refactor: optimize parameterSecurityChecker (#880)

traas-stack · Oct 12, 2024 · 189c997 · 189c997
1 parent e19e781
commit 189c997
Show file tree

Hide file tree

Showing 10 changed files with 184 additions and 138 deletions.
diff --git a/.../home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java b/.../home-service/src/main/java/io/holoinsight/server/home/biz/service/TenantInitService.java
@@ -3,15 +3,13 @@
  */
 package io.holoinsight.server.home.biz.service;
 
-import io.holoinsight.server.apm.common.model.specification.sw.Tag;
+import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
+import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
 import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO;
 import io.holoinsight.server.common.dao.entity.dto.TenantOpsStorage;
-import io.holoinsight.server.home.biz.plugin.config.MetaLabel;
 import io.holoinsight.server.common.scope.MonitorScope;
 import io.holoinsight.server.common.scope.MonitorUser;
-import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
-import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO;
-import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
+import io.holoinsight.server.home.biz.plugin.config.MetaLabel;
 import io.holoinsight.server.query.grpc.QueryProto.QueryFilter;
 
 import java.util.List;
@@ -101,21 +99,13 @@ List<QueryFilter> getTenantFilters(String tenant, String workspace, String envir
   CloudMonitorRange getCollectMonitorRange(String table, String tenant, String workspace,
       List<String> strings, MetaLabel metaLabel);
 
-  Boolean checkCookie(String tenant, String workspace, String environment);
-
-  Boolean checkTraceTags(String tenant, String workspace, List<Tag> tags);
-
-  Boolean checkTraceParams(String tenant, String workspace, Map<String, String> paramsMap);
 
   List<IntegrationGeneratedDTO> getExtraGeneratedLists();
 
-  Boolean checkIntegrationWorkspace(String workspace);
-
-  Boolean checkCustomPluginLogConfParams(String tenant, String workspace,
-      CustomPluginDTO customPluginDTO);
-
   List<String> getAggCompletenessTags();
 
   List<String> getAggDefaultGroupByTags();
 
+  Boolean checkIntegrationWorkspace(String workspace);
+
 }
diff --git a/...c/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java b/...c/main/java/io/holoinsight/server/home/biz/service/impl/DefaultTenantInitServiceImpl.java
@@ -3,17 +3,15 @@
  */
 package io.holoinsight.server.home.biz.service.impl;
 
-import io.holoinsight.server.apm.common.model.specification.sw.Tag;
+import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
+import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
 import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO;
 import io.holoinsight.server.common.dao.entity.dto.TenantOpsStorage;
+import io.holoinsight.server.common.scope.MonitorScope;
+import io.holoinsight.server.common.scope.MonitorUser;
 import io.holoinsight.server.home.biz.common.GaeaConvertUtil;
 import io.holoinsight.server.home.biz.plugin.config.MetaLabel;
 import io.holoinsight.server.home.biz.service.TenantInitService;
-import io.holoinsight.server.common.scope.MonitorScope;
-import io.holoinsight.server.common.scope.MonitorUser;
-import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
-import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO;
-import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
 import io.holoinsight.server.query.grpc.QueryProto.QueryFilter;
 
 import java.util.ArrayList;
@@ -96,36 +94,12 @@ public CloudMonitorRange getCollectMonitorRange(String table, String tenant, Str
     return GaeaConvertUtil.convertCloudMonitorRange(table, metaLabel, strings);
   }
 
-  @Override
-  public Boolean checkCookie(String tenant, String workspace, String environment) {
-    return Boolean.TRUE;
-  }
-
-  @Override
-  public Boolean checkTraceTags(String tenant, String workspace, List<Tag> tags) {
-    return Boolean.TRUE;
-  }
-
-  @Override
-  public Boolean checkTraceParams(String tenant, String workspace, Map<String, String> paramsMap) {
-    return Boolean.TRUE;
-  }
 
   @Override
   public List<IntegrationGeneratedDTO> getExtraGeneratedLists() {
     return new ArrayList<>();
   }
 
-  @Override
-  public Boolean checkIntegrationWorkspace(String workspace) {
-    return Boolean.TRUE;
-  }
-
-  @Override
-  public Boolean checkCustomPluginLogConfParams(String tenant, String workspace,
-      CustomPluginDTO customPluginDTO) {
-    return Boolean.TRUE;
-  }
 
   @Override
   public List<String> getAggCompletenessTags() {
@@ -137,4 +111,9 @@ public List<String> getAggDefaultGroupByTags() {
     return new ArrayList<>();
   }
 
+
+  @Override
+  public Boolean checkIntegrationWorkspace(String workspace) {
+    return Boolean.TRUE;
+  }
 }
diff --git a/...me-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java b/...me-task/src/main/java/io/holoinsight/server/home/task/TenantIntegrationGeneratedTask.java
@@ -3,19 +3,21 @@
  */
 package io.holoinsight.server.home.task;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-
 import com.google.gson.reflect.TypeToken;
 import io.holoinsight.server.common.J;
 import io.holoinsight.server.common.MD5Hash;
+import io.holoinsight.server.common.cache.local.CommonLocalCache;
+import io.holoinsight.server.common.dao.converter.IntegrationGeneratedConverter;
+import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
+import io.holoinsight.server.common.dao.entity.GaeaCollectRange;
+import io.holoinsight.server.common.dao.entity.IntegrationGenerated;
 import io.holoinsight.server.common.dao.entity.TenantOps;
+import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
+import io.holoinsight.server.common.dao.entity.dto.IntegrationPluginDTO;
+import io.holoinsight.server.common.model.TaskEnum;
+import io.holoinsight.server.common.service.IntegrationGeneratedService;
+import io.holoinsight.server.common.service.IntegrationPluginService;
+import io.holoinsight.server.common.service.TenantOpsService;
 import io.holoinsight.server.home.biz.common.MetaDictKey;
 import io.holoinsight.server.home.biz.common.MetaDictType;
 import io.holoinsight.server.home.biz.common.MetaDictUtil;
@@ -25,34 +27,30 @@
 import io.holoinsight.server.home.biz.plugin.core.LogPlugin;
 import io.holoinsight.server.home.biz.plugin.model.Plugin;
 import io.holoinsight.server.home.biz.plugin.model.PluginType;
-import io.holoinsight.server.common.service.IntegrationGeneratedService;
-import io.holoinsight.server.common.service.IntegrationPluginService;
 import io.holoinsight.server.home.biz.service.MetaService;
 import io.holoinsight.server.home.biz.service.MetaService.AppModel;
 import io.holoinsight.server.home.biz.service.TenantInitService;
-import io.holoinsight.server.common.service.TenantOpsService;
-import io.holoinsight.server.common.model.TaskEnum;
-import io.holoinsight.server.common.cache.local.CommonLocalCache;
-import io.holoinsight.server.common.dao.converter.IntegrationGeneratedConverter;
-import io.holoinsight.server.common.dao.entity.IntegrationGenerated;
-import io.holoinsight.server.common.dao.entity.CloudMonitorRange;
-import io.holoinsight.server.common.dao.entity.GaeaCollectRange;
-import io.holoinsight.server.common.dao.entity.dto.IntegrationGeneratedDTO;
-import io.holoinsight.server.common.dao.entity.dto.IntegrationPluginDTO;
 import io.holoinsight.server.meta.common.model.QueryExample;
+import io.holoinsight.server.meta.facade.service.DataClientService;
 import lombok.extern.slf4j.Slf4j;
-
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 
-import io.holoinsight.server.meta.facade.service.DataClientService;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
 
-import static io.holoinsight.server.home.biz.common.MetaDictKey.INTEGRATION_LOCAL_PRODUCT;
-import static io.holoinsight.server.home.biz.common.MetaDictType.INTEGRATION_CONFIG;
 import static io.holoinsight.server.common.cache.local.CacheConst.APP_META_KEY;
 import static io.holoinsight.server.common.cache.local.CacheConst.INTEGRATION_GENERATED_CACHE_KEY;
+import static io.holoinsight.server.home.biz.common.MetaDictKey.INTEGRATION_LOCAL_PRODUCT;
+import static io.holoinsight.server.home.biz.common.MetaDictType.INTEGRATION_CONFIG;
 
 /**
  *

diff --git a/...ome/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java b/...ome/home-web/src/main/java/io/holoinsight/server/home/web/controller/AgentFacadeImpl.java
@@ -4,6 +4,7 @@
 package io.holoinsight.server.home.web.controller;
 
 import io.holoinsight.server.common.JsonResult;
+import io.holoinsight.server.common.ResultCodeEnum;
 import io.holoinsight.server.home.biz.common.MetaDictKey;
 import io.holoinsight.server.home.biz.common.MetaDictType;
 import io.holoinsight.server.home.biz.common.MetaDictUtil;
@@ -19,6 +20,7 @@
 import io.holoinsight.server.common.ManageCallback;
 import io.holoinsight.server.home.web.common.ParaCheckUtil;
 import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth;
+import io.holoinsight.server.home.web.security.ParameterSecurityService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -47,6 +49,9 @@ public class AgentFacadeImpl extends BaseFacade {
   @Autowired
   private ApiKeyService apiKeyService;
 
+  @Autowired
+  private ParameterSecurityService parameterSecurityService;
+
   @ResponseBody
   @GetMapping(value = "/vmAgent")
   @MonitorScopeAuth(targetType = AuthTargetType.TENANT, needPower = PowerConstants.VIEW)
@@ -93,6 +98,10 @@ public JsonResult<Map<String, Object>> listFiles(
       @Override
       public void checkParameter() {
         ParaCheckUtil.checkParaNotBlank(agentParamRequest.getLogpath(), "logpath");
+        if (!parameterSecurityService.checkAgentLogPathPrefix(agentParamRequest.getLogpath())) {
+          throw new MonitorException(
+              "the logPath " + agentParamRequest.getLogpath() + "must start with /home/admin/logs");
+        }
       }
 
       @Override
@@ -122,6 +131,10 @@ public JsonResult<Map<String, Object>> previewFile(
       @Override
       public void checkParameter() {
         ParaCheckUtil.checkParaNotBlank(agentParamRequest.getLogpath(), "logpath");
+        if (!parameterSecurityService.checkAgentLogPath(agentParamRequest.getLogpath())) {
+          throw new MonitorException(ResultCodeEnum.PARAMETER_ILLEGAL,
+              "the logPath " + agentParamRequest.getLogpath() + "must end with .log");
+        }
       }
 
       @Override

diff --git a/...e-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java b/...e-web/src/main/java/io/holoinsight/server/home/web/controller/CustomPluginFacadeImpl.java
@@ -3,36 +3,36 @@
  */
 package io.holoinsight.server.home.web.controller;
 
-import io.holoinsight.server.common.UtilMisc;
-import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO;
-import io.holoinsight.server.common.service.MetricInfoService;
-import io.holoinsight.server.home.biz.plugin.core.LogPluginUtil;
-import io.holoinsight.server.common.service.AlarmMetricService;
-import io.holoinsight.server.home.biz.service.CustomPluginService;
-import io.holoinsight.server.common.service.FolderService;
-import io.holoinsight.server.home.biz.service.TenantInitService;
-import io.holoinsight.server.common.service.UserOpLogService;
+import io.holoinsight.server.common.J;
+import io.holoinsight.server.common.JsonResult;
+import io.holoinsight.server.common.ManageCallback;
 import io.holoinsight.server.common.MonitorException;
+import io.holoinsight.server.common.MonitorPageRequest;
+import io.holoinsight.server.common.MonitorPageResult;
+import io.holoinsight.server.common.RequestContext;
 import io.holoinsight.server.common.ResultCodeEnum;
+import io.holoinsight.server.common.UtilMisc;
+import io.holoinsight.server.common.dao.entity.AlarmMetric;
+import io.holoinsight.server.common.dao.entity.Folder;
+import io.holoinsight.server.common.dao.entity.dto.MetricInfoDTO;
 import io.holoinsight.server.common.scope.AuthTargetType;
 import io.holoinsight.server.common.scope.MonitorCookieUtil;
 import io.holoinsight.server.common.scope.MonitorScope;
 import io.holoinsight.server.common.scope.MonitorUser;
 import io.holoinsight.server.common.scope.PowerConstants;
-import io.holoinsight.server.common.RequestContext;
-import io.holoinsight.server.common.dao.entity.AlarmMetric;
-import io.holoinsight.server.common.dao.entity.Folder;
+import io.holoinsight.server.common.service.AlarmMetricService;
+import io.holoinsight.server.common.service.FolderService;
+import io.holoinsight.server.common.service.MetricInfoService;
+import io.holoinsight.server.common.service.UserOpLogService;
+import io.holoinsight.server.home.biz.plugin.core.LogPluginUtil;
+import io.holoinsight.server.home.biz.service.CustomPluginService;
 import io.holoinsight.server.home.dal.model.OpType;
 import io.holoinsight.server.home.dal.model.dto.CustomPluginDTO;
 import io.holoinsight.server.home.dal.model.dto.conf.CollectMetric;
-import io.holoinsight.server.common.MonitorPageRequest;
-import io.holoinsight.server.common.MonitorPageResult;
-import io.holoinsight.server.common.ManageCallback;
 import io.holoinsight.server.home.web.common.ParaCheckUtil;
 import io.holoinsight.server.home.web.controller.model.LogSplitReq;
 import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth;
-import io.holoinsight.server.common.J;
-import io.holoinsight.server.common.JsonResult;
+import io.holoinsight.server.home.web.security.ParameterSecurityService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -81,7 +81,7 @@ public class CustomPluginFacadeImpl extends BaseFacade {
   private MetricInfoService metricInfoService;
 
   @Autowired
-  private TenantInitService tenantInitService;
+  private ParameterSecurityService parameterSecurityService;
 
   @PostMapping("/update")
   @ResponseBody
@@ -103,7 +103,7 @@ public void checkParameter() {
         MonitorScope ms = RequestContext.getContext().ms;
         ParaCheckUtil.checkEquals(customPluginDTO.getTenant(), ms.getTenant(), "tenant is illegal");
 
-        Boolean aBoolean = tenantInitService.checkCustomPluginLogConfParams(ms.getTenant(),
+        Boolean aBoolean = parameterSecurityService.checkCustomPluginLogConfParams(ms.getTenant(),
             ms.getWorkspace(), customPluginDTO);
         if (!aBoolean) {
           throw new MonitorException("collectRange illegal");
@@ -167,7 +167,7 @@ public void checkParameter() {
         ParaCheckUtil.checkParaNotNull(customPluginDTO.conf, "conf");
         ParaCheckUtil.checkParaId(customPluginDTO.getId());
         MonitorScope ms = RequestContext.getContext().ms;
-        Boolean aBoolean = tenantInitService.checkCustomPluginLogConfParams(ms.getTenant(),
+        Boolean aBoolean = parameterSecurityService.checkCustomPluginLogConfParams(ms.getTenant(),
             ms.getWorkspace(), customPluginDTO);
         if (!aBoolean) {
           throw new MonitorException("collectRange illegal");

diff --git a/...home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java b/...home/home-web/src/main/java/io/holoinsight/server/home/web/controller/InitFacadeImpl.java
@@ -18,6 +18,7 @@
 import io.holoinsight.server.common.scope.PowerConstants;
 import io.holoinsight.server.home.web.common.ParaCheckUtil;
 import io.holoinsight.server.home.web.interceptor.MonitorScopeAuth;
+import io.holoinsight.server.home.web.security.ParameterSecurityService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -77,6 +78,9 @@ public class InitFacadeImpl extends BaseFacade {
   @Autowired
   private TenantInitService tenantInitService;
 
+  @Autowired
+  private ParameterSecurityService parameterSecurityService;
+
   @ResponseBody
   @GetMapping(value = "/tenantCheck")
   public JsonResult<Boolean> tenantCheck() {
@@ -125,7 +129,7 @@ public JsonResult<Boolean> tenantSwitch(@PathVariable("tenant") String tenant,
       @Override
       public void checkParameter() {
         ParaCheckUtil.checkParaNotNull(tenant, "tenant");
-        tenantInitService.checkCookie(tenant, workspace, environment);
+        parameterSecurityService.checkCookie(tenant, workspace, environment);
       }
 
       @Override