From 95ac207e5dd5566490571fda7229b754a2bbe7ac Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 24 Oct 2016 14:06:17 +0300 Subject: ws: fix injections --- .../com/juick/ws/components/XMPPComponent.java | 54 +++++++++------------- 1 file changed, 21 insertions(+), 33 deletions(-) (limited to 'juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java') diff --git a/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java b/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java index 1db8c604..2cc898ec 100644 --- a/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java +++ b/juick-ws/src/main/java/com/juick/ws/components/XMPPComponent.java @@ -12,10 +12,8 @@ import com.juick.xmpp.extensions.XOOB; import org.apache.commons.dbcp2.BasicDataSource; import org.apache.commons.lang3.math.NumberUtils; import org.springframework.beans.factory.DisposableBean; -import org.springframework.beans.factory.InitializingBean; import org.springframework.core.env.Environment; import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; import org.xmlpull.v1.XmlPullParserException; @@ -30,7 +28,6 @@ import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.*; import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; import java.util.logging.Level; import java.util.logging.Logger; @@ -44,7 +41,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, private static final Logger logger = Logger.getLogger(XMPPComponent.class.getName()); - public final ExecutorService executorService = Executors.newCachedThreadPool(); + public ExecutorService service; private StreamComponent router; JuickBot bot; @@ -57,11 +54,13 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, private final List inConnections = Collections.synchronizedList(new ArrayList<>()); private final List outConnections = Collections.synchronizedList(new ArrayList<>()); private final List outCache = Collections.synchronizedList(new ArrayList<>()); - private JdbcTemplate sql; + @Inject + public JdbcTemplate jdbc; final public HashMap childParsers = new HashMap<>(); @Inject - public XMPPComponent(Environment env) { + public XMPPComponent(Environment env, ExecutorService service) { + this.service = service; logger.info("component initialized"); try { HOSTNAME = env.getProperty("hostname"); @@ -74,15 +73,11 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, keystorePassword = env.getProperty("keystore_password"); brokenSSLhosts = Arrays.asList(env.getProperty("broken_ssl_hosts", "").split(",")); bannedHosts = Arrays.asList(env.getProperty("banned_hosts", "").split(",")); - BasicDataSource dataSource = new BasicDataSource(); - dataSource.setDriverClassName(env.getProperty("datasource_driver", "com.mysql.jdbc.Driver")); - dataSource.setUrl(env.getProperty("datasource_url")); - setSql(new JdbcTemplate(dataSource)); bot = new JuickBot(this, Jid); childParsers.put(JuickMessage.XMLNS, new JuickMessage()); - executorService.submit(() -> { + service.submit(() -> { try { Socket routerSocket = new Socket("localhost", componentPort); router = new StreamComponent(new JID("s2s"), routerSocket.getInputStream(), routerSocket.getOutputStream(), env.getProperty("xmpp_password")); @@ -95,7 +90,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, logger.log(Level.SEVERE, "router error", e); } }); - executorService.submit(() -> { + service.submit(() -> { final ServerSocket listener = new ServerSocket(s2sPort); logger.info("s2s listener ready"); while (true) { @@ -103,13 +98,13 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, Socket socket = listener.accept(); ConnectionIn client = new ConnectionIn(this, bot, socket); addConnectionIn(client); - executorService.submit(client); + service.submit(client); } catch (Exception e) { logger.log(Level.SEVERE, "s2s error", e); } } }); - executorService.submit(new CleaningUp(this)); + service.submit(new CleaningUp(this)); } catch (Exception e) { logger.log(Level.SEVERE, "XMPPComponent error", e); @@ -225,7 +220,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, if (!haveAnyConn) { try { ConnectionOut connectionOut = new ConnectionOut(this, hostname); - executorService.submit(connectionOut); + service.submit(connectionOut); } catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | XmlPullParserException | KeyStoreException | KeyManagementException | IOException e) { logger.log(Level.SEVERE, "s2s out error", e); } @@ -256,7 +251,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, } catch (IOException e) { logger.log(Level.WARNING, "router warning", e); } - executorService.shutdown(); + service.shutdown(); logger.info("component destroyed"); } public void closeRouterConnection() throws IOException { @@ -267,11 +262,11 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, List jids = new ArrayList<>(); if (jmsg.FriendsOnly) { - jids = SubscriptionsQueries.getJIDSubscribedToUser(getSql(), jmsg.getUser().getUID(), jmsg.FriendsOnly); + jids = SubscriptionsQueries.getJIDSubscribedToUser(jdbc, jmsg.getUser().getUID(), jmsg.FriendsOnly); } else { - List users = SubscriptionsQueries.getSubscribedUsers(getSql(), jmsg.getUser().getUID(), jmsg.getMID()); + List users = SubscriptionsQueries.getSubscribedUsers(jdbc, jmsg.getUser().getUID(), jmsg.getMID()); for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { jids.add(jid); } } @@ -312,9 +307,9 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, String replyQuote; String replyTo; - users = SubscriptionsQueries.getUsersSubscribedToComments(getSql(), jmsg.getMID(), jmsg.getUser().getUID()); - com.juick.Message replyMessage = jmsg.ReplyTo > 0 ? MessagesQueries.getReply(getSql(), jmsg.getMID(), jmsg.ReplyTo) - : MessagesQueries.getMessage(getSql(), jmsg.getMID()); + users = SubscriptionsQueries.getUsersSubscribedToComments(jdbc, jmsg.getMID(), jmsg.getUser().getUID()); + com.juick.Message replyMessage = jmsg.ReplyTo > 0 ? MessagesQueries.getReply(jdbc, jmsg.getMID(), jmsg.ReplyTo) + : MessagesQueries.getMessage(jdbc, jmsg.getMID()); replyTo = replyMessage.getUser().getUName(); replyQuote = getReplyQuote(replyMessage); @@ -331,7 +326,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, msg.type = Message.Type.chat; msg.addChild(jmsg); for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { msg.to = new JID(jid); sendOut(msg); } @@ -351,8 +346,8 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, public void sendJuickRecommendation(JuickMessage recomm) { List users; JuickMessage jmsg; - jmsg = new JuickMessage(MessagesQueries.getMessage(getSql(), recomm.getMID())); - users = SubscriptionsQueries.getUsersSubscribedToUserRecommendations(getSql(), + jmsg = new JuickMessage(MessagesQueries.getMessage(jdbc, recomm.getMID())); + users = SubscriptionsQueries.getUsersSubscribedToUserRecommendations(jdbc, recomm.getUser().getUID(), recomm.getMID(), jmsg.getUser().getUID()); String txt = "Recommended by @" + recomm.getUser().getUName() + ":\n"; @@ -389,7 +384,7 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, } for (User user : users) { - for (String jid : UserQueries.getJIDsbyUID(getSql(), user.getUID())) { + for (String jid : UserQueries.getJIDsbyUID(jdbc, user.getUID())) { msg.to = new JID(jid); sendOut(msg); } @@ -463,11 +458,4 @@ public class XMPPComponent implements DisposableBean, Stream.StreamListener, return outCache; } - public JdbcTemplate getSql() { - return sql; - } - - public void setSql(JdbcTemplate sql) { - this.sql = sql; - } } -- cgit v1.2.3