diff --git a/backend/app/service/container.go b/backend/app/service/container.go index fde34c9db..2bd94799a 100644 --- a/backend/app/service/container.go +++ b/backend/app/service/container.go @@ -18,6 +18,7 @@ import ( "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/global" + "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/common" "github.com/1Panel-dev/1Panel/backend/utils/docker" "github.com/docker/docker/api/types" @@ -552,6 +553,9 @@ func (u *ContainerService) ContainerLogClean(req dto.OperationWithName) error { } func (u *ContainerService) ContainerLogs(wsConn *websocket.Conn, container, since, tail string, follow bool) error { + if cmd.CheckIllegal(container, since, tail) { + return buserr.New(constant.ErrCmdIllegal) + } command := fmt.Sprintf("docker logs %s", container) if tail != "0" { command += " -n " + tail diff --git a/backend/app/service/container_compose.go b/backend/app/service/container_compose.go index 52275a952..c092bd117 100644 --- a/backend/app/service/container_compose.go +++ b/backend/app/service/container_compose.go @@ -14,8 +14,10 @@ import ( "github.com/1Panel-dev/1Panel/backend/app/dto" "github.com/1Panel-dev/1Panel/backend/app/model" + "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/global" + "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/compose" "github.com/1Panel-dev/1Panel/backend/utils/docker" "github.com/docker/docker/api/types" @@ -127,6 +129,9 @@ func (u *ContainerService) PageCompose(req dto.SearchWithPage) (int64, interface } func (u *ContainerService) TestCompose(req dto.ComposeCreate) (bool, error) { + if cmd.CheckIllegal(req.Path) { + return false, buserr.New(constant.ErrCmdIllegal) + } composeItem, _ := composeRepo.GetRecord(commonRepo.WithByName(req.Name)) if composeItem.ID != 0 { return false, constant.ErrRecordExist @@ -143,6 +148,9 @@ func (u *ContainerService) TestCompose(req dto.ComposeCreate) (bool, error) { } func (u *ContainerService) CreateCompose(req dto.ComposeCreate) (string, error) { + if cmd.CheckIllegal(req.Name, req.Path) { + return "", buserr.New(constant.ErrCmdIllegal) + } if err := u.loadPath(&req); err != nil { return "", err } @@ -177,6 +185,9 @@ func (u *ContainerService) CreateCompose(req dto.ComposeCreate) (string, error) } func (u *ContainerService) ComposeOperation(req dto.ComposeOperation) error { + if cmd.CheckIllegal(req.Path, req.Operation) { + return buserr.New(constant.ErrCmdIllegal) + } if _, err := os.Stat(req.Path); err != nil { return fmt.Errorf("load file with path %s failed, %v", req.Path, err) } @@ -195,6 +206,9 @@ func (u *ContainerService) ComposeOperation(req dto.ComposeOperation) error { } func (u *ContainerService) ComposeUpdate(req dto.ComposeUpdate) error { + if cmd.CheckIllegal(req.Name, req.Path) { + return buserr.New(constant.ErrCmdIllegal) + } if _, err := os.Stat(req.Path); err != nil { return fmt.Errorf("load file with path %s failed, %v", req.Path, err) } diff --git a/backend/app/service/database_mysql.go b/backend/app/service/database_mysql.go index 41755adab..0a362443b 100644 --- a/backend/app/service/database_mysql.go +++ b/backend/app/service/database_mysql.go @@ -17,6 +17,7 @@ import ( "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/global" + "github.com/1Panel-dev/1Panel/backend/utils/cmd" "github.com/1Panel-dev/1Panel/backend/utils/common" "github.com/1Panel-dev/1Panel/backend/utils/compose" _ "github.com/go-sql-driver/mysql" @@ -77,6 +78,10 @@ var formatMap = map[string]string{ } func (u *MysqlService) Create(ctx context.Context, req dto.MysqlDBCreate) (*model.DatabaseMysql, error) { + if cmd.CheckIllegal(req.Name, req.Username, req.Password, req.Format, req.Permission) { + return nil, buserr.New(constant.ErrCmdIllegal) + } + if req.Username == "root" { return nil, errors.New("Cannot set root as user name") } @@ -184,6 +189,10 @@ func (u *MysqlService) Delete(ctx context.Context, req dto.MysqlDBDelete) error } func (u *MysqlService) ChangePassword(info dto.ChangeDBInfo) error { + if cmd.CheckIllegal(info.Value) { + return buserr.New(constant.ErrCmdIllegal) + } + var ( mysql model.DatabaseMysql err error @@ -253,6 +262,9 @@ func (u *MysqlService) ChangePassword(info dto.ChangeDBInfo) error { } func (u *MysqlService) ChangeAccess(info dto.ChangeDBInfo) error { + if cmd.CheckIllegal(info.Value) { + return buserr.New(constant.ErrCmdIllegal) + } var ( mysql model.DatabaseMysql err error diff --git a/backend/app/service/firewall.go b/backend/app/service/firewall.go index 600f132d1..e010c34e2 100644 --- a/backend/app/service/firewall.go +++ b/backend/app/service/firewall.go @@ -304,7 +304,6 @@ func OperateFirewallPort(oldPorts, newPorts []int) error { return err } for _, port := range newPorts { - if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: "tcp", Strategy: "accept"}, "add"); err != nil { return err } diff --git a/backend/app/service/image_repo.go b/backend/app/service/image_repo.go index c0d0bcbdb..c38868d5d 100644 --- a/backend/app/service/image_repo.go +++ b/backend/app/service/image_repo.go @@ -79,7 +79,7 @@ func (u *ImageRepoService) List() ([]dto.ImageRepoOption, error) { func (u *ImageRepoService) Create(req dto.ImageRepoCreate) error { if cmd.CheckIllegal(req.Username, req.Password, req.DownloadUrl) { - return buserr.New(constant.ErrRepoConn) + return buserr.New(constant.ErrCmdIllegal) } imageRepo, _ := imageRepoRepo.Get(commonRepo.WithByName(req.Name)) if imageRepo.ID != 0 { @@ -148,7 +148,7 @@ func (u *ImageRepoService) Update(req dto.ImageRepoUpdate) error { return errors.New("The default value cannot be deleted !") } if cmd.CheckIllegal(req.Username, req.Password, req.DownloadUrl) { - return buserr.New(constant.ErrRepoConn) + return buserr.New(constant.ErrCmdIllegal) } repo, err := imageRepoRepo.Get(commonRepo.WithByID(req.ID)) if err != nil { diff --git a/backend/app/service/ssh.go b/backend/app/service/ssh.go index be86df3bc..d975be802 100644 --- a/backend/app/service/ssh.go +++ b/backend/app/service/ssh.go @@ -11,6 +11,7 @@ import ( "time" "github.com/1Panel-dev/1Panel/backend/app/dto" + "github.com/1Panel-dev/1Panel/backend/buserr" "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/global" "github.com/1Panel-dev/1Panel/backend/utils/cmd" @@ -146,6 +147,9 @@ func (u *SSHService) UpdateByFile(value string) error { } func (u *SSHService) GenerateSSH(req dto.GenerateSSH) error { + if cmd.CheckIllegal(req.EncryptionMode, req.Password) { + return buserr.New(constant.ErrCmdIllegal) + } currentUser, err := user.Current() if err != nil { return fmt.Errorf("load current user failed, err: %v", err) diff --git a/backend/constant/errs.go b/backend/constant/errs.go index f3fd6fdb6..873a9a29c 100644 --- a/backend/constant/errs.go +++ b/backend/constant/errs.go @@ -42,6 +42,7 @@ var ( ErrTypePasswordExpired = "ErrPasswordExpired" ErrNameIsExist = "ErrNameIsExist" ErrDemoEnvironment = "ErrDemoEnvironment" + ErrCmdIllegal = "ErrCmdIllegal" ) // app @@ -107,7 +108,6 @@ var ( ErrInUsed = "ErrInUsed" ErrObjectInUsed = "ErrObjectInUsed" ErrPortRules = "ErrPortRules" - ErrRepoConn = "ErrRepoConn" ) // runtime diff --git a/backend/i18n/lang/en.yaml b/backend/i18n/lang/en.yaml index a64e4a0e9..9e5611a7d 100644 --- a/backend/i18n/lang/en.yaml +++ b/backend/i18n/lang/en.yaml @@ -13,6 +13,7 @@ ErrNotSupportType: "The system does not support the current type: {{ .detail }}" ErrNameIsExist: "Name is already exist" ErrDemoEnvironment: "Demo server, prohibit this operation!" ErrCmdTimeout: "Command execution timed out!" +ErrCmdIllegal: "The command contains illegal characters. Please modify and try again!" #app ErrPortInUsed: "{{ .detail }} port already in use" @@ -83,7 +84,6 @@ ErrTypeOfRedis: "The recovery file type does not match the current persistence m #container ErrInUsed: "{{ .detail }} is in use and cannot be deleted" ErrObjectInUsed: "This object is in use and cannot be deleted" -ErrRepoConn: "The repository information contains illegal characters" ErrPortRules: "The number of ports does not match, please re-enter!" #runtime diff --git a/backend/i18n/lang/zh-Hant.yaml b/backend/i18n/lang/zh-Hant.yaml index 33d19642d..36011683c 100644 --- a/backend/i18n/lang/zh-Hant.yaml +++ b/backend/i18n/lang/zh-Hant.yaml @@ -13,6 +13,7 @@ ErrNotSupportType: "系統暫不支持當前類型: {{ .detail }}" ErrNameIsExist: "名稱已存在" ErrDemoEnvironment: "演示伺服器,禁止此操作!" ErrCmdTimeout: "指令執行超時!" +ErrCmdIllegal: "執行命令中存在不合法字符,請修改後重試!" #app ErrPortInUsed: "{{ .detail }} 端口已被佔用!" @@ -83,7 +84,6 @@ ErrTypeOfRedis: "恢復文件類型與當前持久化方式不符,請修改後 #container ErrInUsed: "{{ .detail }} 正被使用,無法刪除" ErrObjectInUsed: "該對象正被使用,無法刪除" -ErrRepoConn: "倉庫資訊中存在不合法的字符" ErrPortRules: "端口數目不匹配,請重新輸入!" #runtime diff --git a/backend/i18n/lang/zh.yaml b/backend/i18n/lang/zh.yaml index 162f3c670..9072be463 100644 --- a/backend/i18n/lang/zh.yaml +++ b/backend/i18n/lang/zh.yaml @@ -13,6 +13,7 @@ ErrNotSupportType: "系统暂不支持当前类型: {{ .detail }}" ErrNameIsExist: "名称已存在" ErrDemoEnvironment: "演示服务器,禁止此操作!" ErrCmdTimeout: "命令执行超时!" +ErrCmdIllegal: "执行命令中存在不合法字符,请修改后重试!" #app ErrPortInUsed: "{{ .detail }} 端口已被占用!" @@ -83,7 +84,6 @@ ErrTypeOfRedis: "恢复文件类型与当前持久化方式不符,请修改后 #container ErrInUsed: "{{ .detail }} 正被使用,无法删除" ErrObjectInUsed: "该对象正被使用,无法删除" -ErrRepoConn: "仓库信息中存在不合法的字符" ErrPortRules: "端口数目不匹配,请重新输入!" #runtime diff --git a/backend/utils/firewall/client/firewalld.go b/backend/utils/firewall/client/firewalld.go index 3f61b67ce..d44e2a1cd 100644 --- a/backend/utils/firewall/client/firewalld.go +++ b/backend/utils/firewall/client/firewalld.go @@ -4,6 +4,8 @@ import ( "fmt" "strings" + "github.com/1Panel-dev/1Panel/backend/buserr" + "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/utils/cmd" ) @@ -114,6 +116,10 @@ func (f *Firewall) ListAddress() ([]FireInfo, error) { } func (f *Firewall) Port(port FireInfo, operation string) error { + if cmd.CheckIllegal(operation, port.Protocol, port.Port) { + return buserr.New(constant.ErrCmdIllegal) + } + stdout, err := cmd.Execf("firewall-cmd --zone=public --%s-port=%s/%s --permanent", operation, port.Port, port.Protocol) if err != nil { return fmt.Errorf("%s port failed, err: %s", operation, stdout) @@ -122,6 +128,9 @@ func (f *Firewall) Port(port FireInfo, operation string) error { } func (f *Firewall) RichRules(rule FireInfo, operation string) error { + if cmd.CheckIllegal(operation, rule.Address, rule.Protocol, rule.Port, rule.Strategy) { + return buserr.New(constant.ErrCmdIllegal) + } ruleStr := "" if strings.Contains(rule.Address, "-") { std, err := cmd.Execf("firewall-cmd --permanent --new-ipset=%s --type=hash:ip", rule.Address) diff --git a/backend/utils/firewall/client/ufw.go b/backend/utils/firewall/client/ufw.go index 72c7d1f93..acf070e71 100644 --- a/backend/utils/firewall/client/ufw.go +++ b/backend/utils/firewall/client/ufw.go @@ -4,6 +4,8 @@ import ( "fmt" "strings" + "github.com/1Panel-dev/1Panel/backend/buserr" + "github.com/1Panel-dev/1Panel/backend/constant" "github.com/1Panel-dev/1Panel/backend/utils/cmd" ) @@ -131,6 +133,9 @@ func (f *Ufw) Port(port FireInfo, operation string) error { default: return fmt.Errorf("unsupport strategy %s", port.Strategy) } + if cmd.CheckIllegal(port.Protocol, port.Port) { + return buserr.New(constant.ErrCmdIllegal) + } command := fmt.Sprintf("%s %s %s", f.CmdStr, port.Strategy, port.Port) if operation == "remove" { @@ -156,6 +161,10 @@ func (f *Ufw) RichRules(rule FireInfo, operation string) error { return fmt.Errorf("unsupport strategy %s", rule.Strategy) } + if cmd.CheckIllegal(operation, rule.Protocol, rule.Address, rule.Port) { + return buserr.New(constant.ErrCmdIllegal) + } + ruleStr := fmt.Sprintf("%s %s ", f.CmdStr, rule.Strategy) if operation == "remove" { ruleStr = fmt.Sprintf("%s delete %s ", f.CmdStr, rule.Strategy)