From 3dc0f243f88ddde9a06189d068af20999b473b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B5=B5=E5=BB=B6?= <1060026287@qq.com> Date: Wed, 9 Sep 2020 16:40:07 +0800 Subject: [PATCH] [ISSUE #3687] check serviceName's format(groupName@@serviceName) in server and client (#3767) * 1.in server, check serviceName's format 'groupName@@serviceName', groupName and serviceName can't be blank 2.in client, check 'groupName@@serviceName', groupName and serviceName can't be blank * ignore the check to groupName * check split's length instead of exception to check argument * 1.add some notes 2.remove unnecessary code * modify the notes --- .../nacos/api/naming/utils/NamingUtils.java | 3 ++ .../controllers/InstanceController.java | 40 ++++++++++++++++--- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/api/src/main/java/com/alibaba/nacos/api/naming/utils/NamingUtils.java b/api/src/main/java/com/alibaba/nacos/api/naming/utils/NamingUtils.java index 911219ae30e..9faa8b40bf9 100644 --- a/api/src/main/java/com/alibaba/nacos/api/naming/utils/NamingUtils.java +++ b/api/src/main/java/com/alibaba/nacos/api/naming/utils/NamingUtils.java @@ -28,6 +28,9 @@ public class NamingUtils { public static String getGroupedName(final String serviceName, final String groupName) { + if (StringUtils.isBlank(serviceName)) { + throw new IllegalArgumentException("Param 'serviceName' is illegal, serviceName is blank"); + } final String resultGroupedName = groupName + Constants.SERVICE_INFO_SPLITER + serviceName; return resultGroupedName.intern(); } diff --git a/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java b/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java index 02f0b4a3160..5f1ae15a362 100644 --- a/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java +++ b/naming/src/main/java/com/alibaba/nacos/naming/controllers/InstanceController.java @@ -38,6 +38,7 @@ import com.alibaba.nacos.naming.push.DataSource; import com.alibaba.nacos.naming.push.PushService; import com.alibaba.nacos.naming.web.CanDistro; +import com.alibaba.nacos.naming.web.DistroFilter; import com.alibaba.nacos.naming.web.NamingResourceParser; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; @@ -115,9 +116,10 @@ public String getData(PushService.PushClient client) { @Secured(parser = NamingResourceParser.class, action = ActionTypes.WRITE) public String register(HttpServletRequest request) throws Exception { - final String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); final String namespaceId = WebUtils .optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); + final String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); final Instance instance = parseInstance(request); @@ -139,6 +141,7 @@ public String deregister(HttpServletRequest request) throws Exception { Instance instance = getIpAddress(request); String namespaceId = WebUtils.optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); Service service = serviceManager.getService(namespaceId, serviceName); if (service == null) { @@ -161,9 +164,10 @@ public String deregister(HttpServletRequest request) throws Exception { @PutMapping @Secured(parser = NamingResourceParser.class, action = ActionTypes.WRITE) public String update(HttpServletRequest request) throws Exception { - final String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); final String namespaceId = WebUtils .optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); + final String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); final Instance instance = parseInstance(request); String agent = WebUtils.getUserAgent(request); @@ -190,8 +194,9 @@ public String update(HttpServletRequest request) throws Exception { @PatchMapping @Secured(parser = NamingResourceParser.class, action = ActionTypes.WRITE) public String patch(HttpServletRequest request) throws Exception { - String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); String namespaceId = WebUtils.optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); + String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); String ip = WebUtils.required(request, "ip"); String port = WebUtils.required(request, "port"); String cluster = WebUtils.optional(request, CommonParams.CLUSTER_NAME, StringUtils.EMPTY); @@ -242,8 +247,9 @@ public String patch(HttpServletRequest request) throws Exception { public ObjectNode list(HttpServletRequest request) throws Exception { String namespaceId = WebUtils.optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); - String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); + String agent = WebUtils.getUserAgent(request); String clusters = WebUtils.optional(request, "clusters", StringUtils.EMPTY); String clientIP = WebUtils.optional(request, "clientIP", StringUtils.EMPTY); @@ -274,6 +280,7 @@ public ObjectNode detail(HttpServletRequest request) throws Exception { String namespaceId = WebUtils.optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); String cluster = WebUtils.optional(request, CommonParams.CLUSTER_NAME, UtilsAndCommons.DEFAULT_CLUSTER_NAME); String ip = WebUtils.required(request, "ip"); int port = Integer.parseInt(WebUtils.required(request, "port")); @@ -344,8 +351,9 @@ public ObjectNode beat(HttpServletRequest request) throws Exception { ip = clientBeat.getIp(); port = clientBeat.getPort(); } - String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); String namespaceId = WebUtils.optional(request, CommonParams.NAMESPACE_ID, Constants.DEFAULT_NAMESPACE_ID); + String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME); + checkServiceNameFormat(serviceName); Loggers.SRV_LOG.debug("[CLIENT-BEAT] full arguments: beat: {}, serviceName: {}", clientBeat, serviceName); Instance instance = serviceManager.getInstance(namespaceId, serviceName, clusterName, ip, port); @@ -413,7 +421,7 @@ public ObjectNode listWithHealthStatus(@RequestParam String key) throws NacosExc namespaceId = Constants.DEFAULT_NAMESPACE_ID; serviceName = key; } - + checkServiceNameFormat(serviceName); Service service = serviceManager.getService(namespaceId, serviceName); if (service == null) { @@ -433,6 +441,26 @@ public ObjectNode listWithHealthStatus(@RequestParam String key) throws NacosExc return result; } + /** + * check combineServiceName format. the serviceName can't be blank. some relational logic in {@link + * DistroFilter#doFilter}, it will handle combineServiceName in some case, you should know it. + *
+     * serviceName = "@@"; the length = 0; illegal
+     * serviceName = "group@@"; the length = 1; illegal
+     * serviceName = "@@serviceName"; the length = 2; legal
+     * serviceName = "group@@serviceName"; the length = 2; legal
+     * 
+ * + * @param combineServiceName such as: groupName@@serviceName + */ + private void checkServiceNameFormat(String combineServiceName) { + String[] split = combineServiceName.split(Constants.SERVICE_INFO_SPLITER); + if (split.length <= 1) { + throw new IllegalArgumentException( + "Param 'serviceName' is illegal, it should be format as 'groupName@@serviceName"); + } + } + private Instance parseInstance(HttpServletRequest request) throws Exception { String serviceName = WebUtils.required(request, CommonParams.SERVICE_NAME);