[#2738]add tenant legality verification.

This commit is contained in:
zongtanghu 2020-05-11 19:48:51 +08:00
parent 5319b27803
commit f46fa41d1e
2 changed files with 16 additions and 10 deletions

View File

@ -135,6 +135,8 @@ public class ConfigController {
throws NacosException {
final String srcIp = RequestUtil.getRemoteIp(request);
String requestIpApp = RequestUtil.getAppName(request);
// check tenant
ParamUtils.checkTenant(tenant);
ParamUtils.checkParam(dataId, group, "datumId", content);
ParamUtils.checkParam(tag);
@ -213,6 +215,8 @@ public class ConfigController {
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@RequestParam(value = "tag", required = false) String tag)
throws IOException, ServletException, NacosException {
// check tenant
ParamUtils.checkTenant(tenant);
tenant = processTenant(tenant);
// check params
ParamUtils.checkParam(dataId, group, "datumId", "content");
@ -234,6 +238,8 @@ public class ConfigController {
@RequestParam("group") String group,
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant)
throws NacosException {
// check tenant
ParamUtils.checkTenant(tenant);
// check params
ParamUtils.checkParam(dataId, group, "datumId", "content");
return persistService.findConfigAllInfo(dataId, group, tenant);
@ -253,6 +259,8 @@ public class ConfigController {
@RequestParam(value = "tenant", required = false, defaultValue = StringUtils.EMPTY) String tenant,
@RequestParam(value = "tag", required = false) String tag)
throws NacosException {
// check tenant
ParamUtils.checkTenant(tenant);
ParamUtils.checkParam(dataId, group, "datumId", "rm");
ParamUtils.checkParam(tag);
String clientIp = RequestUtil.getRemoteIp(request);

View File

@ -16,9 +16,7 @@
package com.alibaba.nacos.config.server.utils;
import java.util.Map;
import com.alibaba.nacos.api.exception.NacosException;
import org.apache.commons.lang3.StringUtils;
/**
@ -64,11 +62,11 @@ public class ParamUtils {
}
public static void checkParam(String dataId, String group, String datumId, String content) throws NacosException {
if (StringUtils.isBlank(dataId) || !ParamUtils.isValid(dataId.trim())) {
if (StringUtils.isBlank(dataId) || !isValid(dataId.trim())) {
throw new NacosException(NacosException.INVALID_PARAM, "invalid dataId : " + dataId);
} else if (StringUtils.isBlank(group) || !ParamUtils.isValid(group)) {
} else if (StringUtils.isBlank(group) || !isValid(group)) {
throw new NacosException(NacosException.INVALID_PARAM, "invalid group : " + group);
} else if (StringUtils.isBlank(datumId) || !ParamUtils.isValid(datumId)) {
} else if (StringUtils.isBlank(datumId) || !isValid(datumId)) {
throw new NacosException(NacosException.INVALID_PARAM, "invalid datumId : " + datumId);
} else if (StringUtils.isBlank(content)) {
throw new NacosException(NacosException.INVALID_PARAM, "content is blank : " + content);
@ -80,7 +78,7 @@ public class ParamUtils {
public static void checkParam(String tag) {
if (StringUtils.isNotBlank(tag)) {
if (!ParamUtils.isValid(tag.trim())) {
if (!isValid(tag.trim())) {
throw new IllegalArgumentException("invalid tag : " + tag);
}
if (tag.length() > TAG_MAX_LEN) {
@ -91,7 +89,7 @@ public class ParamUtils {
public static void checkTenant(String tenant) {
if (StringUtils.isNotBlank(tenant)) {
if (!ParamUtils.isValid(tenant.trim())) {
if (!isValid(tenant.trim())) {
throw new IllegalArgumentException("invalid tenant");
}
if (tenant.length() > TANANT_MAX_LEN) {