Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

修复模糊查询$的sql注入问题 #62

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

修复模糊查询$的sql注入问题 #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2278ac8
修复部署sentinel 端口生成唯一性问题(在同一台机器上部署master、slave、sentinel)
Oct 13, 2016
fc19e8d
修复手机号验证,支持177以及14*开头的
Oct 14, 2016
4124166
修复object转map的类型不安全问题
Oct 14, 2016
9d5e9c8
修复模糊查询$的sql注入问题
importsource Oct 20, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 9 additions & 3 deletions cachecloud-open-web/src/main/java/com/sohu/cache/redis/impl/RedisCenterImpl.java
View file
Open in desktop
Expand Up @@ -458,17 +458,23 @@ private Table<RedisConstant, String, Long> getAccumulationDiff(
*/
private Table<RedisConstant, String, Long> getCommandsDiff(Map<RedisConstant, Map<String, Object>> currentInfoMap,
Map<String, Object> lastInfoMap) {
//没有上一次统计快照,忽略差值统计
//没有上一次统计快照,忽略差值统计
if (lastInfoMap == null || lastInfoMap.isEmpty()) {
return HashBasedTable.create();
}
Map<String, Object> map = currentInfoMap.get(RedisConstant.Commandstats);
Map<String, Long> currentMap = transferLongMap(map);
Map<String, Object> lastObjectMap;
Map<String, Object> lastObjectMap=null;
if (lastInfoMap.get(RedisConstant.Commandstats.getValue()) == null) {
lastObjectMap = new HashMap<String, Object>();
} else {
lastObjectMap = (Map<String, Object>) lastInfoMap.get(RedisConstant.Commandstats.getValue());
Object lastObj=lastInfoMap.get(RedisConstant.Commandstats.getValue());
if(lastObj instanceof Map<?, ?>){
lastObjectMap = (Map<String, Object>) lastObj;
}else{
logger.error("can't cast (Object)lastObj:{} to Map<String, Object>",lastObj.toString());
throw new RuntimeException("can't cast (Object)lastObj to Map<String, Object>");
}
}
Map<String, Long> lastMap = transferLongMap(lastObjectMap);

Expand Down
103 changes: 53 additions & 50 deletions cachecloud-open-web/src/main/java/com/sohu/cache/redis/impl/RedisDeployCenterImpl.java
View file
Open in desktop
Expand Up @@ -36,6 +36,7 @@

/**
* Created by yijunzhang on 14-8-25.
* @author Hezf
*/
public class RedisDeployCenterImpl implements RedisDeployCenter {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
Expand Down Expand Up @@ -274,56 +275,58 @@ private String getClusterNodeId(Jedis jedis) {

@Override
public boolean deploySentinelInstance(long appId, String masterHost, String slaveHost, int maxMemory, List<String> sentinelList) {
if (!isExist(appId)) {
return false;
}
//获取端口
Integer masterPort = machineCenter.getAvailablePort(masterHost, ConstUtils.CACHE_REDIS_STANDALONE);
if (masterPort == null) {
logger.error("masterHost={} getAvailablePort is null", masterHost);
return false;
}
Integer slavePort = machineCenter.getAvailablePort(slaveHost, ConstUtils.CACHE_REDIS_STANDALONE);
if (slavePort == null) {
logger.error("slaveHost={} getAvailablePort is null", slavePort);
return false;
}
//运行实例
boolean isMasterRun = runInstance(masterHost, masterPort, maxMemory, false);
if (!isMasterRun) {
return false;
}
boolean isSlaveRun = runInstance(slaveHost, slavePort, maxMemory, false);
if (!isSlaveRun) {
return false;
}
//添加slaveof配置
boolean isSlave = slaveOf(masterHost, masterPort, slaveHost, slavePort);
if (!isSlave) {
return false;
}

//运行sentinel实例组
boolean isRunSentinel = runSentinelGroup(sentinelList, masterHost, masterPort, appId);
if (!isRunSentinel) {
return false;
}

//写入instanceInfo 信息
saveInstance(appId, masterHost, masterPort, maxMemory,
ConstUtils.CACHE_REDIS_STANDALONE, "");
saveInstance(appId, slaveHost, slavePort, maxMemory, ConstUtils.CACHE_REDIS_STANDALONE, "");

//启动监控trigger
boolean isMasterDeploy = redisCenter.deployRedisCollection(appId, masterHost, masterPort);
boolean isSlaveDeploy = redisCenter.deployRedisCollection(appId, slaveHost, slavePort);
if (!isMasterDeploy) {
logger.warn("host={},port={},isMasterDeploy=false", masterHost, masterPort);
}
if (!isSlaveDeploy) {
logger.warn("host={},port={},isSlaveDeploy=false", slaveHost, slavePort);
}
return true;
if (!isExist(appId)) {
return false;
}
//master
Integer masterPort = machineCenter.getAvailablePort(masterHost, ConstUtils.CACHE_REDIS_STANDALONE);
if (masterPort == null) {
logger.error("masterHost={} getAvailablePort is null", masterHost);
return false;
}
boolean isMasterRun = runInstance(masterHost, masterPort, maxMemory, false);
if (!isMasterRun) {
return false;
}
saveInstance(appId, masterHost, masterPort, maxMemory,
ConstUtils.CACHE_REDIS_STANDALONE, "");

//slave
Integer slavePort = machineCenter.getAvailablePort(slaveHost, ConstUtils.CACHE_REDIS_STANDALONE);
if (slavePort == null) {
logger.error("slaveHost={} getAvailablePort is null", slavePort);
return false;
}
boolean isSlaveRun = runInstance(slaveHost, slavePort, maxMemory, false);
if (!isSlaveRun) {
return false;
}
saveInstance(appId, slaveHost, slavePort, maxMemory, ConstUtils.CACHE_REDIS_STANDALONE, "");

//添加slaveof配置
boolean isSlave = slaveOf(masterHost, masterPort, slaveHost, slavePort);
if (!isSlave) {
return false;
}

//运行sentinel实例组
boolean isRunSentinel = runSentinelGroup(sentinelList, masterHost, masterPort, appId);
if (!isRunSentinel) {
return false;
}



//启动监控trigger
boolean isMasterDeploy = redisCenter.deployRedisCollection(appId, masterHost, masterPort);
boolean isSlaveDeploy = redisCenter.deployRedisCollection(appId, slaveHost, slavePort);
if (!isMasterDeploy) {
logger.warn("host={},port={},isMasterDeploy=false", masterHost, masterPort);
}
if (!isSlaveDeploy) {
logger.warn("host={},port={},isSlaveDeploy=false", slaveHost, slavePort);
}
return true;
}

@Override
Expand Down
4 changes: 4 additions & 0 deletions cachecloud-open-web/src/main/resources/mapper/AppClientValueStatDao.xml
View file
Open in desktop
Expand Up @@ -30,5 +30,9 @@
group by distribute_type order by distribute_type
</select>

<delete id="deleteBeforeCollectTime">
delete from app_client_value_minute_stats where collect_time &lt;#{collectTime}
</delete>


</mapper>
19 changes: 9 additions & 10 deletions cachecloud-open-web/src/main/resources/mapper/AppDao.xml
View file
Open in desktop
Expand Up @@ -6,7 +6,7 @@
<sql id="app_desc_fields">
app_id,name,user_id,status,intro,create_time,passed_time,type,officer,
ver_id,is_test,has_back_store,need_persistence,need_hot_back_up,forecase_qps,
forecast_obj_num,mem_alert_value,client_machine_room
forecast_obj_num,mem_alert_value,client_machine_room,app_key,client_conn_alert_value
</sql>
<!--通过appId查询app的信息-->
<select id="getAppDescById" resultType="AppDesc" parameterType="long">
Expand All @@ -31,19 +31,19 @@
values
(#{appId},#{name},#{userId},#{status},#{intro},#{createTime},#{passedTime},
#{type},#{officer},#{verId},#{isTest},#{hasBackStore},#{needPersistence},
#{needHotBackUp},#{forecaseQps},#{forecastObjNum},#{memAlertValue},#{clientMachineRoom})
#{needHotBackUp},#{forecaseQps},#{forecastObjNum},#{memAlertValue},#{clientMachineRoom},#{appKey},#{clientConnAlertValue})
</insert>

<update id="update" parameterType="AppDesc">
update app_desc
set name=#{name}, user_id=#{userId}, status=#{status}, intro=#{intro}, create_time=#{createTime},
passed_time=#{passedTime},type=#{type},
officer=#{officer},ver_id=#{verId}
officer=#{officer},ver_id=#{verId},mem_alert_value=#{memAlertValue},client_conn_alert_value=#{clientConnAlertValue}
where app_id=#{appId}
</update>

<sql id="app_desc_select_column">
app_desc.app_id,name,app_desc.user_id,status,intro,create_time,passed_time,type,officer,ver_id
app_desc.app_id,name,app_desc.user_id,status,intro,create_time,passed_time,type,officer,ver_id,app_key
</sql>
<select id="getAppDescList" resultType="AppDesc" parameterType="long">
select
Expand All @@ -59,7 +59,7 @@
select count(app_id) from app_desc where 1=1
<choose>
<when test="appName != null and appName != ''">
and name like '${appName}%'
and name like CONCAT(SUBSTR(#{appName}, 1, LENGTH(#{appName})),'%')
</when>
</choose>
<choose>
Expand All @@ -85,7 +85,7 @@
from app_desc where 1=1
<choose>
<when test="appName != null and appName != ''">
and name like '${appName}%'
and name like CONCAT(SUBSTR(#{appName}, 1, LENGTH(#{appName})),'%')
</when>
</choose>
<choose>
Expand Down Expand Up @@ -115,13 +115,12 @@
</choose>
</when>
</choose>

</select>


<update id="updateMemAlertValue" parameterType="AppDesc">
update app_desc set mem_alert_value=#{memAlertValue} where app_id=#{appId}
<update id="updateAppKey">
update app_desc set app_key=#{appKey} where app_id=#{appId}
</update>

</mapper>


78 changes: 78 additions & 0 deletions cachecloud-open-web/src/main/resources/mapper/AppDataMigrateStatusDao.xml
View file
Open in desktop
@@ -0,0 +1,78 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">

<mapper namespace="com.sohu.cache.dao.AppDataMigrateStatusDao">
<sql id="migrate_data_status_fields">
migrate_machine_ip,migrate_machine_port,source_migrate_type,source_servers,target_migrate_type,target_servers,
source_app_id,target_app_id,user_id,status,start_time,end_time,log_path,config_path
</sql>

<insert id="save" parameterType="AppDataMigrateStatus" keyProperty="id" useGeneratedKeys="true" >
insert into app_data_migrate_status
(<include refid="migrate_data_status_fields"/>)
values
(#{migrateMachineIp},#{migrateMachinePort},#{sourceMigrateType},#{sourceServers},#{targetMigrateType},#{targetServers},
#{sourceAppId},#{targetAppId},#{userId},#{status},#{startTime},#{endTime},#{logPath},#{configPath})
</insert>


<select id="search" resultType="AppDataMigrateStatus">
select id,<include refid="migrate_data_status_fields"/>
from app_data_migrate_status where 1=1
<choose>
<when test="appDataMigrateSearch.sourceAppId != null and appDataMigrateSearch.sourceAppId > 0">
and source_app_id = #{appDataMigrateSearch.sourceAppId}
</when>
</choose>
<choose>
<when test="appDataMigrateSearch.targetAppId != null and appDataMigrateSearch.targetAppId > 0">
and target_app_id = #{appDataMigrateSearch.targetAppId}
</when>
</choose>

<choose>
<when test="appDataMigrateSearch.sourceInstanceIp != null and appDataMigrateSearch.sourceInstanceIp != ''">
and source_servers like CONCAT('%',SUBSTR(#{appDataMigrateSearch.sourceInstanceIp}, 1, LENGTH(#{appDataMigrateSearch.sourceInstanceIp})),'%')
</when>
</choose>
<choose>
<when test="appDataMigrateSearch.targetInstanceIp != null and appDataMigrateSearch.targetInstanceIp != ''">
and target_servers like CONCAT('%',SUBSTR(#{appDataMigrateSearch.targetInstanceIp}, 1, LENGTH(#{appDataMigrateSearch.targetInstanceIp})),'%')
</when>
</choose>

<choose>
<when test="appDataMigrateSearch.startDate != null and appDataMigrateSearch.startDate != ''">
and start_time > #{appDataMigrateSearch.startDate}
</when>
</choose>
<choose>
<when test="appDataMigrateSearch.endDate != null and appDataMigrateSearch.endDate != ''">
and end_time &lt;#{appDataMigrateSearch.endDate}
</when>
</choose>
<choose>
<when test="appDataMigrateSearch.status >= 0">
and status = #{appDataMigrateSearch.status}
</when>
</choose>
</select>

<select id="getMigrateMachineStatCount" resultType="int">
select count(*)
from app_data_migrate_status where migrate_machine_ip=#{migrateMachineIp} and status = #{status}
</select>

<select id="get" resultType="AppDataMigrateStatus">
select id,<include refid="migrate_data_status_fields"/>
from app_data_migrate_status where id = #{id}
</select>

<update id="updateStatus">
update app_data_migrate_status set status = #{status}, end_time=now() where id = #{id}
</update>

</mapper>