Skip to content

Commit 36b37ae

Browse files
kyonRaykyonRay
authored
<fix>(console): fix w/r file security issues. (#832)
1 parent 849378b commit 36b37ae

File tree

2 files changed

+37
-78
lines changed

2 files changed

+37
-78
lines changed

src/main/java/console/ConsoleInitializer.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,9 @@ private AccountInfo loadAccountRandomly(BcosSDK bcosSDK, Client client) {
174174
String subDir = client.getCryptoSuite().getKeyPairFactory().getKeyStoreSubDir();
175175
String keyStoreFileDir = keyStoreDirPath + File.separator + subDir;
176176
File keyStoreFileDirPath = new File(keyStoreFileDir);
177-
logger.debug("loadAccountRandomly, keyStoreFileDirPath:{}", keyStoreFileDir);
177+
if (logger.isDebugEnabled()) {
178+
logger.debug("loadAccountRandomly, keyStoreFileDirPath:{}", keyStoreFileDir);
179+
}
178180
if (!keyStoreFileDirPath.exists() || !keyStoreFileDirPath.isDirectory()) {
179181
return null;
180182
}

src/main/java/console/contract/utils/ContractCompiler.java

Lines changed: 34 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import console.contract.model.AbiAndBin;
2525
import java.io.File;
2626
import java.io.IOException;
27+
import java.nio.charset.Charset;
2728
import org.apache.commons.io.FileUtils;
2829
import org.fisco.bcos.sdk.codegen.CodeGenUtils;
2930
import org.fisco.bcos.sdk.codegen.exceptions.CodeGenException;
@@ -75,6 +76,7 @@ public static AbiAndBin compileSolToBinAndAbi(File contractFile, String abiDir,
7576
throws CompileContractException, IOException {
7677
return compileSolToBinAndAbi(contractFile, abiDir, binDir, null);
7778
}
79+
7880
// compile with libraries option
7981
public static AbiAndBin compileSolToBinAndAbi(
8082
File contractFile, String abiDir, String binDir, String librariesOption)
@@ -160,46 +162,23 @@ public static void checkBinaryCode(String contractName, String binary)
160162
public static void saveAbiAndBin(
161163
Integer groupId, AbiAndBin abiAndBin, String contractName, String contractAddress)
162164
throws IOException {
163-
File abiPath =
164-
new File(
165-
COMPILED_PATH
166-
+ File.separator
167-
+ groupId
168-
+ File.separator
169-
+ contractName
170-
+ File.separator
171-
+ contractAddress
172-
+ File.separator
173-
+ contractName
174-
+ ABI_POSTFIX);
175-
File binPath =
176-
new File(
177-
COMPILED_PATH
178-
+ File.separator
179-
+ groupId
180-
+ File.separator
181-
+ contractName
182-
+ File.separator
183-
+ contractAddress
184-
+ File.separator
185-
+ contractName
186-
+ BIN_POSTFIX);
187-
File smBinPath =
188-
new File(
189-
COMPILED_PATH
190-
+ File.separator
191-
+ groupId
192-
+ File.separator
193-
+ contractName
194-
+ File.separator
195-
+ contractAddress
196-
+ File.separator
197-
+ contractName
198-
+ SM_POSTFIX
199-
+ BIN_POSTFIX);
200-
FileUtils.writeStringToFile(abiPath, abiAndBin.getAbi());
201-
FileUtils.writeStringToFile(binPath, abiAndBin.getBin());
202-
FileUtils.writeStringToFile(smBinPath, abiAndBin.getSmBin());
165+
String contractDir =
166+
COMPILED_PATH
167+
+ File.separator
168+
+ groupId
169+
+ File.separator
170+
+ contractName
171+
+ File.separator
172+
+ contractAddress
173+
+ File.separator
174+
+ contractName;
175+
contractDir = contractDir.replace("..", "");
176+
File abiPath = new File(contractDir + ABI_POSTFIX);
177+
File binPath = new File(contractDir + BIN_POSTFIX);
178+
File smBinPath = new File(contractDir + SM_POSTFIX + BIN_POSTFIX);
179+
FileUtils.writeStringToFile(abiPath, abiAndBin.getAbi(), Charset.defaultCharset());
180+
FileUtils.writeStringToFile(binPath, abiAndBin.getBin(), Charset.defaultCharset());
181+
FileUtils.writeStringToFile(smBinPath, abiAndBin.getSmBin(), Charset.defaultCharset());
203182
}
204183

205184
public static AbiAndBin loadAbiAndBin(
@@ -222,43 +201,21 @@ public static AbiAndBin loadAbiAndBin(
222201
String contractAddress,
223202
boolean needCompile)
224203
throws IOException, CodeGenException, CompileContractException {
225-
File abiPath =
226-
new File(
227-
COMPILED_PATH
228-
+ File.separator
229-
+ groupId
230-
+ File.separator
231-
+ contractName
232-
+ File.separator
233-
+ contractAddress
234-
+ File.separator
235-
+ contractName
236-
+ ABI_POSTFIX);
237-
File binPath =
238-
new File(
239-
COMPILED_PATH
240-
+ File.separator
241-
+ groupId
242-
+ File.separator
243-
+ contractName
244-
+ File.separator
245-
+ contractAddress
246-
+ File.separator
247-
+ contractName
248-
+ BIN_POSTFIX);
249-
File smBinPath =
250-
new File(
251-
COMPILED_PATH
252-
+ File.separator
253-
+ groupId
254-
+ File.separator
255-
+ contractName
256-
+ File.separator
257-
+ contractAddress
258-
+ File.separator
259-
+ contractName
260-
+ SM_POSTFIX
261-
+ BIN_POSTFIX);
204+
205+
String contractDir =
206+
COMPILED_PATH
207+
+ File.separator
208+
+ groupId
209+
+ File.separator
210+
+ contractName
211+
+ File.separator
212+
+ contractAddress
213+
+ File.separator
214+
+ contractName;
215+
contractDir = contractDir.replace("..", "");
216+
File abiPath = new File(contractDir + ABI_POSTFIX);
217+
File binPath = new File(contractDir + BIN_POSTFIX);
218+
File smBinPath = new File(contractDir + SM_POSTFIX + BIN_POSTFIX);
262219
if (!abiPath.exists() || !binPath.exists() || !smBinPath.exists()) {
263220
if (needCompile) {
264221
AbiAndBin abiAndBin = ContractCompiler.compileContract(contractNameOrPath);

0 commit comments

Comments
 (0)