From b8f8361ab1b3dc3e10870cbc6c2ec2e8157e9714 Mon Sep 17 00:00:00 2001 From: limin Date: Sat, 15 Feb 2025 10:45:42 +0800 Subject: [PATCH] =?UTF-8?q?fix(llm):=20=E8=BF=87=E6=BB=A4=E6=A8=A1?= =?UTF-8?q?=E5=9E=8B=E6=96=87=E4=BB=B6=E4=B8=8B=E8=BD=BD=E6=97=B6=E7=9A=84?= =?UTF-8?q?=E6=97=A0=E5=90=8E=E7=BC=80=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在 ModelServiceServiceImpl 类中添加了对文件名进行过滤的逻辑 - 使用正则表达式匹配文件名,只保留包含后缀的文件 - 这个改动可以防止下载没有后缀的文件,提高文件下载的安全性 --- .../llm/service/modelservice/ModelServiceServiceImpl.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/yudao-module-llm/yudao-module-llm-biz/src/main/java/cn/iocoder/yudao/module/llm/service/modelservice/ModelServiceServiceImpl.java b/yudao-module-llm/yudao-module-llm-biz/src/main/java/cn/iocoder/yudao/module/llm/service/modelservice/ModelServiceServiceImpl.java index a263096fb..71e9c613c 100644 --- a/yudao-module-llm/yudao-module-llm-biz/src/main/java/cn/iocoder/yudao/module/llm/service/modelservice/ModelServiceServiceImpl.java +++ b/yudao-module-llm/yudao-module-llm-biz/src/main/java/cn/iocoder/yudao/module/llm/service/modelservice/ModelServiceServiceImpl.java @@ -27,6 +27,7 @@ import org.springframework.validation.annotation.Validated; import javax.annotation.Resource; import java.util.*; +import java.util.regex.Pattern; import java.util.stream.Collectors; import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception; @@ -313,6 +314,10 @@ public class ModelServiceServiceImpl implements ModelServiceService { List res = new ArrayList<>(); if (fileList != null){ for (String fileName : fileList) { + Pattern extensionPattern = Pattern.compile("\\.[a-zA-Z0-9]+$"); + if (!extensionPattern.matcher(fileName).find()){ + continue; + } res.add(modelFileDownload + baseModelName +"/" + fileName); } }