServletRequest;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;
/**
* ConfigListener http param extractor.
@ -43,14 +44,15 @@ public class ConfigListenerHttpParamExtractor extends AbstractHttpParamExtractor
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
String listenConfigs = request.getParameter("Listening-Configs");
if (StringUtils.isBlank(listenConfigs)) {
return;
return paramInfos;
}
listenConfigs = URLDecoder.decode(listenConfigs, Constants.ENCODE);
if (StringUtils.isBlank(listenConfigs)) {
return;
return paramInfos;
}
String[] lines = listenConfigs.split(Character.toString(LINE_SEPARATOR_CHAR));
for (String line : lines) {
@ -64,7 +66,8 @@ public class ConfigListenerHttpParamExtractor extends AbstractHttpParamExtractor
if (words.length == 4) {
paramInfo.setNamespaceId(words[3]);
}
ParamCheckUtils.checkParamInfoFormat(paramInfo);
paramInfos.add(paramInfo);
}
return paramInfos;
}
}

1
config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
View File

@ -15,4 +15,5 @@
#
com.alibaba.nacos.config.server.paramcheck.ConfigDefaultHttpParamExtractor
com.alibaba.nacos.config.server.paramcheck.ConfigBlurSearchHttpParamExtractor
com.alibaba.nacos.config.server.paramcheck.ConfigListenerHttpParamExtractor

15
console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java
View File

@ -16,9 +16,12 @@
package com.alibaba.nacos.console.filter;
import com.alibaba.nacos.common.paramcheck.AbstractParamChecker;
import com.alibaba.nacos.common.paramcheck.ParamCheckerManager;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.core.paramcheck.ServerParamCheckConfig;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@ -29,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
/**
* console param check filter.
@ -42,8 +46,8 @@ public class ConsoleParamCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
if (!ifParamCheck) {
boolean paramCheckEnabled = ServerParamCheckConfig.getInstance().isParamCheckEnabled();
if (!paramCheckEnabled) {
chain.doFilter(request, response);
return;
}
@ -54,7 +58,10 @@ public class ConsoleParamCheckFilter implements Filter {
String method = req.getMethod();
HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
paramExtractor.extractParamAndCheck(req);
List<ParamInfo> paramInfoList = paramExtractor.extractParam(req);
ParamCheckerManager paramCheckerManager = ParamCheckerManager.getInstance();
AbstractParamChecker paramChecker = paramCheckerManager.getParamChecker(ServerParamCheckConfig.getInstance().getActiveParamChecker());
paramChecker.checkParamInfoList(paramInfoList);
chain.doFilter(request, resp);
} catch (Exception e) {
resp.setStatus(400);

9
console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java
View File

@ -16,12 +16,13 @@
package com.alibaba.nacos.console.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* Console default http param extractor.
@ -36,11 +37,13 @@ public class ConsoleDefaultHttpParamExtractor extends AbstractHttpParamExtractor
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(getAliasNamespaceId(request));
paramInfo.setNamespaceShowName(getAliasNamespaceShowName(request));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
private String getAliasNamespaceId(HttpServletRequest request) {

10
core/src/main/java/com/alibaba/nacos/core/paramcheck/AbstractHttpParamExtractor.java
View File

@ -16,6 +16,8 @@
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
@ -52,13 +54,14 @@ public abstract class AbstractHttpParamExtractor implements ParamExtractor<HttpS
}
/**
* extract param and check.
* Extract param.
*
* @param request the request
* @throws Exception exception
* @return the list
* @throws Exception the exception
*/
@Override
public abstract void extractParamAndCheck(HttpServletRequest request) throws Exception;
public abstract List<ParamInfo> extractParam(HttpServletRequest request) throws Exception;
/**
* Add target request.
@ -68,6 +71,7 @@ public abstract class AbstractHttpParamExtractor implements ParamExtractor<HttpS
*/
public void addTargetRequest(String uri, String method) {
targetRequestList.add(NACOS_SERVER_CONTEXT + uri + SPLITTER + method);
targetRequestList.add(uri + SPLITTER + method);
}
/**

8
core/src/main/java/com/alibaba/nacos/core/paramcheck/AbstractRpcParamExtractor.java
View File

@ -17,6 +17,7 @@
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import java.util.ArrayList;
import java.util.List;
@ -46,13 +47,14 @@ public abstract class AbstractRpcParamExtractor implements ParamExtractor<Reques
}
/**
* extract param and check.
* Extract param.
*
* @param request the request
* @throws Exception exception
* @return the list
* @throws Exception the exception
*/
@Override
public abstract void extractParamAndCheck(Request request) throws Exception;
public abstract List<ParamInfo> extractParam(Request request) throws Exception;
public void addTargetRequest(String type) {
targetrequestlist.add(type);

5
core/src/main/java/com/alibaba/nacos/core/paramcheck/HttpParamExtractorManager.java
View File

@ -16,10 +16,12 @@
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import javax.servlet.http.HttpServletRequest;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@ -41,7 +43,8 @@ public class HttpParamExtractorManager {
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest params) throws Exception {
return Collections.emptyList();
}
};

7
core/src/main/java/com/alibaba/nacos/core/paramcheck/ParamExtractor.java
View File

@ -16,6 +16,8 @@
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import java.util.List;
/**
@ -34,10 +36,11 @@ public interface ParamExtractor<T> {
List<String> getTargetRequestList();
/**
* Extract param and check.
* Extract param.
*
* @param params the params
* @return the list
* @throws Exception the exception
*/
void extractParamAndCheck(T params) throws Exception;
List<ParamInfo> extractParam(T params) throws Exception;
}

5
core/src/main/java/com/alibaba/nacos/core/paramcheck/RpcParamExtractorManager.java
View File

@ -17,10 +17,12 @@
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.spi.NacosServiceLoader;
import com.alibaba.nacos.common.utils.StringUtils;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@ -40,7 +42,8 @@ public class RpcParamExtractorManager {
}
@Override
public void extractParamAndCheck(Request params) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
return Collections.emptyList();
}
};

74
core/src/main/java/com/alibaba/nacos/core/paramcheck/ServerParamCheckConfig.java Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.core.config.AbstractDynamicConfig;
import com.alibaba.nacos.sys.env.EnvUtil;
/**
* The type Server param check config.
*
* @author zhuoguang
*/
public class ServerParamCheckConfig extends AbstractDynamicConfig {
private static final String PARAM_CHECK = "ParamCheck";
private static final ServerParamCheckConfig INSTANCE = new ServerParamCheckConfig();
private boolean paramCheckEnabled = true;
private String activeParamChecker = "default";
protected ServerParamCheckConfig() {
super(PARAM_CHECK);
resetConfig();
}
public static ServerParamCheckConfig getInstance() {
return INSTANCE;
}
@Override
protected void getConfigFromEnv() {
paramCheckEnabled = EnvUtil.getProperty("nacos.core.param.check.enabled", Boolean.class, true);
activeParamChecker = EnvUtil.getProperty("nacos.core.param.check.checker", String.class, "default");
}
public boolean isParamCheckEnabled() {
return paramCheckEnabled;
}
public void setParamCheckEnabled(boolean paramCheckEnabled) {
this.paramCheckEnabled = paramCheckEnabled;
}
public String getActiveParamChecker() {
return activeParamChecker;
}
public void setActiveParamChecker(String activeParamChecker) {
this.activeParamChecker = activeParamChecker;
}
@Override
protected String printConfig() {
return "ParamCheckConfig{" + "paramCheckEnabled=" + paramCheckEnabled
+ "activeParamChecker=" + activeParamChecker + "}";
}
}

16
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/BatchInstanceRequestParamExtractor.java
View File

@ -19,10 +19,10 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.api.naming.remote.request.BatchInstanceRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
@ -31,23 +31,24 @@ import java.util.List;
* @author zhuoguang
*/
public class BatchInstanceRequestParamExtractor extends AbstractRpcParamExtractor {
@Override
public void init() {
addTargetRequest(BatchInstanceRequest.class.getSimpleName());
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
BatchInstanceRequest req = (BatchInstanceRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(req.getNamespace());
paramInfo.setServiceName(req.getServiceName());
paramInfo.setGroup(req.getGroupName());
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
List<Instance> instanceList = req.getInstances();
if (instanceList == null) {
return;
return paramInfos;
}
for (Instance instance : instanceList) {
ParamInfo instanceParamInfo = new ParamInfo();
@ -56,7 +57,8 @@ public class BatchInstanceRequestParamExtractor extends AbstractRpcParamExtracto
instanceParamInfo.setServiceName(instance.getServiceName());
instanceParamInfo.setCluster(instance.getClusterName());
instanceParamInfo.setMetadata(instance.getMetadata());
ParamCheckUtils.checkParamInfoFormat(instanceParamInfo);
paramInfos.add(instanceParamInfo);
}
return paramInfos;
}
}

14
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/ConfigBatchListenRequestParamExtractor.java
View File

@ -18,10 +18,10 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.config.remote.request.ConfigBatchListenRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
@ -30,25 +30,27 @@ import java.util.List;
* @author zhuoguang
*/
public class ConfigBatchListenRequestParamExtractor extends AbstractRpcParamExtractor {
@Override
public void init() {
addTargetRequest(ConfigBatchListenRequest.class.getSimpleName());
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
ConfigBatchListenRequest req = (ConfigBatchListenRequest) request;
List<ConfigBatchListenRequest.ConfigListenContext> configListenContextList = req.getConfigListenContexts();
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
if (configListenContextList == null) {
return;
return paramInfos;
}
for (ConfigBatchListenRequest.ConfigListenContext configListenContext : configListenContextList) {
ParamInfo configListContextParamInfo = new ParamInfo();
configListContextParamInfo.setNamespaceId(configListenContext.getTenant());
configListContextParamInfo.setGroup(configListenContext.getGroup());
configListContextParamInfo.setDataId(configListenContext.getDataId());
ParamCheckUtils.checkParamInfoFormat(configListContextParamInfo);
paramInfos.add(configListContextParamInfo);
}
return paramInfos;
}
}

10
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/ConfigRequestParamExtractor.java
View File

@ -22,10 +22,12 @@ import com.alibaba.nacos.api.config.remote.request.ConfigQueryRequest;
import com.alibaba.nacos.api.config.remote.request.ConfigRemoveRequest;
import com.alibaba.nacos.api.config.remote.request.cluster.ConfigChangeClusterSyncRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
* The type Config request param extractor {@link AbstractConfigRequest}.
*
@ -42,12 +44,14 @@ public class ConfigRequestParamExtractor extends AbstractRpcParamExtractor {
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
AbstractConfigRequest req = (AbstractConfigRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setDataId(req.getDataId());
paramInfo.setGroup(req.getGroup());
paramInfo.setNamespaceId(req.getTenant());
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
}

17
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/InstanceRequestParamExtractor.java
View File

@ -19,37 +19,42 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.api.naming.remote.request.InstanceRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
* Param extractor for {@link InstanceRequest}.
*
* @author zhuoguang
*/
public class InstanceRequestParamExtractor extends AbstractRpcParamExtractor {
@Override
public void init() {
addTargetRequest(InstanceRequest.class.getSimpleName());
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
InstanceRequest req = (InstanceRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(req.getNamespace());
paramInfo.setServiceName(req.getServiceName());
paramInfo.setGroup(req.getGroupName());
Instance instance = req.getInstance();
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
if (instance == null) {
return;
paramInfos.add(paramInfo);
return paramInfos;
}
paramInfo.setIp(instance.getIp());
paramInfo.setPort(String.valueOf(instance.getPort()));
paramInfo.setCluster(instance.getClusterName());
paramInfo.setMetadata(instance.getMetadata());
ParamCheckUtils.checkParamInfoFormat(paramInfo);
paramInfos.add(paramInfo);
return paramInfos;
}
}

10
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/ServiceListRequestParamExtractor.java
View File

@ -18,10 +18,12 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.naming.remote.request.ServiceListRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
* Param extractor for {@link ServiceListRequest}.
*
@ -35,12 +37,14 @@ public class ServiceListRequestParamExtractor extends AbstractRpcParamExtractor
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
ServiceListRequest req = (ServiceListRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(req.getNamespace());
paramInfo.setServiceName(req.getServiceName());
paramInfo.setGroup(req.getGroupName());
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
}

23
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/ServiceQueryRequestParamExtractor.java
View File

@ -18,38 +18,35 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.naming.remote.request.ServiceQueryRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
* Param extractor for {@link ServiceQueryRequest}.
*
* @author zhuoguang
*/
public class ServiceQueryRequestParamExtractor extends AbstractRpcParamExtractor {
@Override
public void init() {
addTargetRequest(ServiceQueryRequest.class.getSimpleName());
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
ServiceQueryRequest req = (ServiceQueryRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(req.getNamespace());
paramInfo.setServiceName(req.getServiceName());
paramInfo.setGroup(req.getGroupName());
paramInfo.setPort(String.valueOf(req.getUdpPort()));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
String clusterString = req.getCluster();
if (StringUtils.isNotBlank(clusterString)) {
String[] clusters = clusterString.split(",");
for (String cluster : clusters) {
ParamCheckUtils.checkClusterFormat(cluster);
}
}
paramInfo.setClusters(req.getCluster());
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
}

19
core/src/main/java/com/alibaba/nacos/core/paramcheck/impl/SubscribeServiceRequestParamExtractor.java
View File

@ -18,11 +18,12 @@ package com.alibaba.nacos.core.paramcheck.impl;
import com.alibaba.nacos.api.naming.remote.request.SubscribeServiceRequest;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import java.util.ArrayList;
import java.util.List;
/**
* Param extractor for {@link SubscribeServiceRequest}.
*
@ -36,19 +37,15 @@ public class SubscribeServiceRequestParamExtractor extends AbstractRpcParamExtra
}
@Override
public void extractParamAndCheck(Request request) throws Exception {
public List<ParamInfo> extractParam(Request request) throws Exception {
SubscribeServiceRequest req = (SubscribeServiceRequest) request;
ParamInfo paramInfo = new ParamInfo();
paramInfo.setNamespaceId(req.getNamespace());
paramInfo.setServiceName(req.getServiceName());
paramInfo.setGroup(req.getGroupName());
ParamCheckUtils.checkParamInfoFormat(paramInfo);
String clusterString = req.getClusters();
if (StringUtils.isNotBlank(clusterString)) {
String[] clusters = clusterString.split(",");
for (String cluster : clusters) {
ParamCheckUtils.checkClusterFormat(cluster);
}
}
paramInfo.setClusters(req.getClusters());
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
}

17
core/src/main/java/com/alibaba/nacos/core/remote/grpc/GrpcServerParamCheckInterceptor.java
View File

@ -18,10 +18,13 @@ package com.alibaba.nacos.core.remote.grpc;
import com.alibaba.nacos.api.grpc.auto.Payload;
import com.alibaba.nacos.api.remote.request.Request;
import com.alibaba.nacos.common.paramcheck.AbstractParamChecker;
import com.alibaba.nacos.common.paramcheck.ParamCheckerManager;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.remote.client.grpc.GrpcUtils;
import com.alibaba.nacos.core.paramcheck.AbstractRpcParamExtractor;
import com.alibaba.nacos.core.paramcheck.RpcParamExtractorManager;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.core.paramcheck.ServerParamCheckConfig;
import io.grpc.ForwardingServerCallListener;
import io.grpc.Metadata;
import io.grpc.ServerCall;
@ -29,6 +32,8 @@ import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import java.util.List;
/**
* Grpc server interceptor for param check.
*
@ -42,8 +47,8 @@ public class GrpcServerParamCheckInterceptor implements ServerInterceptor {
return new ForwardingServerCallListener.SimpleForwardingServerCallListener<T>(next.startCall(call, headers)) {
@Override
public void onMessage(T message) {
boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
if (!ifParamCheck) {
boolean paramCheckEnabled = ServerParamCheckConfig.getInstance().isParamCheckEnabled();
if (!paramCheckEnabled) {
super.onMessage(message);
return;
}
@ -56,7 +61,11 @@ public class GrpcServerParamCheckInterceptor implements ServerInterceptor {
Request request = (Request) parseObj;
RpcParamExtractorManager extractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = extractorManager.getExtractor(type);
extractor.extractParamAndCheck(request);
List<ParamInfo> paramInfoList = extractor.extractParam(request);
ParamCheckerManager paramCheckerManager = ParamCheckerManager.getInstance();
AbstractParamChecker paramChecker = paramCheckerManager.getParamChecker(
ServerParamCheckConfig.getInstance().getActiveParamChecker());
paramChecker.checkParamInfoList(paramInfoList);
}
super.onMessage(message);
} catch (Exception e) {

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/HttpParamExtractorManagerTest.java
View File

@ -43,6 +43,6 @@ public class HttpParamExtractorManagerTest extends TestCase {
request.setRequestURI("/nacos/v1/ns/instance");
request.setMethod(HttpMethod.POST);
AbstractHttpParamExtractor extractor = paramExtractorManager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
extractor.extractParamAndCheck(request);
extractor.extractParam(request);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/RpcParamExtractorManagerTest.java
View File

@ -40,6 +40,6 @@ public class RpcParamExtractorManagerTest extends TestCase {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
ConfigQueryRequest request = new ConfigQueryRequest();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(request.getClass().getSimpleName());
extractor.extractParamAndCheck(request);
extractor.extractParam(request);
}
}

58
core/src/test/java/com/alibaba/nacos/core/paramcheck/ServerParamCheckConfigTest.java Normal file
View File

@ -0,0 +1,58 @@
/*
* Copyright 1999-2023 Alibaba Group Holding Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.alibaba.nacos.core.paramcheck;
import com.alibaba.nacos.sys.env.EnvUtil;
import org.junit.Test;
import org.springframework.mock.env.MockEnvironment;
import java.lang.reflect.Constructor;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
public class ServerParamCheckConfigTest {
@Test
public void getConfigFromEnv() throws ReflectiveOperationException {
MockEnvironment environment = new MockEnvironment();
EnvUtil.setEnvironment(environment);
environment.setProperty("nacos.core.param.check.enabled", String.valueOf(false));
environment.setProperty("nacos.core.param.check.checker", "default");
Constructor<ServerParamCheckConfig> declaredConstructor = ServerParamCheckConfig.class.getDeclaredConstructor();
declaredConstructor.setAccessible(true);
ServerParamCheckConfig paramCheckConfig = declaredConstructor.newInstance();
assertFalse(paramCheckConfig.isParamCheckEnabled());
assertEquals(paramCheckConfig.getActiveParamChecker(), "default");
}
@Test
public void setParamCheckEnabled() {
ServerParamCheckConfig paramCheckConfig = ServerParamCheckConfig.getInstance();
paramCheckConfig.setParamCheckEnabled(false);
assertFalse(paramCheckConfig.isParamCheckEnabled());
}
@Test
public void setActiveParamChecker() {
ServerParamCheckConfig paramCheckConfig = ServerParamCheckConfig.getInstance();
paramCheckConfig.setActiveParamChecker("test");
assertEquals(paramCheckConfig.getActiveParamChecker(), "test");
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/BatchInstanceRequestParamExtractorTest.java
View File

@ -41,6 +41,6 @@ public class BatchInstanceRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), BatchInstanceRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/ConfigBatchListenRequestParamExtractorTest.java
View File

@ -41,6 +41,6 @@ public class ConfigBatchListenRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), ConfigBatchListenRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

8
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/ConfigRequestParamExtractorTest.java
View File

@ -54,18 +54,18 @@ public class ConfigRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor1 = paramExtractorManager.getExtractor(req1.getClass().getSimpleName());
assertEquals(extractor1.getClass().getSimpleName(), ConfigRequestParamExtractor.class.getSimpleName());
extractor1.extractParamAndCheck(req1);
extractor1.extractParam(req1);
AbstractRpcParamExtractor extractor2 = paramExtractorManager.getExtractor(req2.getClass().getSimpleName());
assertEquals(extractor2.getClass().getSimpleName(), ConfigRequestParamExtractor.class.getSimpleName());
extractor2.extractParamAndCheck(req2);
extractor2.extractParam(req2);
AbstractRpcParamExtractor extractor3 = paramExtractorManager.getExtractor(req3.getClass().getSimpleName());
assertEquals(extractor3.getClass().getSimpleName(), ConfigRequestParamExtractor.class.getSimpleName());
extractor3.extractParamAndCheck(req3);
extractor3.extractParam(req3);
AbstractRpcParamExtractor extractor4 = paramExtractorManager.getExtractor(req4.getClass().getSimpleName());
assertEquals(extractor4.getClass().getSimpleName(), ConfigRequestParamExtractor.class.getSimpleName());
extractor4.extractParamAndCheck(req4);
extractor4.extractParam(req4);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/InstanceRequestParamExtractorTest.java
View File

@ -41,6 +41,6 @@ public class InstanceRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), InstanceRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/ServiceListRequestParamExtractorTest.java
View File

@ -41,6 +41,6 @@ public class ServiceListRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), ServiceListRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/ServiceQueryRequestParamExtractorTest.java
View File

@ -41,6 +41,6 @@ public class ServiceQueryRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), ServiceQueryRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

2
core/src/test/java/com/alibaba/nacos/core/paramcheck/impl/SubscribeServiceRequestParamExtractorTest.java
View File

@ -41,7 +41,7 @@ public class SubscribeServiceRequestParamExtractorTest {
RpcParamExtractorManager paramExtractorManager = RpcParamExtractorManager.getInstance();
AbstractRpcParamExtractor extractor = paramExtractorManager.getExtractor(req.getClass().getSimpleName());
assertEquals(extractor.getClass().getSimpleName(), SubscribeServiceRequestParamExtractor.class.getSimpleName());
extractor.extractParamAndCheck(req);
extractor.extractParam(req);
}
}

11
naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java
View File

@ -18,13 +18,14 @@ package com.alibaba.nacos.naming.paramcheck;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.naming.misc.UtilsAndCommons;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* Naming default http param extractor.
@ -39,7 +40,7 @@ public class NamingDefaultHttpParamExtractor extends AbstractHttpParamExtractor
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws NacosException {
public List<ParamInfo> extractParam(HttpServletRequest request) throws NacosException {
ParamInfo paramInfo = new ParamInfo();
paramInfo.setIp(getAliasIp(request));
paramInfo.setPort(getAliasPort(request));
@ -56,7 +57,9 @@ public class NamingDefaultHttpParamExtractor extends AbstractHttpParamExtractor
paramInfo.setServiceName(serviceName);
paramInfo.setGroup(groupName);
paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
private String getAliasNamespaceId(HttpServletRequest request) {
@ -97,6 +100,8 @@ public class NamingDefaultHttpParamExtractor extends AbstractHttpParamExtractor
String clusterName = request.getParameter("clusterName");
if (StringUtils.isBlank(clusterName)) {
clusterName = request.getParameter("cluster");
} else if (StringUtils.isBlank(clusterName)) {
clusterName = request.getParameter("clusters");
}
return clusterName;
}

11
naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java
View File

@ -17,7 +17,6 @@
package com.alibaba.nacos.naming.paramcheck;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.HttpMethod;
import com.alibaba.nacos.common.utils.JacksonUtils;
@ -27,6 +26,8 @@ import com.alibaba.nacos.naming.healthcheck.RsInfo;
import com.alibaba.nacos.naming.misc.UtilsAndCommons;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* Naming instance beat http param extractor.
@ -44,7 +45,7 @@ public class NamingInstanceBeatHttpParamExtractor extends AbstractHttpParamExtra
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
ParamInfo paramInfo = new ParamInfo();
String serviceName = request.getParameter("serviceName");
String groupName = request.getParameter("groupName");
@ -59,7 +60,8 @@ public class NamingInstanceBeatHttpParamExtractor extends AbstractHttpParamExtra
paramInfo.setIp(request.getParameter("ip"));
paramInfo.setPort(request.getParameter("port"));
paramInfo.setNamespaceId(request.getParameter("namespaceId"));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
String beatString = request.getParameter("beat");
if (StringUtils.isNotBlank(beatString)) {
RsInfo clientBeat = JacksonUtils.toObj(beatString, RsInfo.class);
@ -67,7 +69,8 @@ public class NamingInstanceBeatHttpParamExtractor extends AbstractHttpParamExtra
beatParamInfo.setIp(clientBeat.getIp());
beatParamInfo.setPort(String.valueOf(clientBeat.getPort()));
beatParamInfo.setCluster(clientBeat.getCluster());
ParamCheckUtils.checkParamInfoFormat(beatParamInfo);
paramInfos.add(beatParamInfo);
}
return paramInfos;
}
}

23
naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java
View File

@ -17,14 +17,15 @@
package com.alibaba.nacos.naming.paramcheck;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.HttpMethod;
import com.alibaba.nacos.common.utils.StringUtils;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.naming.misc.UtilsAndCommons;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
* Naming instance list http param extractor.
@ -32,15 +33,15 @@ import javax.servlet.http.HttpServletRequest;
* @author zhuoguang
*/
public class NamingInstanceListHttpParamExtractor extends AbstractHttpParamExtractor {
@Override
public void init() {
addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/list",
HttpMethod.GET);
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
ParamInfo paramInfo = new ParamInfo();
String serviceName = request.getParameter("serviceName");
String groupName = request.getParameter("groupName");
@ -53,13 +54,9 @@ public class NamingInstanceListHttpParamExtractor extends AbstractHttpParamExtra
paramInfo.setServiceName(serviceName);
paramInfo.setGroup(groupName);
paramInfo.setNamespaceId(request.getParameter("namespaceId"));
String clusters = request.getParameter(request.getParameter("clusters"));
if (StringUtils.isNotBlank(clusters)) {
String[] cluster = clusters.split(",");
for (String clusterName : cluster) {
ParamCheckUtils.checkClusterFormat(clusterName);
}
}
ParamCheckUtils.checkParamInfoFormat(paramInfo);
paramInfo.setClusters(request.getParameter("clusters"));
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
return paramInfos;
}
}

10
naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java
View File

@ -18,7 +18,6 @@ package com.alibaba.nacos.naming.paramcheck;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.api.naming.pojo.Instance;
import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.common.utils.HttpMethod;
import com.alibaba.nacos.common.utils.JacksonUtils;
@ -28,6 +27,7 @@ import com.alibaba.nacos.naming.misc.UtilsAndCommons;
import com.fasterxml.jackson.core.type.TypeReference;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
/**
@ -50,7 +50,7 @@ public class NamingInstanceMetadataBatchHttpParamExtractor extends AbstractHttpP
}
@Override
public void extractParamAndCheck(HttpServletRequest request) throws Exception {
public List<ParamInfo> extractParam(HttpServletRequest request) throws Exception {
ParamInfo paramInfo = new ParamInfo();
String serviceName = request.getParameter("serviceName");
String groupName = request.getParameter("groupName");
@ -64,7 +64,8 @@ public class NamingInstanceMetadataBatchHttpParamExtractor extends AbstractHttpP
paramInfo.setGroup(groupName);
paramInfo.setNamespaceId(request.getParameter("namespaceId"));
paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
ParamCheckUtils.checkParamInfoFormat(paramInfo);
ArrayList<ParamInfo> paramInfos = new ArrayList<>();
paramInfos.add(paramInfo);
String instances = request.getParameter("instances");
if (StringUtils.isNotBlank(instances)) {
@ -75,8 +76,9 @@ public class NamingInstanceMetadataBatchHttpParamExtractor extends AbstractHttpP
instanceParamInfo.setIp(instance.getIp());
instanceParamInfo.setPort(String.valueOf(instance.getPort()));
instanceParamInfo.setCluster(instance.getClusterName());
ParamCheckUtils.checkParamInfoFormat(instanceParamInfo);
paramInfos.add(instanceParamInfo);
}
}
return paramInfos;
}
}

15
naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java
View File

@ -16,9 +16,12 @@
package com.alibaba.nacos.naming.web;
import com.alibaba.nacos.common.paramcheck.AbstractParamChecker;
import com.alibaba.nacos.common.paramcheck.ParamCheckerManager;
import com.alibaba.nacos.common.paramcheck.ParamInfo;
import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
import com.alibaba.nacos.sys.env.EnvUtil;
import com.alibaba.nacos.core.paramcheck.ServerParamCheckConfig;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@ -29,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
/**
* Naming param check filter.
@ -42,8 +46,8 @@ public class NamingParamCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
if (!ifParamCheck) {
boolean paramCheckEnabled = ServerParamCheckConfig.getInstance().isParamCheckEnabled();
if (!paramCheckEnabled) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
@ -54,7 +58,10 @@ public class NamingParamCheckFilter implements Filter {
String method = request.getMethod();
HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
paramExtractor.extractParamAndCheck(request);
List<ParamInfo> paramInfoList = paramExtractor.extractParam(request);
ParamCheckerManager paramCheckerManager = ParamCheckerManager.getInstance();
AbstractParamChecker paramChecker = paramCheckerManager.getParamChecker(ServerParamCheckConfig.getInstance().getActiveParamChecker());
paramChecker.checkParamInfoList(paramInfoList);
filterChain.doFilter(request, resp);
} catch (Exception e) {
resp.setStatus(400);

2
naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor
View File

@ -15,6 +15,6 @@
#
com.alibaba.nacos.naming.paramcheck.NamingDefaultHttpParamExtractor
com.alibaba.nacos.naming.paramcheck.NamingInstanceBeatHttpParamExtractor
com.alibaba.nacos.naming.paramcheck.NamingInstanceListHttpParamExtractor
com.alibaba.nacos.naming.paramcheck.NamingInstanceBeatHttpParamExtractor
com.alibaba.nacos.naming.paramcheck.NamingInstanceMetadataBatchHttpParamExtractor

4
test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java
View File

@ -351,7 +351,7 @@ public abstract class AbstractInstanceOperate_ITCase {
public void registerEphemeralInstanceWithInvalidClusterName() throws Exception {
expectedException.expect(Exception.class);
expectedException.expectMessage(
"Param 'cluster' is illegal, Chinese characters and ',' should not appear in the param");
"Param 'cluster' is illegal, illegal characters should not appear in the param.");
String serviceName = NamingBase.randomDomainName();
Instance instance = new Instance();
@ -376,7 +376,7 @@ public abstract class AbstractInstanceOperate_ITCase {
public void registerPersistentInstanceWithInvalidClusterName() throws Exception {
expectedException.expect(NacosException.class);
expectedException.expectMessage(
"Param 'cluster' is illegal, Chinese characters and ',' should not appear in the param");
"Param 'cluster' is illegal, illegal characters should not appear in the param.");
String serviceName = NamingBase.randomDomainName();
Instance instance = new Instance();