crabapples
/
Sentinel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dashboard: Improve param validation in MachineRegistryController 

Signed-off-by: Eric Zhao <sczyh16@gmail.com>
This commit is contained in:
Eric Zhao 2021-03-23 10:46:01 +08:00
parent a79ef35847
commit 744be07a57
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
sentinel-dashboard/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/MachineRegistryController.java
View File

@ -18,9 +18,9 @@ package com.alibaba.csp.sentinel.dashboard.controller;
import com.alibaba.csp.sentinel.dashboard.discovery.AppManagement; import com.alibaba.csp.sentinel.dashboard.discovery.AppManagement;
import com.alibaba.csp.sentinel.util.StringUtil; import com.alibaba.csp.sentinel.util.StringUtil;
import com.alibaba.csp.sentinel.dashboard.discovery.MachineDiscovery;
import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo; import com.alibaba.csp.sentinel.dashboard.discovery.MachineInfo;
import com.alibaba.csp.sentinel.dashboard.domain.Result; import com.alibaba.csp.sentinel.dashboard.domain.Result;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -41,21 +41,28 @@ public class MachineRegistryController {
@ResponseBody @ResponseBody
@RequestMapping("/machine") @RequestMapping("/machine")
public Result<?> receiveHeartBeat(String app, @RequestParam(value = "app_type", required = false, defaultValue = "0") Integer appType, Long version, String v, String hostname, String ip, Integer port) { public Result<?> receiveHeartBeat(String app,
if (app == null) { @RequestParam(value = "app_type", required = false, defaultValue = "0")
app = MachineDiscovery.UNKNOWN_APP_NAME; Integer appType, Long version, String v, String hostname, String ip,
Integer port) {
if (StringUtil.isBlank(app) || app.length() > 256) {
return Result.ofFail(-1, "invalid appName");
} }
if (ip == null) { if (StringUtil.isBlank(ip) || ip.length() > 128) {
return Result.ofFail(-1, "ip can't be null"); return Result.ofFail(-1, "invalid ip: " + ip);
} }
if (port == null) { if (port == null || port < -1) {
return Result.ofFail(-1, "port can't be null"); return Result.ofFail(-1, "invalid port");
}
if (hostname != null && hostname.length() > 256) {
return Result.ofFail(-1, "hostname too long");
} }
if (port == -1) { if (port == -1) {
logger.info("Receive heartbeat from " + ip + " but port not set yet"); logger.warn("Receive heartbeat from " + ip + " but port not set yet");
return Result.ofFail(-1, "your port not set yet"); return Result.ofFail(-1, "your port not set yet");
} }
String sentinelVersion = StringUtil.isEmpty(v) ? "unknown" : v; String sentinelVersion = StringUtil.isBlank(v) ? "unknown" : v;
version = version == null ? System.currentTimeMillis() : version; version = version == null ? System.currentTimeMillis() : version;
try { try {
MachineInfo machineInfo = new MachineInfo(); MachineInfo machineInfo = new MachineInfo();