From 233953eab2f36f34a2711aab2954ac899de8ec98 Mon Sep 17 00:00:00 2001
From: Administrator <15274802129@163.com>
Date: Wed, 08 Apr 2026 17:07:32 +0800
Subject: [PATCH] refactor(video): 重构视频播放控制器提升安全性与性能
---
src/main/java/cc/mrbird/febs/ai/controller/productPoint/VideoPlayController.java | 31 +++++++++++++++++++++++++------
1 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/ai/controller/productPoint/VideoPlayController.java b/src/main/java/cc/mrbird/febs/ai/controller/productPoint/VideoPlayController.java
index 6fe724c..de176b7 100644
--- a/src/main/java/cc/mrbird/febs/ai/controller/productPoint/VideoPlayController.java
+++ b/src/main/java/cc/mrbird/febs/ai/controller/productPoint/VideoPlayController.java
@@ -214,16 +214,35 @@
/**
* 安全校验:防止路径遍历攻击
*/
+// private boolean isSafePath(String companyId, String fileName) {
+// if (StrUtil.isBlank(companyId) || StrUtil.isBlank(fileName)) {
+// return false;
+// }
+// // 限制字符集,禁止 .. 和以点开头
+// boolean companyIdValid = companyId.matches("^[a-zA-Z0-9_-]{1,64}$");
+// boolean fileNameValid = fileName.matches("^[a-zA-Z0-9._-]{1,255}$") &&
+// !fileName.startsWith(".") &&
+// !fileName.contains("..");
+// return companyIdValid && fileNameValid;
+// }
+
private boolean isSafePath(String companyId, String fileName) {
if (StrUtil.isBlank(companyId) || StrUtil.isBlank(fileName)) {
return false;
}
- // 限制字符集,禁止 .. 和以点开头
- boolean companyIdValid = companyId.matches("^[a-zA-Z0-9_-]{1,64}$");
- boolean fileNameValid = fileName.matches("^[a-zA-Z0-9._-]{1,255}$") &&
- !fileName.startsWith(".") &&
- !fileName.contains("..");
- return companyIdValid && fileNameValid;
+ // companyId 仍然建议保持严格(防止意外目录穿越)
+ if (!companyId.matches("^[a-zA-Z0-9_-]{1,64}$")) {
+ return false;
+ }
+ // 禁止路径遍历和危险字符
+ if (fileName.contains("..") || fileName.contains("/") || fileName.contains("\\") || fileName.contains("\0")) {
+ return false;
+ }
+ // 长度限制
+ if (fileName.length() > 255) {
+ return false;
+ }
+ return true;
}
/**
--
Gitblit v1.9.1