Skip to content

Commit

Permalink
bugfix: 高危语句规则扫描类型高危语句同样会进行拦截 #1704
Browse files Browse the repository at this point in the history
  • Loading branch information
@hLinx
hLinx committed Feb 1, 2023
1 parent b66937a commit bdd1ffa
Show file tree
Hide file tree
Showing 8 changed files with 66 additions and 80 deletions.
15 changes: 8 additions & 7 deletions src/frontend/src/components/ace-editor/index.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@
SQL: 'sql',
};
const LOCAL_STORAGE_KEY = 'ace_editor_history';

const escapeHTML = str => str.replace(/&/g, '&').replace(/"/g, '"')
.replace(/'/g, ''')
.replace(/</g, '&#60;');
Expand All @@ -167,7 +167,7 @@
temp.value = value;
return temp.value;
};

export default {
name: 'AceEditor',
components: {
Expand Down Expand Up @@ -382,6 +382,7 @@
},
beforeDestroy () {
this.handleExitFullScreen();
this.$store.commit('setScriptCheckError', null);
},
mounted () {
this.initEditor();
Expand Down Expand Up @@ -420,7 +421,7 @@
return result;
}, {});
this.defaultScriptMap = Object.assign({}, DefaultScript, customScriptMap);

// 只读或有传入值默认脚本使用prop.value
// 其它情况使用脚本编辑器提供的默认值
this.content = this.readonly || this.value
Expand Down Expand Up @@ -457,7 +458,7 @@
editor.setShowPrintMargin(false);
editor.$blockScrolling = Infinity;
editor.setReadOnly(this.readonly);

editor.on('change', () => {
this.content = editor.getValue();
const content = Base64.encode(this.content);
Expand All @@ -479,12 +480,12 @@
});
// 先保存 editor 在设置 value
this.editor = editor;

this.$once('hook:beforeDestroy', () => {
editor.destroy();
editor.container.remove();
});

this.watchEditAction();

const $handler = document.querySelector(`#${this.selfId}`);
Expand Down Expand Up @@ -576,7 +577,7 @@
if (target.type !== 'textarea') {
return;
}

if ([
'Escape',
'Meta',
Expand Down
20 changes: 11 additions & 9 deletions src/frontend/src/components/jb-edit/input.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,10 @@
</div>
</template>
<template v-else>
<div class="edit-value-box" :class="{ 'edit-error': !!error }" @click.stop="">
<div
class="edit-value-box"
:class="{ 'edit-error': !!error }"
@click.stop="">
<bk-input
ref="input"
:value="newVal"
Expand Down Expand Up @@ -174,7 +177,7 @@
resolve();
}
});

const allPromise = this.rules.map(rule => checkValidator(rule, this.newVal));
this.isValidatoring = true;
return Promise.all(allPromise).finally(() => {
Expand Down Expand Up @@ -256,16 +259,15 @@
* @param {Object} event dom 事件
*/
handleHideEdit (event) {
const eventPath = event.composedPath();
if (this.isValidatoring || this.error) {
return;
}
if (event.path && event.path.length > 0) {
// eslint-disable-next-line no-plusplus
for (let i = 0; i < event.path.length; i++) {
const target = event.path[i];
if (target.className === 'jb-edit-input') {
return;
}
// eslint-disable-next-line no-plusplus
for (let i = 0; i < eventPath.length; i++) {
const target = eventPath[i];
if (target.className === 'jb-edit-input') {
return;
}
}
this.isEditing = false;
Expand Down
19 changes: 9 additions & 10 deletions src/frontend/src/components/jb-edit/select.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@
resolve();
}
});

const allPromise = this.rules.map(rule => checkValidator(rule, this.localValue));
this.isValidatoring = true;
return Promise.all(allPromise).finally(() => {
Expand Down Expand Up @@ -300,17 +300,16 @@
* @param {Object} event dom 事件
*/
handleHideEdit (event) {
const eventPath = event.composedPath();
if (this.isValidatoring || this.error) {
return;
}
if (event.path && event.path.length > 0) {
// eslint-disable-next-line no-plusplus
for (let i = 0; i < event.path.length; i++) {
const target = event.path[i];
if (target.className === 'jb-edit-select'
|| target.className === 'tippy-content') {
return;
}
// eslint-disable-next-line no-plusplus
for (let i = 0; i < eventPath.length; i++) {
const target = eventPath[i];
if (target.className === 'jb-edit-select'
|| target.className === 'tippy-content') {
return;
}
}
this.isEditing = false;
Expand All @@ -331,7 +330,7 @@
this.triggerChange();
}
},

},
};
</script>
Expand Down
25 changes: 12 additions & 13 deletions src/frontend/src/components/jb-edit/tag.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,20 +155,20 @@
document.body.removeEventListener('click', this.hideEdit);
});
},

methods: {
/**
* @desc 触发标签修改操作
*/
triggerRemote () {
this.isEditing = false;

if (isEqual(this.memoValue, this.localValue)) {
return;
}

this.isLoading = true;

this.remoteHander({
[this.field]: this.localValue.map(({ id }) => ({ id })),
}).then(() => {
Expand All @@ -187,17 +187,16 @@
*/
hideEdit (event) {
if (!this.isEditing) return;
if (event.path && event.path.length > 0) {
// eslint-disable-next-line no-plusplus
for (let i = 0; i < event.path.length; i++) {
const target = event.path[i];
if (/tippy-popper/.test(target.className)
|| /job-tag-create-dialog/.test(target.className)) {
return;
}
const eventPath = event.composedPath();
// eslint-disable-next-line no-plusplus
for (let i = 0; i < eventPath.length; i++) {
const target = eventPath[i];
if (/tippy-popper/.test(target.className)
|| /job-tag-create-dialog/.test(target.className)) {
return;
}
}

this.triggerRemote();
},
/**
Expand Down
21 changes: 10 additions & 11 deletions src/frontend/src/components/jb-edit/textarea.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,15 +206,15 @@
$el.style.wordBreak = 'keep-all';
$el.style.whiteSpace = 'pre';
}

this.$refs.valueTextBox.appendChild($el);

const lineHeight = 24;
const maxLine = 3;
const maxHeight = lineHeight * maxLine;
let realHeight = 0;
let realLength = 1;

const calcLength = () => {
const text = this.newVal.slice(0, realLength);
$el.innerText = `${text} 展开展开`;
Expand Down Expand Up @@ -287,13 +287,12 @@
* @desc 退出编辑状态
*/
handleHideInput (event) {
if (event.path && event.path.length > 0) {
// eslint-disable-next-line no-plusplus
for (let i = 0; i < event.path.length; i++) {
const target = event.path[i];
if (target.className === 'jb-edit-textarea') {
return;
}
const eventPath = event.composedPath();
// eslint-disable-next-line no-plusplus
for (let i = 0; i < eventPath.length; i++) {
const target = eventPath[i];
if (target.className === 'jb-edit-textarea') {
return;
}
}
this.isEditing = false;
Expand Down Expand Up @@ -366,7 +365,7 @@

&:hover {
.edit-action {
opacity: 1;
opacity: 100%;
transform: scale(1);
}
}
Expand Down Expand Up @@ -398,7 +397,7 @@
padding: 4px 15px 4px 2px;
color: #979ba5;
cursor: pointer;
opacity: 0;
opacity: 0%;
transform: scale(0);
transition: 0.15s;
transform-origin: left center;
Expand Down
13 changes: 12 additions & 1 deletion src/frontend/src/utils/assist/dom.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export const getScrollParent = (node) => {
if (node === null) {
return null;
}

if (node.scrollHeight > node.clientHeight) {
return node;
}
Expand Down Expand Up @@ -87,3 +87,14 @@ export const scrollTopSmooth = function (target, destScrollTop) {
};
step();
};

export const getParentByClass = (node, className) => {
let parentNode = node;
while (parentNode) {
if (parentNode.classList && parentNode.classList.contains(className)) {
return parentNode;
}
({ parentNode } = parentNode);
}
return parentNode;
};
17 changes: 2 additions & 15 deletions src/frontend/src/views/script-manage/common/copy-create.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -295,21 +295,8 @@
return;
}
this.isSubmiting = true;
Promise.all([
// 验证表单
this.$refs.form.validate(),
// 脚本高危语句检测
ScriptManageService.getScriptValidation({
content: this.formData.content,
scriptType: this.formData.type,
}).then((data) => {
// 高危语句报错状态需要全局保存
const dangerousContent = _.find(data, _ => _.isDangerous);
this.$store.commit('setScriptCheckError', dangerousContent);
return true;
}),
])
.then(scriptErrorConfirm)
this.$refs.form.validate()
.then(() => scriptErrorConfirm())
.then(() => {
this.scriptManageServiceHandler.scriptUpdate({
...this.formData,
Expand Down
16 changes: 2 additions & 14 deletions src/frontend/src/views/script-manage/common/edit.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,20 +244,8 @@
return;
}
this.isSubmiting = true;
Promise.all([
// 验证表单
this.$refs.form.validate(),
// 脚本高危语句检测
ScriptManageService.getScriptValidation({
content: this.formData.content,
scriptType: this.formData.type,
}).then((data) => {
// 高危语句报错状态需要全局保存
const dangerousContent = _.find(data, _ => _.isDangerous);
this.$store.commit('setScriptCheckError', dangerousContent);
return true;
}),
]).then(scriptErrorConfirm)
this.$refs.form.validate()
.then(() => scriptErrorConfirm())
.then(() => {
this.serviceHandler.scriptUpdate({
...this.formData,
Expand Down

0 comments on commit bdd1ffa

Please sign in to comment.