diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java index 03eb42c5d691..fad05e190f92 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ResourcesController.java @@ -50,7 +50,6 @@ import org.apache.dolphinscheduler.api.vo.resources.FetchFileContentResponse; import org.apache.dolphinscheduler.common.constants.Constants; import org.apache.dolphinscheduler.dao.entity.User; -import org.apache.dolphinscheduler.plugin.task.api.utils.ParameterUtils; import org.apache.dolphinscheduler.spi.enums.ResourceType; import org.apache.commons.lang3.StringUtils; @@ -261,7 +260,7 @@ public Result> pagingResourceItemRequest(@Parameter(hid .loginUser(loginUser) .resourceAbsolutePath(resourceAbsolutePath) .resourceType(resourceType) - .resourceNameKeyWord(StringUtils.trim(ParameterUtils.handleEscapes(resourceNameKeyWord))) + .resourceNameKeyWord(StringUtils.trim(resourceNameKeyWord)) .pageNo(pageNo) .pageSize(pageSize) .build(); diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java index 546ec675c962..909b9a69ffa3 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java @@ -43,7 +43,6 @@ import java.util.List; import java.util.Map; -import java.util.stream.Collectors; import lombok.extern.slf4j.Slf4j; @@ -497,10 +496,6 @@ public Result registerUser(@RequestParam(value = "userName") String user @RequestParam(value = "userPassword") String userPassword, @RequestParam(value = "repeatPassword") String repeatPassword, @RequestParam(value = "email") String email) throws Exception { - userName = ParameterUtils.handleEscapes(userName); - userPassword = ParameterUtils.handleEscapes(userPassword); - repeatPassword = ParameterUtils.handleEscapes(repeatPassword); - email = ParameterUtils.handleEscapes(email); Result verifyRet = usersService.verifyUserName(userName); if (verifyRet.getCode() != Status.SUCCESS.getCode()) { return verifyRet; @@ -523,7 +518,6 @@ public Result registerUser(@RequestParam(value = "userName") String user @ApiException(UPDATE_USER_ERROR) public Result activateUser(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestParam(value = "userName") String userName) { - userName = ParameterUtils.handleEscapes(userName); Map result = usersService.activateUser(loginUser, userName); return returnDataList(result); } @@ -542,9 +536,7 @@ public Result activateUser(@Parameter(hidden = true) @RequestAttribute(v @ApiException(UPDATE_USER_ERROR) public Result batchActivateUser(@Parameter(hidden = true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser, @RequestBody List userNames) { - List formatUserNames = - userNames.stream().map(ParameterUtils::handleEscapes).collect(Collectors.toList()); - Map result = usersService.batchActivateUser(loginUser, formatUserNames); + Map result = usersService.batchActivateUser(loginUser, userNames); return returnDataList(result); } } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkerGroupController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkerGroupController.java index 8d025bd873b7..a819e610fd58 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkerGroupController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkerGroupController.java @@ -29,7 +29,6 @@ import org.apache.dolphinscheduler.api.utils.Result; import org.apache.dolphinscheduler.common.constants.Constants; import org.apache.dolphinscheduler.dao.entity.User; -import org.apache.dolphinscheduler.plugin.task.api.utils.ParameterUtils; import java.util.Map; @@ -117,7 +116,6 @@ public Result queryAllWorkerGroupsPaging(@Parameter(hidden = true) @RequestAttri @RequestParam("pageSize") Integer pageSize, @RequestParam(value = "searchVal", required = false) String searchVal) { checkPageParams(pageNo, pageSize); - searchVal = ParameterUtils.handleEscapes(searchVal); return workerGroupService.queryAllGroupPaging(loginUser, pageNo, pageSize, searchVal); } diff --git a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowLineageController.java b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowLineageController.java index 58bb10e05bfd..88dfb271c920 100644 --- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowLineageController.java +++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowLineageController.java @@ -31,7 +31,6 @@ import org.apache.dolphinscheduler.dao.entity.User; import org.apache.dolphinscheduler.dao.entity.WorkFlowLineage; import org.apache.dolphinscheduler.dao.entity.WorkFlowRelationDetail; -import org.apache.dolphinscheduler.plugin.task.api.utils.ParameterUtils; import java.util.HashMap; import java.util.List; @@ -76,7 +75,6 @@ public class WorkflowLineageController extends BaseController { public Result> queryWorkFlowLineageByName(@Parameter(hidden = true) @RequestAttribute(value = SESSION_USER) User loginUser, @Parameter(name = "projectCode", description = "PROJECT_CODE", required = true) @PathVariable long projectCode, @RequestParam(value = "workflowDefinitionName", required = false) String workflowDefinitionName) { - workflowDefinitionName = ParameterUtils.handleEscapes(workflowDefinitionName); List workFlowLineages = workflowLineageService.queryWorkFlowLineageByName(projectCode, workflowDefinitionName); return Result.success(workFlowLineages); diff --git a/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtils.java b/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtils.java index 9733453b2d9e..ba73e4542149 100644 --- a/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtils.java +++ b/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtils.java @@ -314,15 +314,18 @@ private static String dateTemplateParse(String templateStr, Date date) { /** * handle escapes * - * @param inputString input string + * @param str input string * @return string filter escapes */ - public static String handleEscapes(String inputString) { - - if (!StringUtils.isEmpty(inputString)) { - return inputString.replace("%", "////%").replaceAll("[\n|\r\t]", "_"); + public static String handleEscapes(String str) { + str = StringUtils.trim(str); + if (StringUtils.isNotBlank(str)) { + str = str.replace("\\", "\\\\"); + str = str.replace("_", "\\_"); + str = str.replace("%", "\\%"); + str = str.replaceAll("[\n|\r\t]", ""); } - return inputString; + return str; } /** diff --git a/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/test/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtilsTest.java b/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/test/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtilsTest.java index 1c0dbc7c06c2..9ecbd256fefc 100644 --- a/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/test/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtilsTest.java +++ b/dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/test/java/org/apache/dolphinscheduler/plugin/task/api/utils/ParameterUtilsTest.java @@ -116,7 +116,9 @@ public void testHandleEscapes() throws Exception { Assertions.assertNull(ParameterUtils.handleEscapes(null)); Assertions.assertEquals("", ParameterUtils.handleEscapes("")); Assertions.assertEquals("test Parameter", ParameterUtils.handleEscapes("test Parameter")); - Assertions.assertEquals("////%test////%Parameter", ParameterUtils.handleEscapes("%test%Parameter")); + Assertions.assertEquals("\\%test\\%Parameter", ParameterUtils.handleEscapes("%test%Parameter")); + Assertions.assertEquals("\\_test\\_Parameter", ParameterUtils.handleEscapes("_test_Parameter")); + Assertions.assertEquals("\\\\test\\\\Parameter", ParameterUtils.handleEscapes("\\test\\Parameter")); } }