安全告警修复

Signed-off-by: yaozh <yaozihao2@h-partners.com>
This commit is contained in:
yaozh
2026-05-22 10:15:18 +08:00
parent 05e3939f96
commit bf87460944
2 changed files with 38 additions and 5 deletions
@@ -151,9 +151,11 @@ void RingtoneRestore::CustomizedRingToneHandle(FileInfo& fileInfo)
auto rawRdb = rdbStore->GetRaw();
CHECK_AND_RETURN_LOG(rawRdb != nullptr, "rawRdb is nullptr");
string sql = "SELECT " + VIBRATE_COLUMN_DATA + " FROM " +
RINGTONE_TABLE + " WHERE " + VIBRATE_COLUMN_DATA + " like " + "'%" +
dataPath + "' AND " + RINGTONE_COLUMN_SOURCE_TYPE + " = 1";
auto resultSet = rawRdb->QuerySql(sql);
RINGTONE_TABLE + " WHERE " + VIBRATE_COLUMN_DATA + " LIKE ?" +
" AND " + RINGTONE_COLUMN_SOURCE_TYPE + " = 1";
std::vector<NativeRdb::ValueObject> bindArgs;
bindArgs.push_back(NativeRdb::ValueObject("%" + dataPath));
auto resultSet = rawRdb->QuerySql(sql, bindArgs);
CHECK_AND_RETURN_LOG(resultSet != nullptr, "resultSet is nullptr");
if (resultSet->GoToFirstRow() != NativeRdb::E_OK) {
resultSet->Close();
+33 -2
View File
@@ -435,6 +435,33 @@ bool RingtoneFileUtils::MoveFile(const string &oldPath, const string &newPath)
return errRet;
}
static bool GetSafeDestPath(const string &newPath, string &absNewPath)
{
bool newPathExists = PathToRealPath(newPath, absNewPath);
if (newPathExists) {
return true; // 目标存在,路径已验证
}
// 目标不存在,校验父目录
size_t lastSlash = newPath.rfind('/');
if (lastSlash == std::string::npos) {
RINGTONE_ERR_LOG("No parent directory in path");
return false;
}
string parentDir = newPath.substr(0, lastSlash);
string fileName = newPath.substr(lastSlash + 1);
if (fileName.empty() || fileName.find('/') != std::string::npos) {
RINGTONE_ERR_LOG("Invalid file name");
return false;
}
string absParentDir;
if (!PathToRealPath(parentDir, absParentDir)) {
RINGTONE_ERR_LOG("Parent directory not valid");
return false;
}
absNewPath = absParentDir + "/" + fileName;
return true;
}
bool RingtoneFileUtils::CopyFileUtil(const string &filePath, const string &newPath)
{
struct stat fst{};
@@ -466,8 +493,12 @@ bool RingtoneFileUtils::CopyFileUtil(const string &filePath, const string &newPa
RINGTONE_ERR_LOG("Open failed for source file");
return ret;
}
int32_t dest = open(newPath.c_str(), O_WRONLY | O_CREAT, MODE_RW_USR);
string absNewPath;
if (!GetSafeDestPath(newPath, absNewPath)) {
close(source);
return false;
}
int32_t dest = open(absNewPath.c_str(), O_WRONLY | O_CREAT, MODE_RW_USR);
if (dest == -1) {
RINGTONE_ERR_LOG("Open failed for destination file %{public}d", errno);
close(source);