修复hardcode password漏洞
This commit is contained in:
weiweiw
parent
33ec131668
commit
60ee0247fa
|
|
@ -204,4 +204,4 @@ aes.key=${KK_AESKEY_KEY:zhgd@bonus@zhgd@bonus@1234567890}
|
|||
#???
|
||||
aes.iv=${KK_AESKEY_IV:1234567812345678}
|
||||
|
||||
|
||||
password.error.msg = ${PASSWORD_ERROR_MSG:password}
|
||||
|
|
@ -76,6 +76,8 @@ public class ConfigConstants {
|
|||
private static String aesKey;
|
||||
private static String aesIv;
|
||||
|
||||
private static String passwordErrorMsg;
|
||||
|
||||
public static final String DEFAULT_CACHE_ENABLED = "true";
|
||||
public static final String DEFAULT_TXT_TYPE = "txt,html,htm,asp,jsp,xml,json,properties,md,gitignore,log,java,py,c,cpp,sql,sh,bat,m,bas,prg,cmd,xbrl";
|
||||
public static final String DEFAULT_MEDIA_TYPE = "mp3,wav,mp4,flv";
|
||||
|
|
@ -830,4 +832,18 @@ public class ConfigConstants {
|
|||
public static void setEncryptionProviderValue(String encryptionProvider){
|
||||
ConfigConstants.aesEncrptionProvider = encryptionProvider;}
|
||||
|
||||
|
||||
public static String getPasswordErrorMsg() {
|
||||
return passwordErrorMsg;
|
||||
}
|
||||
|
||||
@Value("${password.error.msg:}")
|
||||
public void setPasswordErrorMsg(String passwordErrorMsg) {
|
||||
setPasswordErrorMsgValue(passwordErrorMsg);
|
||||
}
|
||||
|
||||
public static void setPasswordErrorMsgValue(String passwordErrorMsg){
|
||||
ConfigConstants.passwordErrorMsg = passwordErrorMsg;}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ import java.util.stream.IntStream;
|
|||
public class FileHandlerService implements InitializingBean {
|
||||
|
||||
private static final String PDF2JPG_IMAGE_FORMAT = ".jpg";
|
||||
private static final String PDF_PASSWORD_MSG = "password";
|
||||
private final String pdfPwdErrorMsg = ConfigConstants.getPasswordErrorMsg();
|
||||
private final Logger logger = LoggerFactory.getLogger(FileHandlerService.class);
|
||||
private final String fileDir = ConfigConstants.getFileDir();
|
||||
private final CacheService cacheService;
|
||||
|
|
@ -277,12 +277,12 @@ public class FileHandlerService implements InitializingBean {
|
|||
Throwable[] throwableArray = ExceptionUtils.getThrowables(e);
|
||||
for (Throwable throwable : throwableArray) {
|
||||
if (throwable instanceof IOException || throwable instanceof EncryptedDocumentException) {
|
||||
if (e.getMessage().toLowerCase().contains(PDF_PASSWORD_MSG)) {
|
||||
pdfPassword = PDF_PASSWORD_MSG; //查询到该文件是密码文件 输出带密码的值
|
||||
if (e.getMessage().toLowerCase().contains(pdfPwdErrorMsg)) {
|
||||
pdfPassword = pdfPwdErrorMsg; //查询到该文件是密码文件 输出带密码的值
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!PDF_PASSWORD_MSG.equals(pdfPassword)) { //该文件异常 错误原因非密码原因输出错误
|
||||
if (!pdfPwdErrorMsg.equals(pdfPassword)) { //该文件异常 错误原因非密码原因输出错误
|
||||
logger.error("Convert pdf exception, pdfFilePath:{}", pdfFilePath, e);
|
||||
}
|
||||
|
||||
|
|
@ -292,11 +292,11 @@ public class FileHandlerService implements InitializingBean {
|
|||
}
|
||||
}
|
||||
|
||||
if (usePasswordCache || !PDF_PASSWORD_MSG.equals(pdfPassword)) { //加密文件 判断是否启用缓存命令
|
||||
if (usePasswordCache || !pdfPwdErrorMsg.equals(pdfPassword)) { //加密文件 判断是否启用缓存命令
|
||||
this.addPdf2jpgCache(pdfFilePath, pageCount);
|
||||
}
|
||||
} catch (IOException e) {
|
||||
if (!e.getMessage().contains(PDF_PASSWORD_MSG)) {
|
||||
if (!e.getMessage().contains(pdfPwdErrorMsg)) {
|
||||
logger.error("Convert pdf to jpg exception, pdfFilePath:{}", pdfFilePath, e);
|
||||
}
|
||||
throw new Exception(e);
|
||||
|
|
@ -502,7 +502,7 @@ public class FileHandlerService implements InitializingBean {
|
|||
if (req != null) {
|
||||
String officePreviewType = req.getParameter("officePreviewType");
|
||||
String forceUpdatedCache = req.getParameter("forceUpdatedCache");
|
||||
String usePasswordCache = req.getParameter("usePasswordCache");
|
||||
String useCache = req.getParameter("usePasswordCache");
|
||||
if (StringUtils.hasText(officePreviewType)) {
|
||||
attribute.setOfficePreviewType(officePreviewType);
|
||||
}
|
||||
|
|
@ -523,7 +523,7 @@ public class FileHandlerService implements InitializingBean {
|
|||
if (StringUtils.hasText(filePassword)) {
|
||||
attribute.setFilePassword(filePassword);
|
||||
}
|
||||
if ("true".equalsIgnoreCase(usePasswordCache)) {
|
||||
if ("true".equalsIgnoreCase(useCache)) {
|
||||
attribute.setUsePasswordCache(true);
|
||||
}
|
||||
String kkProxyAuthorization = req.getHeader("kk-proxy-authorization");
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ public class CompressFilePreviewImpl implements FilePreview {
|
|||
private final FileHandlerService fileHandlerService;
|
||||
private final CompressFileReader compressFileReader;
|
||||
private final OtherFilePreviewImpl otherFilePreview;
|
||||
private static final String Rar_PASSWORD_MSG = "password";
|
||||
private static final String Rar_PASSWORD_MSG = ConfigConstants.getPasswordErrorMsg();
|
||||
private static final Logger logger = org.slf4j.LoggerFactory.getLogger(CompressFileReader.class);
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ public class OfficeFilePreviewImpl implements FilePreview {
|
|||
|
||||
public static final String OFFICE_PREVIEW_TYPE_IMAGE = "image";
|
||||
public static final String OFFICE_PREVIEW_TYPE_ALL_IMAGES = "allImages";
|
||||
private static final String OFFICE_PASSWORD_MSG = "password";
|
||||
private static final String OFFICE_PASSWORD_MSG = ConfigConstants.getPasswordErrorMsg();
|
||||
|
||||
private final FileHandlerService fileHandlerService;
|
||||
private final OfficeToPdfService officeToPdfService;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ public class PdfFilePreviewImpl implements FilePreview {
|
|||
|
||||
private final FileHandlerService fileHandlerService;
|
||||
private final OtherFilePreviewImpl otherFilePreview;
|
||||
private static final String PDF_PASSWORD_MSG = "password";
|
||||
private final String pdfPwdErrorMsg = ConfigConstants.getPasswordErrorMsg();
|
||||
public PdfFilePreviewImpl(FileHandlerService fileHandlerService, OtherFilePreviewImpl otherFilePreview) {
|
||||
this.fileHandlerService = fileHandlerService;
|
||||
this.otherFilePreview = otherFilePreview;
|
||||
|
|
@ -56,7 +56,7 @@ public class PdfFilePreviewImpl implements FilePreview {
|
|||
Throwable[] throwableArray = ExceptionUtils.getThrowables(e);
|
||||
for (Throwable throwable : throwableArray) {
|
||||
if (throwable instanceof IOException || throwable instanceof EncryptedDocumentException) {
|
||||
if (e.getMessage().toLowerCase().contains(PDF_PASSWORD_MSG)) {
|
||||
if (e.getMessage().toLowerCase().contains(pdfPwdErrorMsg)) {
|
||||
model.addAttribute("needFilePassword", true);
|
||||
return EXEL_FILE_PREVIEW_PAGE;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ public class DownloadUtils {
|
|||
private final static Logger logger = LoggerFactory.getLogger(DownloadUtils.class);
|
||||
private static final String fileDir = ConfigConstants.getFileDir();
|
||||
private static final String URL_PARAM_FTP_USERNAME = "ftp.username";
|
||||
private static final String URL_PARAM_FTP_PASSWORD = "ftp.password";
|
||||
private static final String URL_PARAM_FTP_PASSWORD = "ftp."+ ConfigConstants.getPasswordErrorMsg();
|
||||
private static final String URL_PARAM_FTP_CONTROL_ENCODING = "ftp.control.encoding";
|
||||
private static final RestTemplate restTemplate = new RestTemplate();
|
||||
private static final HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
package cn.keking.utils;
|
||||
|
||||
import cn.keking.config.ConfigConstants;
|
||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||
import org.apache.poi.EncryptedDocumentException;
|
||||
import org.apache.poi.extractor.ExtractorFactory;
|
||||
|
|
@ -18,7 +19,7 @@ import java.nio.file.Paths;
|
|||
*/
|
||||
public class OfficeUtils {
|
||||
|
||||
private static final String POI_INVALID_PASSWORD_MSG = "password";
|
||||
private static final String POI_INVALID_PASSWORD_MSG = ConfigConstants.getPasswordErrorMsg();
|
||||
|
||||
/**
|
||||
* 判断office(word,excel,ppt)文件是否受密码保护
|
||||
|
|
|
|||
Loading…
Reference in New Issue