[ISSUE #10734] Implement http request param check filter and http param extractors (#10758)

* For #10734,Implement grpc server interceptor and grpc param extractors

* For #10734,add unit test for grpc server interceptor and grpc param extractors

* For #10734,alter the test case

* For #10734,delete the ConnectionSetupRequestParamExtractor

* For #10734,add the naming http request param check filter and implement the naming http request param extractors

* For #10734,add unit test for naming http request param extractors

* For #10734,Implement grpc server interceptor and grpc param extractors

* For #10734,add unit test for grpc server interceptor and grpc param extractors

* For #10734,delete the ConnectionSetupRequestParamExtractor

* For #10734,add the naming http request param check filter and implement the naming http request param extractors

* For #10734,add unit test for naming http request param extractors

* For #10734,add the config http request param check filter and implement the config http request param extractors and unit test

* For #10734,add the console http request param check filter and implement the console http request param extractors and unit test

* For #10734,fix code style

* For #10734,alter the logic of exception handle in filter

* For #10734,fix code style

config/src/main/java/com/alibaba/nacos/config/server/configuration/NacosConfigConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,8 +16,9 @@
 
 package com.alibaba.nacos.config.server.configuration;
 
-import com.alibaba.nacos.config.server.filter.NacosWebFilter;
 import com.alibaba.nacos.config.server.filter.CircuitFilter;
+import com.alibaba.nacos.config.server.filter.ConfigParamCheckFilter;
+import com.alibaba.nacos.config.server.filter.NacosWebFilter;
 import com.alibaba.nacos.persistence.configuration.condition.ConditionDistributedEmbedStorage;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -65,4 +66,19 @@ public class NacosConfigConfiguration {
         return new CircuitFilter();
     }
     
+    @Bean
+    public FilterRegistrationBean<ConfigParamCheckFilter> configParamCheckFilterRegistration() {
+        FilterRegistrationBean<ConfigParamCheckFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(configParamCheckFilter());
+        registration.addUrlPatterns("/v1/cs/*");
+        registration.addUrlPatterns("/v2/cs/*");
+        registration.setName("configparamcheckfilter");
+        registration.setOrder(8);
+        return registration;
+    }
+    
+    @Bean
+    public ConfigParamCheckFilter configParamCheckFilter() {
+        return new ConfigParamCheckFilter();
+    }
 }

config/src/main/java/com/alibaba/nacos/config/server/filter/ConfigParamCheckFilter.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.filter;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * Config param check filter.
+ *
+ * @author zhuoguang
+ */
+public class ConfigParamCheckFilter implements Filter {
+    
+    private static final String MODULE = "config";
+    
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+        if (!ifParamCheck) {
+            chain.doFilter(request, response);
+            return;
+        }
+        HttpServletRequest req = (HttpServletRequest) request;
+        HttpServletResponse resp = (HttpServletResponse) response;
+        try {
+            String uri = req.getRequestURI();
+            String method = req.getMethod();
+            HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+            AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+            paramExtractor.extractParamAndCheck(req);
+            chain.doFilter(req, resp);
+        } catch (Exception e) {
+            resp.setStatus(400);
+            PrintWriter writer = resp.getWriter();
+            writer.print(e.getMessage());
+            writer.flush();
+        }
+    }
+}

config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractor.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Config default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConfigDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addDefaultTargetRequest("config");
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) {
+        ParamInfo paramInfo = new ParamInfo();
+        paramInfo.setNamespaceId(getAliasNamespaceId(request));
+        paramInfo.setDataId(getAliasDataId(request));
+        paramInfo.setGroup(getAliasGroup(request));
+        paramInfo.setIp(getAliasIp(request));
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+    }
+    
+    private String getAliasNamespaceId(HttpServletRequest request) {
+        String namespaceid = request.getParameter("namespaceId");
+        if (StringUtils.isBlank(namespaceid)) {
+            namespaceid = request.getParameter("tenant");
+        }
+        if (StringUtils.isBlank(namespaceid)) {
+            namespaceid = request.getParameter("namespace");
+        }
+        return namespaceid;
+    }
+    
+    private String getAliasDataId(HttpServletRequest request) {
+        String dataid = request.getParameter("dataId");
+        return dataid;
+    }
+    
+    private String getAliasGroup(HttpServletRequest request) {
+        String group = request.getParameter("group");
+        return group;
+    }
+    
+    private String getAliasIp(HttpServletRequest request) {
+        String ip = request.getParameter("ip");
+        return ip;
+    }
+}

config/src/main/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractor.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.config.server.constant.Constants;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+import java.net.URLDecoder;
+
+/**
+ * ConfigListener http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConfigListenerHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    static final char WORD_SEPARATOR_CHAR = (char) 2;
+    
+    static final char LINE_SEPARATOR_CHAR = (char) 1;
+    
+    @Override
+    public void init() {
+        addTargetRequest(Constants.CONFIG_CONTROLLER_PATH + "/listener", HttpMethod.POST);
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+        String listenConfigs = request.getParameter("Listening-Configs");
+        if (StringUtils.isBlank(listenConfigs)) {
+            return;
+        }
+        listenConfigs = URLDecoder.decode(listenConfigs, Constants.ENCODE);
+        if (StringUtils.isBlank(listenConfigs)) {
+            return;
+        }
+        String[] lines = listenConfigs.split(Character.toString(LINE_SEPARATOR_CHAR));
+        for (String line : lines) {
+            ParamInfo paramInfo = new ParamInfo();
+            String[] words = line.split(Character.toString(WORD_SEPARATOR_CHAR));
+            if (words.length < 3 || words.length > 4) {
+                throw new IllegalArgumentException("invalid probeModify");
+            }
+            paramInfo.setDataId(words[0]);
+            paramInfo.setGroup(words[1]);
+            if (words.length == 4) {
+                paramInfo.setNamespaceId(words[3]);
+            }
+            ParamCheckUtils.checkParamInfoFormat(paramInfo);
+        }
+    }
+}

config/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor

@@ -0,0 +1,18 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.config.server.paramcheck.ConfigDefaultHttpParamExtractor
+com.alibaba.nacos.config.server.paramcheck.ConfigListenerHttpParamExtractor

config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigDefaultHttpParamExtractorTest.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Config default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConfigDefaultHttpParamExtractorTest {
+    
+    /**
+     * Extract param and check.
+     */
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos/v1/cs/testst");
+        request.setMethod(HttpMethod.PUT);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "config");
+        assertEquals(ConfigDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

config/src/test/java/com/alibaba/nacos/config/server/paramcheck/ConfigListenerHttpParamExtractorTest.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.config.server.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.config.server.constant.Constants;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Config listener http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConfigListenerHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos" + Constants.CONFIG_CONTROLLER_PATH + "/listener");
+        request.setMethod(HttpMethod.POST);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "config");
+        assertEquals(ConfigListenerHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

console/src/main/java/com/alibaba/nacos/console/config/ConsoleFilterConfig.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.config;
+
+import com.alibaba.nacos.console.filter.ConsoleParamCheckFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Console filter config.
+ *
+ * @author zhuoguang
+ */
+@Configuration
+public class ConsoleFilterConfig {
+    
+    @Bean
+    public FilterRegistrationBean<ConsoleParamCheckFilter> consoleParamCheckFilterRegistration() {
+        FilterRegistrationBean<ConsoleParamCheckFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(consoleParamCheckFilter());
+        registration.addUrlPatterns("/v1/console/*");
+        registration.addUrlPatterns("/v2/console/*");
+        registration.setName("consoleparamcheckfilter");
+        registration.setOrder(8);
+        return registration;
+    }
+    
+    @Bean
+    public ConsoleParamCheckFilter consoleParamCheckFilter() {
+        return new ConsoleParamCheckFilter();
+    }
+}

console/src/main/java/com/alibaba/nacos/console/filter/ConsoleParamCheckFilter.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.filter;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * console param check filter.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleParamCheckFilter implements Filter {
+    
+    private static final String MODULE = "console";
+    
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+        if (!ifParamCheck) {
+            chain.doFilter(request, response);
+            return;
+        }
+        HttpServletRequest req = (HttpServletRequest) request;
+        HttpServletResponse resp = (HttpServletResponse) response;
+        try {
+            String uri = req.getRequestURI();
+            String method = req.getMethod();
+            HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+            AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+            paramExtractor.extractParamAndCheck(req);
+            chain.doFilter(request, resp);
+        } catch (Exception e) {
+            resp.setStatus(400);
+            PrintWriter writer = resp.getWriter();
+            writer.print(e.getMessage());
+            writer.flush();
+        }
+    }
+}

console/src/main/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractor.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.paramcheck;
+
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Console default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addDefaultTargetRequest("console");
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+        ParamInfo paramInfo = new ParamInfo();
+        paramInfo.setNamespaceId(getAliasNamespaceId(request));
+        paramInfo.setNamespaceShowName(getAliasNamespaceShowName(request));
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+    }
+    
+    private String getAliasNamespaceId(HttpServletRequest request) {
+        String namespaceId = request.getParameter("namespaceId");
+        if (StringUtils.isBlank(namespaceId)) {
+            namespaceId = request.getParameter("customNamespaceId");
+        }
+        return namespaceId;
+    }
+    
+    private String getAliasNamespaceShowName(HttpServletRequest request) {
+        String namespaceShowName = request.getParameter("namespaceName");
+        return namespaceShowName;
+    }
+}

console/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor

@@ -0,0 +1,17 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.console.paramcheck.ConsoleDefaultHttpParamExtractor

console/src/test/java/com/alibaba/nacos/console/paramcheck/ConsoleDefaultHttpParamExtractorTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.console.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Console default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class ConsoleDefaultHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setMethod(HttpMethod.POST);
+        request.setRequestURI("/nacos/v2/console/namespace");
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "console");
+        assertEquals(ConsoleDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractor.java

@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.api.exception.NacosException;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming default http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingDefaultHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addDefaultTargetRequest("naming");
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws NacosException {
+        ParamInfo paramInfo = new ParamInfo();
+        paramInfo.setIp(getAliasIp(request));
+        paramInfo.setPort(getAliasPort(request));
+        paramInfo.setNamespaceId(getAliasNamespaceId(request));
+        paramInfo.setCluster(getAliasClusterName(request));
+        String serviceName = getAliasServiceName(request);
+        String groupName = getAliasGroupName(request);
+        String groupServiceName = serviceName;
+        if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+            String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+            groupName = splits[0];
+            serviceName = splits[1];
+        }
+        paramInfo.setServiceName(serviceName);
+        paramInfo.setGroup(groupName);
+        paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+    }
+    
+    private String getAliasNamespaceId(HttpServletRequest request) {
+        String namespaceid = request.getParameter("namespaceId");
+        return namespaceid;
+    }
+    
+    private String getAliasIp(HttpServletRequest request) {
+        String ip = request.getParameter("ip");
+        return ip;
+    }
+    
+    private String getAliasPort(HttpServletRequest request) {
+        String port = request.getParameter("port");
+        if (StringUtils.isBlank(port)) {
+            port = request.getParameter("checkPort");
+        }
+        return port;
+    }
+    
+    private String getAliasServiceName(HttpServletRequest request) {
+        String serviceName = request.getParameter("serviceName");
+        if (StringUtils.isBlank(serviceName)) {
+            serviceName = request.getParameter("serviceNameParam");
+        }
+        return serviceName;
+    }
+    
+    private String getAliasGroupName(HttpServletRequest request) {
+        String groupName = request.getParameter("groupName");
+        if (StringUtils.isBlank(groupName)) {
+            groupName = request.getParameter("groupNameParam");
+        }
+        return groupName;
+    }
+    
+    private String getAliasClusterName(HttpServletRequest request) {
+        String clusterName = request.getParameter("clusterName");
+        if (StringUtils.isBlank(clusterName)) {
+            clusterName = request.getParameter("cluster");
+        }
+        return clusterName;
+    }
+}

naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractor.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.healthcheck.RsInfo;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming instance beat http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceBeatHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/beat",
+                HttpMethod.PUT);
+        addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT
+                + "/beat", HttpMethod.PUT);
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+        ParamInfo paramInfo = new ParamInfo();
+        String serviceName = request.getParameter("serviceName");
+        String groupName = request.getParameter("groupName");
+        String groupServiceName = serviceName;
+        if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+            String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+            groupName = splits[0];
+            serviceName = splits[1];
+        }
+        paramInfo.setServiceName(serviceName);
+        paramInfo.setGroup(groupName);
+        paramInfo.setIp(request.getParameter("ip"));
+        paramInfo.setPort(request.getParameter("port"));
+        paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+        String beatString = request.getParameter("beat");
+        if (StringUtils.isNotBlank(beatString)) {
+            RsInfo clientBeat = JacksonUtils.toObj(beatString, RsInfo.class);
+            ParamInfo beatParamInfo = new ParamInfo();
+            beatParamInfo.setIp(clientBeat.getIp());
+            beatParamInfo.setPort(String.valueOf(clientBeat.getPort()));
+            beatParamInfo.setCluster(clientBeat.getCluster());
+            ParamCheckUtils.checkParamInfoFormat(beatParamInfo);
+        }
+    }
+}

naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractor.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Naming instance list http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceListHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/list",
+                HttpMethod.GET);
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+        ParamInfo paramInfo = new ParamInfo();
+        String serviceName = request.getParameter("serviceName");
+        String groupName = request.getParameter("groupName");
+        String groupServiceName = serviceName;
+        if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+            String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+            groupName = splits[0];
+            serviceName = splits[1];
+        }
+        paramInfo.setServiceName(serviceName);
+        paramInfo.setGroup(groupName);
+        paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+        String clusters = request.getParameter(request.getParameter("clusters"));
+        if (StringUtils.isNotBlank(clusters)) {
+            String[] cluster = clusters.split(",");
+            for (String clusterName : cluster) {
+                ParamCheckUtils.checkClusterFormat(clusterName);
+            }
+        }
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+    }
+}

naming/src/main/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractor.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.api.naming.pojo.Instance;
+import com.alibaba.nacos.common.paramcheck.ParamCheckUtils;
+import com.alibaba.nacos.common.paramcheck.ParamInfo;
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.common.utils.JacksonUtils;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import com.fasterxml.jackson.core.type.TypeReference;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+
+/**
+ * Naming instance metadata batch http param extractor.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceMetadataBatchHttpParamExtractor extends AbstractHttpParamExtractor {
+    
+    @Override
+    public void init() {
+        addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+                HttpMethod.PUT);
+        addTargetRequest(UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+                HttpMethod.DELETE);
+        addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+                HttpMethod.PUT);
+        addTargetRequest(UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch",
+                HttpMethod.DELETE);
+    }
+    
+    @Override
+    public void extractParamAndCheck(HttpServletRequest request) throws Exception {
+        ParamInfo paramInfo = new ParamInfo();
+        String serviceName = request.getParameter("serviceName");
+        String groupName = request.getParameter("groupName");
+        String groupServiceName = serviceName;
+        if (StringUtils.isNotBlank(groupServiceName) && groupServiceName.contains(Constants.SERVICE_INFO_SPLITER)) {
+            String[] splits = groupServiceName.split(Constants.SERVICE_INFO_SPLITER, 2);
+            groupName = splits[0];
+            serviceName = splits[1];
+        }
+        paramInfo.setServiceName(serviceName);
+        paramInfo.setGroup(groupName);
+        paramInfo.setNamespaceId(request.getParameter("namespaceId"));
+        paramInfo.setMetadata(UtilsAndCommons.parseMetadata(request.getParameter("metadata")));
+        ParamCheckUtils.checkParamInfoFormat(paramInfo);
+        
+        String instances = request.getParameter("instances");
+        if (StringUtils.isNotBlank(instances)) {
+            List<Instance> targetInstances = JacksonUtils.toObj(instances, new TypeReference<List<Instance>>() {
+            });
+            for (Instance instance : targetInstances) {
+                ParamInfo instanceParamInfo = new ParamInfo();
+                instanceParamInfo.setIp(instance.getIp());
+                instanceParamInfo.setPort(String.valueOf(instance.getPort()));
+                instanceParamInfo.setCluster(instance.getClusterName());
+                ParamCheckUtils.checkParamInfoFormat(instanceParamInfo);
+            }
+        }
+    }
+}

naming/src/main/java/com/alibaba/nacos/naming/web/NamingConfig.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 Alibaba Group Holding Ltd.
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -30,6 +30,8 @@ public class NamingConfig {
     
     private static final String UTL_PATTERNS = "/v1/ns/*";
     
+    private static final String UTL_PATTERNS_V2 = "/v2/ns/*";
+    
     private static final String DISTRO_FILTER = "distroFilter";
     
     private static final String SERVICE_NAME_FILTER = "serviceNameFilter";
@@ -38,6 +40,8 @@ public class NamingConfig {
     
     private static final String CLIENT_ATTRIBUTES_FILTER = "clientAttributes_filter";
     
+    private static final String NAMING_PARAM_CHECK_FILTER = "namingparamCheckFilter";
+    
     @Bean
     public FilterRegistrationBean<DistroFilter> distroFilterRegistration() {
         FilterRegistrationBean<DistroFilter> registration = new FilterRegistrationBean<>();
@@ -78,6 +82,17 @@ public class NamingConfig {
         return registration;
     }
     
+    @Bean
+    public FilterRegistrationBean<NamingParamCheckFilter> paramCheckFilterRegistration() {
+        FilterRegistrationBean<NamingParamCheckFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(namingParamCheckFilter());
+        registration.addUrlPatterns(UTL_PATTERNS);
+        registration.addUrlPatterns(UTL_PATTERNS_V2);
+        registration.setName(NAMING_PARAM_CHECK_FILTER);
+        registration.setOrder(10);
+        return registration;
+    }
+    
     @Bean
     public DistroFilter distroFilter() {
         return new DistroFilter();
@@ -97,4 +112,9 @@ public class NamingConfig {
     public ClientAttributesFilter clientAttributesFilter() {
         return new ClientAttributesFilter();
     }
+    
+    @Bean
+    public NamingParamCheckFilter namingParamCheckFilter() {
+        return new NamingParamCheckFilter();
+    }
 }

naming/src/main/java/com/alibaba/nacos/naming/web/NamingParamCheckFilter.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.web;
+
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.sys.env.EnvUtil;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * Naming param check filter.
+ *
+ * @author zhuoguang
+ */
+public class NamingParamCheckFilter implements Filter {
+    
+    private static final String MODULE = "naming";
+    
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+            throws IOException, ServletException {
+        boolean ifParamCheck = EnvUtil.getProperty("nacos.paramcheck", Boolean.class, true);
+        if (!ifParamCheck) {
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse resp = (HttpServletResponse) servletResponse;
+        try {
+            String uri = request.getRequestURI();
+            String method = request.getMethod();
+            HttpParamExtractorManager extractorManager = HttpParamExtractorManager.getInstance();
+            AbstractHttpParamExtractor paramExtractor = extractorManager.getExtractor(uri, method, MODULE);
+            paramExtractor.extractParamAndCheck(request);
+            filterChain.doFilter(request, resp);
+        } catch (Exception e) {
+            resp.setStatus(400);
+            PrintWriter writer = resp.getWriter();
+            writer.print(e.getMessage());
+            writer.flush();
+        }
+        
+    }
+}

naming/src/main/resources/META-INF/services/com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor

@@ -0,0 +1,20 @@
+#
+# Copyright 1999-2023 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+com.alibaba.nacos.naming.paramcheck.NamingDefaultHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceBeatHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceListHttpParamExtractor
+com.alibaba.nacos.naming.paramcheck.NamingInstanceMetadataBatchHttpParamExtractor

naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingDefaultHttpParamExtractorTest.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming default http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingDefaultHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos/v1/ns/instance/lalala");
+        request.setMethod(HttpMethod.DELETE);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+        assertEquals(NamingDefaultHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceBeatHttpParamExtractorTest.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance beat http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceBeatHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos" + UtilsAndCommons.DEFAULT_NACOS_NAMING_CONTEXT_V2 + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT
+                + "/beat");
+        request.setMethod(HttpMethod.PUT);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+        assertEquals(NamingInstanceBeatHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceListHttpParamExtractorTest.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance list http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceListHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos" + UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/list");
+        request.setMethod(HttpMethod.GET);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+        assertEquals(NamingInstanceListHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

naming/src/test/java/com/alibaba/nacos/naming/paramcheck/NamingInstanceMetadataBatchHttpParamExtractorTest.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2023 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.nacos.naming.paramcheck;
+
+import com.alibaba.nacos.common.utils.HttpMethod;
+import com.alibaba.nacos.core.paramcheck.AbstractHttpParamExtractor;
+import com.alibaba.nacos.core.paramcheck.HttpParamExtractorManager;
+import com.alibaba.nacos.naming.misc.UtilsAndCommons;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * The type Naming instance metadata batch http param extractor test.
+ *
+ * @author zhuoguang
+ */
+public class NamingInstanceMetadataBatchHttpParamExtractorTest {
+    
+    @Test
+    public void extractParamAndCheck() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setRequestURI("/nacos" + UtilsAndCommons.NACOS_NAMING_CONTEXT + UtilsAndCommons.NACOS_NAMING_INSTANCE_CONTEXT + "/metadata/batch");
+        request.setMethod(HttpMethod.PUT);
+        HttpParamExtractorManager manager = HttpParamExtractorManager.getInstance();
+        AbstractHttpParamExtractor extractor = manager.getExtractor(request.getRequestURI(), request.getMethod(), "naming");
+        assertEquals(NamingInstanceMetadataBatchHttpParamExtractor.class.getSimpleName(), extractor.getClass().getSimpleName());
+    }
+}

test/naming-test/src/test/java/com/alibaba/nacos/test/naming/AbstractInstanceOperate_ITCase.java

@@ -376,7 +376,7 @@ public abstract class AbstractInstanceOperate_ITCase {
     public void registerPersistentInstanceWithInvalidClusterName() throws Exception {
         expectedException.expect(NacosException.class);
         expectedException.expectMessage(
-                "Instance 'clusterName' should be characters with only 0-9a-zA-Z-. (current: cluster1,cluster2)");
+                "Param 'cluster' is illegal, Chinese characters and ',' should not appear in the param");
         
         String serviceName = NamingBase.randomDomainName();
         Instance instance = new Instance();