js演练场漏洞修复

2025-12-16 20:33:03 +00:00 · 2025-11-30 02:07:56 +08:00
parent 49b8501e86
commit f750aa68e8
9 changed files with 1198 additions and 19 deletions
--- a/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java
+++ b/web-service/src/main/java/cn/qaiu/lz/web/controller/PlaygroundApi.java
@@ -41,6 +41,7 @@ import java.util.stream.Collectors;
 public class PlaygroundApi {

    private static final int MAX_PARSER_COUNT = 100;
+    private static final int MAX_CODE_LENGTH = 128 * 1024; // 128KB 代码长度限制
    private final DbService dbService = AsyncServiceUtil.getAsyncServiceInstance(DbService.class);

    /**
@@ -68,6 +69,15 @@ public class PlaygroundApi {
                        .build()));
                return promise.future();
            }
+            
+            // 代码长度验证
+            if (jsCode.length() > MAX_CODE_LENGTH) {
+                promise.complete(JsonObject.mapFrom(PlaygroundTestResp.builder()
+                        .success(false)
+                        .error("代码长度超过限制（最大128KB），当前长度: " + jsCode.length() + " 字节")
+                        .build()));
+                return promise.future();
+            }

            if (StringUtils.isBlank(shareUrl)) {
                promise.complete(JsonObject.mapFrom(PlaygroundTestResp.builder()
@@ -257,6 +267,12 @@ public class PlaygroundApi {
                promise.complete(JsonResult.error("JavaScript代码不能为空").toJsonObject());
                return promise.future();
            }
+            
+            // 代码长度验证
+            if (jsCode.length() > MAX_CODE_LENGTH) {
+                promise.complete(JsonResult.error("代码长度超过限制（最大128KB），当前长度: " + jsCode.length() + " 字节").toJsonObject());
+                return promise.future();
+            }

            // 解析元数据
            try {
--- a/web-service/src/main/resources/http-tools/test2.http
+++ b/web-service/src/main/resources/http-tools/test2.http
@@ -18,4 +18,16 @@ GET http://lzzz.qaiu.top/v2/shout/retrieve?code=414016
 }

 ###
-https://gfs302n511.userstorage.mega.co.nz/dl/XwiiRG-Z97rz7wcbWdDmcd654FGkYU3FJncTobxhpPR9GVSggHJQsyMGdkLsWEiIIf71RUXcQPtV7ljVc0Z3tA_ThaUb9msdh7tS0z-2CbaRYSM5176DFxDKQtG84g
+https://gfs302n511.userstorage.mega.co.nz/dl/XwiiRG-Z97rz7wcbWdDmcd654FGkYU3FJncTobxhpPR9GVSggHJQsyMGdkLsWEiIIf71RUXcQPtV7ljVc0Z3tA_ThaUb9msdh7tS0z-2CbaRYSM5176DFxDKQtG84g
+
+
+###
+POST http://127.0.0.1:6400/v2/playground/test
+Content-Type: application/json
+
+{
+  "jsCode": "// ==UserScript==\n// @name DoS Test\n// @type dos_test\n// @displayName DoS\n// @match https://example\\.com/(?<KEY>\\w+)\n// @author hacker\n// @version 1.0.0\n// ==/UserScript==\n\nfunction parse(shareLinkInfo, http, logger) {\n    logger.info('Starting infinite loop...');\n    while(true) {\n        // Infinite loop - will hang the worker thread\n        var x = 1 + 1;\n    }\n    return 'never reached';\n}",
+  "shareUrl": "https://example.com/test",
+  "pwd": "",
+  "method": "parse"
+}