sqlInjection & style

sqlInjection & style

sqlInjection & style
64bed39e · MaxKey单点登录官方 · fb8adb82 · 64bed39e · 64bed39e · 64bed39e
22 changed file
--- a/maxkey-core/src/main/java/org/maxkey/util/StringUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/util/StringUtils.java
@@ -518,4 +518,33 @@ public final class StringUtils {
        return flag;
    }

+    public static ArrayList<String> sqlInjection = null;
+    
+    static{
+        sqlInjection = new ArrayList<String>();
+        sqlInjection.add("--");
+        sqlInjection.add(";");
+        sqlInjection.add("/");
+        sqlInjection.add("\\");
+        sqlInjection.add("#");
+        sqlInjection.add("drop");
+        sqlInjection.add("create");
+        sqlInjection.add("delete");
+        sqlInjection.add("alter");
+        sqlInjection.add("truncate");
+        sqlInjection.add("update");
+        sqlInjection.add("insert");
+        sqlInjection.add("and");
+        sqlInjection.add("or");
+    }
+    
+    public static boolean filtersSQLInjection(String filters) {
+        for(String s : sqlInjection) {
+            if(filters.indexOf(s)>-1) {
+                return true;
+            }
+        }
+        return false;
+    }
+    
 }
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/GroupsService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/GroupsService.java
@@ -22,13 +22,16 @@ import java.util.List;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.domain.Groups;
 import org.maxkey.persistence.mapper.GroupsMapper;
+import org.maxkey.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;

 @Service
 public class GroupsService  extends JpaBaseService<Groups>{
-	
+    final static Logger _logger = LoggerFactory.getLogger(GroupsService.class);
    @Autowired
    @Qualifier("groupMemberService")
    GroupMemberService groupMemberService;
@@ -62,10 +65,22 @@ public class GroupsService  extends JpaBaseService<Groups>{
    	    if(dynamicGroup.getOrgIdsList()!=null && !dynamicGroup.getOrgIdsList().equals("")) {
    	        dynamicGroup.setOrgIdsList("'"+dynamicGroup.getOrgIdsList().replace(",", "','")+"'");
    	    }
+    	    String filters = dynamicGroup.getFilters();
+    	    if(StringUtils.filtersSQLInjection(filters.toLowerCase())) {  
+    	        _logger.info("filters include SQL Injection Attack Risk.");
+    	        return;
+    	    }
+    	    
+    	    filters = filters.replace("&", " AND ");
+    	    filters = filters.replace("|", " OR ");
+    	    
+    	    dynamicGroup.setFilters(filters);
    	    
    	    groupMemberService.deleteDynamicGroupMember(dynamicGroup);
    	    groupMemberService.addDynamicGroupMember(dynamicGroup);
 	    }
    }
 	
+
+	
 }
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/RolesService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/RolesService.java
@@ -23,13 +23,17 @@ import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.domain.RolePermissions;
 import org.maxkey.domain.Roles;
 import org.maxkey.persistence.mapper.RolesMapper;
+import org.maxkey.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;

 @Service
 public class RolesService  extends JpaBaseService<Roles>{
-	
+    final static Logger _logger = LoggerFactory.getLogger(RolesService.class);
+    
    @Autowired
    @Qualifier("roleMemberService")
    RoleMemberService roleMemberService;
@@ -74,6 +78,17 @@ public class RolesService  extends JpaBaseService<Roles>{
                dynamicRole.setOrgIdsList("'"+dynamicRole.getOrgIdsList().replace(",", "','")+"'");
            }
            
+            String filters = dynamicRole.getFilters();
+            if(StringUtils.filtersSQLInjection(filters.toLowerCase())) {  
+                _logger.info("filters include SQL Injection Attack Risk.");
+                return;
+            }
+            
+            filters = filters.replace("&", " AND ");
+            filters = filters.replace("|", " OR ");
+            
+            dynamicRole.setFilters(filters);
+            
            roleMemberService.deleteDynamicRoleMember(dynamicRole);
            roleMemberService.addDynamicRoleMember(dynamicRole);
        }

--- a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/GroupMemberMapper.xml
+++ b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/GroupMemberMapper.xml
@@ -227,7 +227,7 @@
 					AND GM.TYPE='USER-DYNAMIC'
 			)
 		<if test="filters != null and filters != ''">
-				${filters}
+				AND (${filters})
 		</if>
 		<if test="orgIdsList != null and orgIdsList != ''">
 				AND U.DEPARTMENTID IN( ${orgIdsList})
@@ -244,10 +244,10 @@
 		    	WHERE 1 = 1 
 		    		AND U.ID=GM.MEMBERID
 				<if test="filters != null and filters != ''">
-						${filters}
+						AND (${filters})
 				</if>
 				<if test="orgIdsList != null and orgIdsList != ''">
-						AND U.DEPARTMENTID IN( ${orgIdsList})
+						AND U.DEPARTMENTID IN ( ${orgIdsList})
 				</if>
 			)
    </delete>

--- a/maxkey-web-manage/src/main/resources/static/css/base.css
+++ b/maxkey-web-manage/src/main/resources/static/css/base.css
@@ -148,7 +148,7 @@ header .header-container .nav-left>li, .header .header-container .nav-right>li {
 }

 .page-container .main-content {
-    padding: calc(50px + 35px) 15px 15px;
+    padding: calc(35px + 35px) 15px 15px;
    min-height: calc(100vh - 65px);
    background: #e6e8ea;
    width: 100%;
@@ -178,13 +178,17 @@ header .header-container .nav-left>li, .header .header-container .nav-right>li {
 }

 .breadcrumb-wrapper {
-    margin-bottom: 20px;
+    margin-bottom: 10px;
    display: flex;
    -webkit-box-align: center;
    -ms-flex-align: center;
    align-items: center;
 }

+.content-wrapper {
+	padding-top: 15px;
+}
+
 .breadcrumb-wrapper .breadcrumb li {
    display: inline-block;
    font-size: 14px;

--- a/maxkey-web-manage/src/main/resources/templates/views/accounts/appAccountsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/accounts/appAccountsList.ftl
@@ -33,7 +33,7 @@

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -113,6 +113,7 @@
 	</table>
 </div>
 	
+</div>
 </div>
 					</div>
 <footer class="content-footer">

--- a/maxkey-web-manage/src/main/resources/templates/views/apps/appsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/apps/appsList.ftl
@@ -111,6 +111,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -209,6 +210,7 @@
 	
 </div>
 					</div>
+				</div>
 					<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>

--- a/maxkey-web-manage/src/main/resources/templates/views/config/passwordpolicy/passwordpolicy.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/config/passwordpolicy/passwordpolicy.ftl
@@ -57,6 +57,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-header border-bottom">
@@ -241,6 +242,7 @@
 							</div>
 						</div>
 					</div>
+				</div>
 					<footer class="content-footer">
 		<#include  "../../layout/footer.ftl"/>
 	</footer>

--- a/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl
@@ -58,6 +58,7 @@
 					</div>

 	<div class="container-fluid">
+			<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -140,7 +141,7 @@
 					<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>
-
+</div>
 	</div>
 	
 	</div>

--- a/maxkey-web-manage/src/main/resources/templates/views/groups/groupsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/groups/groupsList.ftl
@@ -37,6 +37,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -113,6 +114,7 @@
 	
 </div>
 					</div>
+</div>
 	<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>

--- a/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl
@@ -57,6 +57,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -151,7 +152,7 @@
 	</footer>

 	</div>
-	
+	</div>
 	</div>
 </div>


--- a/maxkey-web-manage/src/main/resources/templates/views/layout/top.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/layout/top.ftl
@@ -11,28 +11,22 @@
 		<@locale code="global.application"/>
 	</ul>
 	<ul class="nav-right">
-		<li style="font-size: 18px; margin-top: 10px;">
-				<@locale code="global.text.welcome"/>：<b>
+		<li style="font-size: 16px; margin-top: 10px;">
+				<@locale code="global.text.welcome"/>:<b>
 				<#if  Session["current_user"]?exists>
-					${Session["current_user"].displayName}
+					 ${Session["current_user"].displayName}
+					(${Session["current_user"].username}) 
 				</#if>
-				(
-					<#if  Session["current_user"]?exists>
-						${Session["current_user"].username} 
-					</#if>
-				)&nbsp;&nbsp;</b>
+				&nbsp;</b>
 		 </li>
-		<li class="scale-left">
-			<a class="sidenav-fold-toggler" href="javascript:void(0);"> 
-				<img  src="<@base/>/static/images/menu-left.png" alt="" style="width: 30px; height: 40px; padding-top: 10px;">
+		<li class="scale-left" style="margin-top: 5px;">
+			<a class="sidenav-fold-toggler" href="javascript:void(0);" > 
+				<i class="fa fa-bars fa-2x" aria-hidden="true" style="border:0px"></i>
 			</a>
 		</li>
-		<li class="scale-left">
-			 &nbsp;
-		</li>
-		<li class="scale-left"> 
+		<li class="scale-left" style="font-size: 18px; margin-top: 5px;"> 
 			<a  href="<@base/>/logout?reLoginUrl=login">
-				<IMG SRC="<@base/>/static/images/exit4.png" alt="Exit" style="width: 40px; height: 45px; padding-top: 8px;">	
+				<i class="fa fa-sign-out fa-2x" aria-hidden="true" style="border:0px;color:#e22a6f"></i>
 			</a>
 		</li>
 	</ul>

--- a/maxkey-web-manage/src/main/resources/templates/views/logs/loginAppsHistoryList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/logs/loginAppsHistoryList.ftl
@@ -37,7 +37,7 @@

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -121,6 +121,7 @@
 		</table>
 </div>
 	
+</div>
 </div>
 					</div>
 <footer class="content-footer">

--- a/maxkey-web-manage/src/main/resources/templates/views/logs/loginHistoryList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/logs/loginHistoryList.ftl
@@ -37,7 +37,7 @@

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -130,6 +130,7 @@
 	</table>
 </div>
 	
+</div>
 </div>
 					</div>
 <footer class="content-footer">

--- a/maxkey-web-manage/src/main/resources/templates/views/logs/logsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/logs/logsList.ftl
@@ -37,7 +37,7 @@

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -124,6 +124,7 @@
 	</table>
 </div>
 	
+</div>
 </div>
 					</div>
 <footer class="content-footer">

--- a/maxkey-web-manage/src/main/resources/templates/views/main.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/main.ftl
@@ -41,10 +41,10 @@

 					</div>
 <div class="container-fluid">
-						<div class="row">
+						<div class="row" style="height:115px; padding-top: 10px;">
 							<div class="col-lg-3 col-md-6 col-xs-12">
-								<div class="info-box bg-primary">
-									<div class="icon-box">
+								<div class="card text-white bg-primary">
+									<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
 										<i class="lni-home"></i>
 									</div>
 									<div class="info-box-content">
@@ -54,8 +54,8 @@
 								</div>
 							</div>
 							<div class="col-lg-3 col-md-6 col-xs-12">
-								<div class="info-box bg-success">
-									<div class="icon-box">
+								<div class="card text-white bg-info">
+									<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
 										<i class="lni-tag"></i>
 									</div>
 									<div class="info-box-content">
@@ -65,8 +65,8 @@
 								</div>
 							</div>
 							<div class="col-lg-3 col-md-6 col-xs-12">
-								<div class="info-box bg-info">
-									<div class="icon-box">
+								<div class="card text-white  bg-warning">
+									<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
 										<i class="lni-cart"></i>
 									</div>
 									<div class="info-box-content">
@@ -76,8 +76,8 @@
 								</div>
 							</div>
 							<div class="col-lg-3 col-md-6 col-xs-12">
-								<div class="info-box bg-purple">
-									<div class="icon-box">
+								<div class="card text-white  bg-danger">
+									<div class="card-body card-body pb-0 d-flex justify-content-between align-items-start">
 										<i class="lni-wallet"></i>
 									</div>
 									<div class="info-box-content">

--- a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl
@@ -163,7 +163,7 @@ $(function () {

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -249,10 +249,11 @@ $(function () {

 </div>
 					</div>
+
 					<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>
-
+</div>
 	</div>
 	
 	</div>

--- a/maxkey-web-manage/src/main/resources/templates/views/permissions/permissionsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/permissions/permissionsList.ftl
@@ -232,6 +232,7 @@ $('#datagrid').on('click-row.bs.table', function (row, element, field) {
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -314,6 +315,7 @@ $('#datagrid').on('click-row.bs.table', function (row, element, field) {
 	
 </div>
 					</div>
+	</div>
 	<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>

--- a/maxkey-web-manage/src/main/resources/templates/views/resources/resourcesList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/resources/resourcesList.ftl
@@ -163,6 +163,7 @@ $(function () {
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -254,12 +255,12 @@ $(function () {
 	
 </div>
 					</div>
+	</div>
 	<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>

 	</div>
-	
 	</div>
 </div>


--- a/maxkey-web-manage/src/main/resources/templates/views/roles/rolesList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/roles/rolesList.ftl
@@ -36,6 +36,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -112,10 +113,10 @@
 	
 </div>
 					</div>
+</div>
 	<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>
-
 	</div>
 	
 	</div>

--- a/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl
@@ -57,6 +57,7 @@
 			</div>
 		</div>
 		<div class="container-fluid">
+			<div class="content-wrapper row">
 			<div class="col-12 grid-margin">
 				<div class="card">
 					<div class="card-body">
@@ -146,10 +147,11 @@
 		</div>
 </div>
 					</div>
+
 					<footer class="content-footer">
 		<#include  "../layout/footer.ftl"/>
 	</footer>
-
+</div>
 	</div>
 	
 	</div>

--- a/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl
@@ -177,7 +177,7 @@ $(function () {

 					</div>
 					<div class="container-fluid">
-
+					<div class="content-wrapper row">
 					<div class="col-12 grid-margin">
 						<div class="card">
 							<div class="card-body">
@@ -292,6 +292,7 @@ $(function () {
 	
 </div>
 					</div>
+</div>
 <footer class="content-footer">
 					<#include  "../layout/footer.ftl"/>
 </footer>