datageartech / datagear Goto Github PK
View Code? Open in Web Editor NEWDataGear数据可视化分析平台,自由制作任何您想要的数据看板
Home Page: http://www.datagear.tech
License: GNU Lesser General Public License v3.0
DataGear数据可视化分析平台,自由制作任何您想要的数据看板
Home Page: http://www.datagear.tech
License: GNU Lesser General Public License v3.0
Hey there!
I belong to an open source security research community, and a member (@Firebasky) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
是否支持国产数据库 例如达梦 优炫等数据库
RT
Hi, In /datagear-web,there is a dependency org.springframework.security:spring-security-web:5.6.2 that calls the risk method.
The scope of this CVE affected version is [5.6.0, 5.6.9) [5.7.0, 5.7.5)
After further analysis, in this project, the main Api called is org.springframework.security.web.access.intercept.AuthorizationFilter: doFilterInternal(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)V
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 4
CVE Bug Invocation Path :
org.datagear.web.security.AnonymousAuthenticationFilterExt: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)V /.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.6.6/spring-boot-autoconfigure-2.6.6.jar
org.springframework.security.web.FilterChainProxy$VirtualFilterChain: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)V /.m2/repository/org/springframework/security/spring-security-web/5.6.2/spring-security-web-5.6.2.jar
org.springframework.web.filter.OncePerRequestFilter: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)V /.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.6.6/spring-boot-autoconfigure-2.6.6.jar
org.springframework.security.web.access.intercept.AuthorizationFilter: doFilterInternal(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)V
Dependency tree--
[INFO] org.datagear:datagear-web:war:4.5.0
[INFO] +- org.datagear:datagear-persistence:jar:4.5.0:compile
[INFO] | +- org.datagear:datagear-meta:jar:4.5.0:compile
[INFO] | +- org.springframework:spring-expression:jar:5.3.18:compile
[INFO] | \- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.datagear:datagear-management:jar:4.5.0:compile
[INFO] | +- org.datagear:datagear-connection:jar:4.5.0:compile
[INFO] | +- org.mybatis:mybatis:jar:3.3.1:compile
[INFO] | +- org.mybatis:mybatis-spring:jar:1.3.1:compile
[INFO] | +- org.springframework:spring-tx:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-context:jar:5.3.18:compile
[INFO] +- org.datagear:datagear-dataexchange:jar:4.5.0:compile
[INFO] | +- org.apache.commons:commons-csv:jar:1.9.0:compile
[INFO] | +- org.apache.poi:poi:jar:4.1.2:compile
[INFO] | | +- org.apache.commons:commons-collections4:jar:4.4:compile
[INFO] | | +- org.apache.commons:commons-math3:jar:3.6.1:compile
[INFO] | | \- com.zaxxer:SparseBitSet:jar:1.2:compile
[INFO] | +- org.apache.poi:poi-ooxml:jar:4.1.2:compile
[INFO] | | +- org.apache.poi:poi-ooxml-schemas:jar:4.1.2:compile
[INFO] | | | \- org.apache.xmlbeans:xmlbeans:jar:3.1.0:compile
[INFO] | | +- org.apache.commons:commons-compress:jar:1.19:compile
[INFO] | | \- com.github.virtuald:curvesapi:jar:1.06:compile
[INFO] | \- org.glassfish:javax.json:jar:1.1.4:compile
[INFO] +- org.datagear:datagear-analysis:jar:4.5.0:compile
[INFO] | +- org.freemarker:freemarker:jar:2.3.31:compile
[INFO] | +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
[INFO] | | +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.3:compile
[INFO] | | \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
[INFO] | \- com.jayway.jsonpath:json-path:jar:2.6.0:compile
[INFO] | \- net.minidev:json-smart:jar:2.4.8:compile
[INFO] | \- net.minidev:accessors-smart:jar:2.4.8:compile
[INFO] | \- org.ow2.asm:asm:jar:9.1:compile
[INFO] +- org.datagear:datagear-util:jar:4.5.0:compile
[INFO] +- javax.servlet:javax.servlet-api:jar:4.0.1:provided
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-logging:jar:2.6.6:compile
[INFO] | | +- ch.qos.logback:logback-classic:jar:1.2.11:compile
[INFO] | | | \- ch.qos.logback:logback-core:jar:1.2.11:compile
[INFO] | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.17.2:compile
[INFO] | | | \- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] | | \- org.slf4j:jul-to-slf4j:jar:1.7.36:compile
[INFO] | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | +- org.springframework:spring-core:jar:5.3.18:compile
[INFO] | | \- org.springframework:spring-jcl:jar:5.3.18:compile
[INFO] | \- org.yaml:snakeyaml:jar:1.29:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:2.6.6:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.13.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.13.2:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.13.2:compile
[INFO] | +- org.springframework:spring-web:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-webmvc:jar:5.3.18:compile
[INFO] +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.6.6:provided
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.60:provided
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.60:compile
[INFO] | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.60:provided
[INFO] +- org.springframework.boot:spring-boot-starter-freemarker:jar:2.6.6:compile
[INFO] | \- org.springframework:spring-context-support:jar:5.3.18:compile
[INFO] +- org.springframework.boot:spring-boot-starter-security:jar:2.6.6:compile
[INFO] | +- org.springframework:spring-aop:jar:5.3.18:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:5.6.2:compile
[INFO] | | \- org.springframework.security:spring-security-core:jar:5.6.2:compile
[INFO] | | \- org.springframework.security:spring-security-crypto:jar:5.6.2:compile
[INFO] | \- org.springframework.security:spring-security-web:jar:5.6.2:compile
[INFO] +- org.springframework.boot:spring-boot-starter-validation:jar:2.6.6:compile
[INFO] | \- org.hibernate.validator:hibernate-validator:jar:6.2.3.Final:compile
[INFO] | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | +- org.jboss.logging:jboss-logging:jar:3.4.3.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] +- com.github.ben-manes.caffeine:caffeine:jar:2.9.3:compile
[INFO] | +- org.checkerframework:checker-qual:jar:3.19.0:compile
[INFO] | \- com.google.errorprone:error_prone_annotations:jar:2.10.0:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-beans:jar:5.3.18:compile
[INFO] +- org.aspectj:aspectjweaver:jar:1.9.7:runtime
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.2:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] +- org.apache.derby:derby:jar:10.14.2.0:compile
[INFO] +- org.apache.commons:commons-dbcp2:jar:2.9.0:compile
[INFO] | \- org.apache.commons:commons-pool2:jar:2.11.1:compile
[INFO] +- commons-fileupload:commons-fileupload:jar:1.4:compile
[INFO] | \- commons-io:commons-io:jar:2.2:compile
[INFO] +- org.quartz-scheduler:quartz:jar:2.3.2:compile
[INFO] | \- com.mchange:mchange-commons-java:jar:0.2.15:compile
[INFO] +- org.springframework.boot:spring-boot-devtools:jar:2.6.6:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.hamcrest:hamcrest-library:jar:2.2:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:2.2:test
[INFO] +- junit:junit:jar:4.13.2:test
[INFO] \- mysql:mysql-connector-java:jar:8.0.28:test
Suggested solutions:
Update dependency version
Thank you very much.
你好,
请问箱型图的数据集如何定义?
定义方式和Echarts有很大区别,能举个例子吗
本地开发的看板,到服务器部署时,如果不全量覆盖,所有的ID都要修改,这是个很痛苦的过程。能优化这个逻辑吗?
DataGear is an open-source and free data visualization analysis platform that allows you to freely create any kind of data dashboard you want, supporting access to multiple data sources such as SQL, CSV, Excel, HTTP interface, JSON, etc.
DataGear v5.0.0 has a SpEL expression injection vulnerability leading to remote code execution.
The org.datagear.persistence.support.ConversionSqlParamValueMapper#evaluateVariableExpression
function parses SpEL expression directly without any filter, and the expression parameter is controllable, leading to SpEL expression injection.
protected Object evaluateVariableExpression(Connection cn, Table table, Column column, String value,
NameExpression expression, ExpressionEvaluationContext expressionEvaluationContext,
List<Object> expressionValues) throws Throwable
{
// ......
try
{
spelExpression = this.spelExpressionParser.parseExpression(expression.getContent());
}
catch (Throwable t)
{
// ......
}
try
{
expValue = spelExpression.getValue(expressionEvaluationContext.getVariableExpressionBean());
}
catch (Throwable t)
{
// ......
}
// ......
return expValue;
}
When request the /data/{schemaId}/{tableName}/view
interface, if the database table doesn't have a primary key, an attacker can inject a malicious SpEL expression into the data field, and when the "view" button is clicked, the SpEL expression will be executed.
The evil SpEL expression can be like this
#{T(java.lang.String).forName('java.lang.Runtime').getRuntime().exec('calc')}
datagear version: v5.0.0
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:122)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:123)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:39)
at org.datagear.web.util.DashboardSharePasswordCryptoImpl.encrypt(DashboardSharePasswordCryptoImpl.java:59)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:80)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:24)
at org.datagear.management.service.impl.AbstractMybatisService.update(AbstractMybatisService.java:149)
at org.datagear.management.service.impl.AbstractMybatisEntityService.update(AbstractMybatisEntityService.java:105)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.save(DashboardShareSetServiceImpl.java:63)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$FastClassBySpringCGLIB$$e857b093.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$EnhancerBySpringCGLIB$$18c41159.save()
at org.datagear.web.controller.DashboardController.saveShareSet(DashboardController.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.AnonymousAuthenticationFilterExt.doFilter(AnonymousAuthenticationFilterExt.java:94)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.LoginLatchFilter.doFilter(LoginLatchFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: javax.crypto.spec.SecretKeySpec
at javax.crypto.Cipher.chooseProvider(Cipher.java:893)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:115)
... 121 more
便于将该平台集成至统一认证平台。
Hi, In datagear/datagear-dataexchange,there is a dependency org.apache.poi:poi-ooxml:3.17 that calls the risk method.
The scope of this CVE affected version is [,4.1.0)
After further analysis, in this project, the main Api called is <org.apache.poi.xssf.streaming.SXSSFCell: void setCellValue(java.lang.String)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 2
<org.apache.poi.xssf.streaming.SXSSFCell: void setCellValue(java.lang.String)>
at <org.datagear.dataexchange.support.ExcelDataExportService: void writeRecords(org.datagear.dataexchange.support.ExcelDataExport,java.sql.Connection,java.util.List,java.sql.ResultSet,java.io.OutputStream,org.datagear.dataexchange.support.ExcelDataExportService$ExcelDataExportContext)> (org.datagear.dataexchange.support.ExcelDataExportService.java:[131]) in /detect/unzip/datagear-master/datagear-dataexchange/target/classes
Dependency tree--
[INFO] org.datagear:datagear-dataexchange:jar:2.2.0
[INFO] +- org.datagear:datagear-util:jar:2.2.0:compile
[INFO] +- org.datagear:datagear-persistence:jar:2.2.0:compile
[INFO] | +- org.datagear:datagear-meta:jar:2.2.0:compile
[INFO] | | \- org.datagear:datagear-connection:jar:2.2.0:compile
[INFO] | | +- org.apache.commons:commons-dbcp2:jar:2.7.0:compile
[INFO] | | | \- org.apache.commons:commons-pool2:jar:2.8.1:compile
[INFO] | | \- com.google.guava:guava:jar:28.2-jre:compile
[INFO] | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | | +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | +- org.springframework:spring-expression:jar:5.2.11.RELEASE:compile
[INFO] | | \- org.springframework:spring-core:jar:5.2.11.RELEASE:compile
[INFO] | | \- org.springframework:spring-jcl:jar:5.2.11.RELEASE:compile
[INFO] | \- commons-codec:commons-codec:jar:1.14:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.4:compile
[INFO] +- org.apache.poi:poi:jar:3.17:compile
[INFO] | \- org.apache.commons:commons-collections4:jar:4.1:compile
[INFO] +- org.apache.poi:poi-ooxml:jar:3.17:compile
[INFO] | +- org.apache.poi:poi-ooxml-schemas:jar:3.17:compile
[INFO] | | \- org.apache.xmlbeans:xmlbeans:jar:2.6.0:compile
[INFO] | | \- stax:stax-api:jar:1.0.1:compile
[INFO] | \- com.github.virtuald:curvesapi:jar:1.04:compile
[INFO] +- org.glassfish:javax.json:jar:1.0.4:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
Suggested solutions:
Update dependency version
Thank you very much.
现象描述:无法显示出hive的表
安装环境:java1.8,win10
(1)Hive是CDH6.0.0的版本,hive-common-2.1.1,驱动是从Cloudera官网下载的HiveJDBC-2.6.19.1022中的ClouderaHiveJDBC42-2.6.19.1022,驱动包为HiveJDBC42.jar,使用的类名为com.cloudera.hive.jdbc.HS2Driver
(2)确定驱动包是上传成功的
(3)配置好数据驱动后,点击测试,测试通过,点击数据源,无法显示出数据库的表(有几率报错:无法解析表结构)
(4)在数据源中无法显示表,但是在数据集中可以通过sql查询到表
(5)在看板中也能正常显示
grafana是支持prometheus的,你们不支持?
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:122)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:123)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:39)
at org.datagear.web.util.DashboardSharePasswordCryptoImpl.encrypt(DashboardSharePasswordCryptoImpl.java:59)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:80)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:24)
at org.datagear.management.service.impl.AbstractMybatisService.update(AbstractMybatisService.java:149)
at org.datagear.management.service.impl.AbstractMybatisEntityService.update(AbstractMybatisEntityService.java:105)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.save(DashboardShareSetServiceImpl.java:63)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$FastClassBySpringCGLIB$$e857b093.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$EnhancerBySpringCGLIB$$18c41159.save()
at org.datagear.web.controller.DashboardController.saveShareSet(DashboardController.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.AnonymousAuthenticationFilterExt.doFilter(AnonymousAuthenticationFilterExt.java:94)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.LoginLatchFilter.doFilter(LoginLatchFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: javax.crypto.spec.SecretKeySpec
at javax.crypto.Cipher.chooseProvider(Cipher.java:893)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:115)
... 121 more
What is the format of the JSON request body of the Graphql request ? I can not find the usage in the documentation. Please show me an example! Thank you !
你好作者,你得作品很棒,让我很想去看懂源码,但是好像和常用的架构不太一样,让我疑惑是不是用了定制的框架,或者要是能有一个项目的技术栈,架构图,这将对了解项目有很大的帮助
Post请求数据源怎么进行传参,完全不清楚怎么使用,网上也找不到资料
尊敬的开发您好:
我们现在想基于您的平台,做一个内部不商用的数据展示平台。要求是有上传、编辑图表功能
我看完了文档,没看到可以外部调用的API(如Java访问对应端口,传递看板IDxxxx
,得到此看板的对应数据,然后可以调用替换接口,传递图表IDyyyyy
,将看板的指定图表设置为新传入的yyyy
,进而实现使用 Java 替换看板内容)
如果有的话,可以麻烦您指点位置吗?
或者请问有开发此类接口的计划吗?
感谢🙏
提示缺少很多张表
DevTools failed to load SourceMap: Could not load content for http://127.0.0.1:50401/static/script/DataTables-1.10.18/pdfmake.min.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.