|
|
@@ -18,12 +18,12 @@
|
|
|
package org.apache.dolphinscheduler.plugin.alert.script;
|
|
|
|
|
|
import org.apache.dolphinscheduler.alert.api.AlertResult;
|
|
|
-
|
|
|
-import java.util.Map;
|
|
|
-
|
|
|
import org.slf4j.Logger;
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
|
+import java.io.File;
|
|
|
+import java.util.Map;
|
|
|
+
|
|
|
public final class ScriptSender {
|
|
|
private static final Logger logger = LoggerFactory.getLogger(ScriptSender.class);
|
|
|
private static final String ALERT_TITLE_OPTION = " -t ";
|
|
|
@@ -54,6 +54,21 @@ public final class ScriptSender {
|
|
|
alertResult.setMessage("shell script not support windows os");
|
|
|
return alertResult;
|
|
|
}
|
|
|
+ //validate script path in case of injections
|
|
|
+ File shellScriptFile = new File(scriptPath);
|
|
|
+ //validate existence
|
|
|
+ if (!shellScriptFile.exists()) {
|
|
|
+ logger.error("shell script not exist : {}", scriptPath);
|
|
|
+ alertResult.setMessage("shell script not exist : " + scriptPath);
|
|
|
+ return alertResult;
|
|
|
+ }
|
|
|
+ //validate is file
|
|
|
+ if (!shellScriptFile.isFile()) {
|
|
|
+ logger.error("shell script is not a file : {}", scriptPath);
|
|
|
+ alertResult.setMessage("shell script is not a file : " + scriptPath);
|
|
|
+ return alertResult;
|
|
|
+ }
|
|
|
+
|
|
|
String[] cmd = {"/bin/sh", "-c", scriptPath + ALERT_TITLE_OPTION + "'" + title + "'" + ALERT_CONTENT_OPTION + "'" + content + "'" + ALERT_USER_PARAMS_OPTION + "'" + userParams + "'"};
|
|
|
int exitCode = ProcessUtils.executeScript(cmd);
|
|
|
|
Tq