fix: validate cron expression to prevent server crash

SonicCloudOrg · Jun 7, 2024 · f7c68d2 · f7c68d2
1 parent 0c1ade0
commit f7c68d2
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/...server-controller/src/main/java/org/cloud/sonic/controller/controller/JobsController.java b/...server-controller/src/main/java/org/cloud/sonic/controller/controller/JobsController.java
@@ -31,6 +31,8 @@
 import org.cloud.sonic.controller.models.domain.Jobs;
 import org.cloud.sonic.controller.models.dto.JobsDTO;
 import org.cloud.sonic.controller.services.JobsService;
+import org.cloud.sonic.controller.tools.QuartzJobTools;
+import org.quartz.CronExpression;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -120,9 +122,14 @@ public RespModel<List<JSONObject>> findSysJobs() {
             @Parameter(name = "type", description = "类型"),
             @Parameter(name = "cron", description = "cron表达式")
     })
+
     @PutMapping("/updateSysJob")
     public RespModel updateSysJob(@RequestBody JSONObject jsonObject) {
-        jobsService.updateSysJob(jsonObject.getString("type"), jsonObject.getString("cron"));
+    	final String cron = QuartzJobTools.validateOrDisableCronExpression(jsonObject.getString("cron"));
+    	if (!CronExpression.isValidExpression(cron)) { // https://stackoverflow.com/a/2363119/12857692
+    		return new RespModel<>(RespEnum.PARAMS_NOT_VALID);
+    	}
+        jobsService.updateSysJob(jsonObject.getString("type"), cron);
         return new RespModel<>(RespEnum.HANDLE_OK);
     }
 }
diff --git a/sonic-server-controller/src/main/java/org/cloud/sonic/controller/quartz/QuartzHandler.java b/sonic-server-controller/src/main/java/org/cloud/sonic/controller/quartz/QuartzHandler.java
@@ -21,6 +21,7 @@
 import org.cloud.sonic.controller.models.domain.Jobs;
 import org.cloud.sonic.controller.models.interfaces.JobType;
 import org.cloud.sonic.controller.services.JobsService;
+import org.cloud.sonic.controller.tools.QuartzJobTools;
 import org.quartz.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,7 +59,7 @@ public void createScheduleJob(Jobs jobs) throws SchedulerException {
             JobDetail jobDetail = JobBuilder.newJob(jobClass).withIdentity(jobs.getId() + "").build();
             jobDetail.getJobDataMap().put("id", jobs.getId());
             jobDetail.getJobDataMap().put("type", JobType.TEST_JOB);
-            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(jobs.getCronExpression())
+            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(QuartzJobTools.validateOrDisableCronExpression(jobs.getCronExpression()))
                     .withMisfireHandlingInstructionDoNothing();
             CronTrigger trigger = TriggerBuilder.newTrigger().withIdentity(jobs.getId() + "").withSchedule(scheduleBuilder).build();
             scheduler.scheduleJob(jobDetail, trigger);
@@ -134,7 +135,7 @@ public void updateScheduleJob(Jobs jobs) throws SchedulerException {
         try {
             TriggerKey triggerKey = TriggerKey.triggerKey(jobs.getId() + "");
             CronTrigger trigger = (CronTrigger) scheduler.getTrigger(triggerKey);
-            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(jobs.getCronExpression())
+            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(QuartzJobTools.validateOrDisableCronExpression(jobs.getCronExpression()))
                     .withMisfireHandlingInstructionDoNothing();
             trigger = trigger.getTriggerBuilder().withIdentity(triggerKey).withSchedule(scheduleBuilder).build();
             scheduler.rescheduleJob(triggerKey, trigger);
@@ -238,7 +239,7 @@ public void updateSysScheduleJob(String type, String cron) {
                     }
                     break;
             }
-            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(cron)
+            CronScheduleBuilder scheduleBuilder = CronScheduleBuilder.cronSchedule(QuartzJobTools.validateOrDisableCronExpression(cron))
                     .withMisfireHandlingInstructionDoNothing();
             CronTrigger trigger = TriggerBuilder.newTrigger().withIdentity(type).withSchedule(scheduleBuilder).build();
             scheduler.scheduleJob(jobDetail, trigger);

diff --git a/sonic-server-controller/src/main/java/org/cloud/sonic/controller/tools/QuartzJobTools.java b/sonic-server-controller/src/main/java/org/cloud/sonic/controller/tools/QuartzJobTools.java
@@ -0,0 +1,9 @@
+package org.cloud.sonic.controller.tools;
+
+import org.quartz.CronExpression;
+
+public final class QuartzJobTools {
+    public static String validateOrDisableCronExpression(final String cron) {
+        return (cron!=null && !cron.equals("") && CronExpression.isValidExpression(cron) ? cron : "0 0 0 ? * MON 1900");
+    }
+}