Skip to content

Commit

Permalink
修复漏洞信息
Browse files Browse the repository at this point in the history
  • Loading branch information
hanbingleixue committed Nov 28, 2023
1 parent b3d1022 commit 28f11f0
Show file tree
Hide file tree
Showing 45 changed files with 205 additions and 52 deletions.
8 changes: 6 additions & 2 deletions .github/actions/scenarios/dubbo/visibility/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,11 @@ runs:
env:
SERVER_PORT: 28054
DUBBO_PROTOCOL_PORT: 28854
AGENT_SERVICE_HEARTBEAT_ENABLE: true
AGENT_SERVICE_GATEWAY_ENABLE: true
NOTIFICATION_ENABLE: true
VISIBILITY_SERVICE_FLAG: true
VISIBILITY_CONFIG_START_FLAG: true
AGENT_CONFIG_SERVICE_BLACK_LIST: com.huaweicloud.sermant.implement.service.tracing.TracingServiceImpl
run: |
nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=dubbo-integration-provider -jar \
sermant-integration-tests/dubbo-test/dubbo-${{ env.projectPath }}-integration-provider/target/dubbo-integration-provider.jar > ${{ env.logDir }}/visibility-provider.log 2>&1 &
Expand All @@ -39,9 +41,11 @@ runs:
env:
SERVER_PORT: 28050
DUBBO_PROTOCOL_PORT: 28850
AGENT_SERVICE_HEARTBEAT_ENABLE: true
AGENT_SERVICE_GATEWAY_ENABLE: true
NOTIFICATION_ENABLE: true
VISIBILITY_SERVICE_VERSION: 12345
VISIBILITY_CONFIG_START_FLAG: true
AGENT_CONFIG_SERVICE_BLACK_LIST: com.huaweicloud.sermant.implement.service.tracing.TracingServiceImpl
run: |
nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=dubbo-integration-consumer -jar \
sermant-integration-tests/dubbo-test/dubbo-${{ env.projectPath }}-integration-consumer/target/dubbo-integration-consumer.jar > ${{ env.logDir }}/visibility-consumer.log 2>&1 &
Expand Down
8 changes: 6 additions & 2 deletions .github/actions/scenarios/spring/visibility/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@ runs:
env:
VISIBILITY_SERVICE_FLAG: true
VISIBILITY_CONFIG_START_FLAG: true
AGENT_CONFIG_SERVICE_BLACK_LIST: com.huaweicloud.sermant.implement.service.tracing.TracingServiceImpl
AGENT_SERVICE_HEARTBEAT_ENABLE: true
AGENT_SERVICE_GATEWAY_ENABLE: true
NOTIFICATION_ENABLE: true
run: |
nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8013 -jar \
-Dsermant_log_dir=${{ env.logDir }}/feign-provider${{ env.tailVersion }} -Dconfig.retry.sleepMs=20 \
Expand All @@ -35,7 +37,9 @@ runs:
env:
VISIBILITY_SERVICE_FLAG: true
VISIBILITY_CONFIG_START_FLAG: true
AGENT_CONFIG_SERVICE_BLACK_LIST: com.huaweicloud.sermant.implement.service.tracing.TracingServiceImpl
AGENT_SERVICE_HEARTBEAT_ENABLE: true
AGENT_SERVICE_GATEWAY_ENABLE: true
NOTIFICATION_ENABLE: true
run: |
nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8015 -jar \
-Dsermant_log_dir=${{ env.logDir }}/feign-consumer${{ env.tailVersion }} -Dservicecomb.service.openMigration=true -Dservicecomb.service.enableSpringRegister=true \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
package com.huaweicloud.sermant.core.exception;

/**
* 网络接口检查异常
* 网络接口检查异常
*
* @author tangle
* @since 2023-11-21
Expand All @@ -26,9 +26,9 @@ public class NetInterfacesCheckException extends RuntimeException {
private static final long serialVersionUID = -5485122231044249395L;

/**
* 网络接口检查异常
* 网络接口检查异常
*
* @param message 异常信息
* @param message 异常信息
*/
public NetInterfacesCheckException(String message) {
super(message);
Expand Down
2 changes: 1 addition & 1 deletion sermant-agentcore/sermant-agentcore-implement/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>${snake.yaml.version}</version>
<version>2.0</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import com.alibaba.fastjson.util.IOUtils;

import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.ConstructorException;
import org.yaml.snakeyaml.representer.Representer;
Expand Down Expand Up @@ -60,7 +61,8 @@ public class LoadYamlStrategy implements LoadConfigStrategy<Map> {
*/
private static final Logger LOGGER = LoggerFactory.getLogger();

private static final Map<Class<?>, Class<?>> BASE_TYPE_TRANSFER_MAP = new HashMap<Class<?>, Class<?>>() {{
private static final Map<Class<?>, Class<?>> BASE_TYPE_TRANSFER_MAP = new HashMap<Class<?>, Class<?>>() {
{
put(int.class, Integer.class);
put(short.class, Short.class);
put(long.class, Long.class);
Expand All @@ -69,7 +71,8 @@ public class LoadYamlStrategy implements LoadConfigStrategy<Map> {
put(float.class, Float.class);
put(double.class, Double.class);
put(boolean.class, Boolean.class);
}};
}
};

/**
* Yaml对象
Expand All @@ -85,7 +88,7 @@ public class LoadYamlStrategy implements LoadConfigStrategy<Map> {
* 构造函数
*/
public LoadYamlStrategy() {
Representer representer = new Representer();
Representer representer = new Representer(new DumperOptions());
representer.getPropertyUtils().setSkipMissingProperties(true);
this.yaml = new Yaml(representer);
}
Expand All @@ -104,7 +107,7 @@ public Map getConfigHolder(File config, Map<String, Object> bootstreapArgsMap) {

@Override
public <R extends BaseConfig> R loadConfig(Map holder, R config) {
final Class<? extends BaseConfig> cls = config.getClass();
final Class<R> cls = (Class<R>) config.getClass();
final String typeKey = ConfigKeyUtil.getTypeKey(cls);
final Object typeVal = holder.get(typeKey);
if (!(typeVal instanceof Map)) {
Expand All @@ -123,7 +126,7 @@ public <R extends BaseConfig> R loadConfig(Map holder, R config) {
final ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(cls.getClassLoader());
return (R) yaml.loadAs(yaml.dump(fixEntry(configMap, cls)), cls);
return yaml.loadAs(yaml.dump(fixEntry(configMap, cls)), cls);
} finally {
Thread.currentThread().setContextClassLoader(classLoader);
}
Expand Down Expand Up @@ -226,12 +229,13 @@ public String getFixedValue(String key) {
if (fixedStrValue == null) {
fixedVal = null;
} else {
fixedVal = yaml.loadAs(fixedStrValue, BASE_TYPE_TRANSFER_MAP.getOrDefault(field.getType(),
field.getType()));
Class fieldClass = BASE_TYPE_TRANSFER_MAP.getOrDefault(field.getType(), field.getType());
fixedVal = yaml.loadAs(fixedStrValue, fieldClass);
}
} else {
Class fieldClass = subTypeVal.getClass();
fixedVal = yaml.loadAs(ConfigValueUtil.fixValue(configKey, yaml.dump(subTypeVal), argsMap, provider),
subTypeVal.getClass());
fieldClass);
}
} catch (ConstructorException exception) {
LOGGER.severe(String.format(Locale.ENGLISH, "Error occurs while parsing configKey: %s", configKey));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import com.huaweicloud.sermant.core.common.LoggerFactory;
import com.huaweicloud.sermant.core.operation.converter.api.YamlConverter;

import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.ConstructorException;
import org.yaml.snakeyaml.representer.Representer;
Expand All @@ -43,7 +44,7 @@ public class YamlConverterImpl implements YamlConverter {
* Constructor.
*/
public YamlConverterImpl() {
Representer representer = new Representer();
Representer representer = new Representer(new DumperOptions());
representer.getPropertyUtils().setSkipMissingProperties(true);
yaml = new Yaml(representer);
}
Expand Down
2 changes: 1 addition & 1 deletion sermant-backend/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<spring.boot.version>2.5.3</spring.boot.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<io.netty.version>4.1.86.Final</io.netty.version>
<spring-boot.version>2.6.1</spring-boot.version>
<spring-boot.version>2.7.15</spring-boot.version>
<protobuf-java.version>3.9.1</protobuf-java.version>
<lombok.version>1.18.22</lombok.version>
<fastjson.version>1.2.83</fastjson.version>
Expand Down
1 change: 1 addition & 0 deletions sermant-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>io.prometheus</groupId>
Expand Down
2 changes: 1 addition & 1 deletion sermant-injector/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
<commons.io.version>2.11.0</commons.io.version>
<spring.boot.version>2.7.1</spring.boot.version>
<spring.boot.version>2.7.15</spring.boot.version>
</properties>

<dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-ribbon</artifactId>
<artifactId>spring-cloud-starter-loadbalancer</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand Down
6 changes: 3 additions & 3 deletions sermant-integration-tests/dubbo-test/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.4.RELEASE</version>
<version>2.7.15</version>
<relativePath/>
</parent>
<modelVersion>4.0.0</modelVersion>
Expand Down Expand Up @@ -54,7 +54,7 @@
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Hoxton.RELEASE</version>
<version>2021.0.3</version>
<type>pom</type>
<scope>import</scope>
</dependency>
Expand Down Expand Up @@ -97,7 +97,7 @@
<dependency>
<groupId>com.101tec</groupId>
<artifactId>zkclient</artifactId>
<version>${zkclient.version}</version>
<version>0.10</version>
</dependency>
</dependencies>
</dependencyManagement>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.0.RELEASE</version>
<version>2.7.15</version>
<relativePath/>
</parent>
<modelVersion>4.0.0</modelVersion>
Expand All @@ -37,7 +37,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.0.RELEASE</version>
<version>2.7.15</version>
<scope>test</scope>
</dependency>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public class VisibilityTest {
@Test
public void testVisibility() throws InterruptedException {
RequestUtils.get(TEST_URL, new HashMap<>(), String.class);
Thread.sleep(30000);
Thread.sleep(60000);
String string = RequestUtils.get(URL, new HashMap<>(), String.class);
Assertions.assertNotNull(string, "服务信息采集失败");
List<ServerInfo> serverInfos = JSONArray.parseArray(string, ServerInfo.class);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
<properties>
<config.skip.flag>false</config.skip.flag>
<package.plugin.type>plugin</package.plugin.type>
<spring-components.version>5.3.14</spring-components.version>
<spring-components.version>5.3.29</spring-components.version>
<spring-cloud.version>3.0.0</spring-cloud.version>
<zk-config.version>3.0.0</zk-config.version>
<nacos-config.version>2.2.0.RELEASE</nacos-config.version>
Expand Down
12 changes: 12 additions & 0 deletions sermant-plugins/sermant-flowcontrol/flowcontrol-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,18 @@
<artifactId>dubbo</artifactId>
<version>2.5.7</version>
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>5.3.29</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
<properties>
<config.skip.flag>false</config.skip.flag>
<package.plugin.type>plugin</package.plugin.type>
<spring.boot.version>2.5.2</spring.boot.version>
<spring.boot.version>2.7.15</spring.boot.version>
<resilience4j.version>1.7.1</resilience4j.version>
<servlet-api.version>4.0.1</servlet-api.version>
<alibaba.dubbo.version>2.5.7</alibaba.dubbo.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,12 +53,25 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
<version>2.7.3</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</exclusion>
</exclusions>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>5.3.29</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import com.huaweicloud.sermant.core.plugin.service.PluginService;
import com.huaweicloud.sermant.core.utils.StringUtils;

import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.error.YAMLException;
import org.yaml.snakeyaml.representer.Representer;
Expand All @@ -46,7 +47,7 @@ public class YamlRuleConverter implements RuleConverter, PluginService {
* 构造器
*/
public YamlRuleConverter() {
Representer representer = new Representer();
Representer representer = new Representer(new DumperOptions());
representer.getPropertyUtils().setSkipMissingProperties(true);
yaml = new Yaml(representer);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<maven.compiler.source>8</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<spring.version>5.3.0</spring.version>
<spring.version>5.3.29</spring.version>
<javax.version>1.3.2</javax.version>
</properties>

Expand Down Expand Up @@ -60,6 +60,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
<scope>test</scope>
</dependency>
</dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.error.YAMLException;
import org.yaml.snakeyaml.representer.Representer;
Expand Down Expand Up @@ -116,7 +117,7 @@ static class YamlRuleConverter implements RuleConverter, PluginService {
* 构造器
*/
public YamlRuleConverter() {
Representer representer = new Representer();
Representer representer = new Representer(new DumperOptions());
representer.getPropertyUtils().setSkipMissingProperties(true);
yaml = new Yaml(representer);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import com.huaweicloud.sermant.core.plugin.service.PluginService;
import com.huaweicloud.sermant.core.utils.StringUtils;

import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.error.YAMLException;
import org.yaml.snakeyaml.representer.Representer;
Expand All @@ -50,7 +51,7 @@ public class YamlRuleConverter implements RuleConverter, PluginService {
* 构造器
*/
public YamlRuleConverter() {
Representer representer = new Representer();
Representer representer = new Representer(new DumperOptions());
representer.getPropertyUtils().setSkipMissingProperties(true);
List<String> whiteList = new ArrayList<>();
whiteList.add(LoadbalancerRule.class.getCanonicalName());
Expand Down
Loading

0 comments on commit 28f11f0

Please sign in to comment.