From ee0f2e0389efaf93cd4e64b08b13f01cf6eccaf7 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Thu, 28 Nov 2024 09:55:37 +0800 Subject: [PATCH 1/9] Update CommentPublicQueryServiceImpl.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 提升安全性 将MD5切换为sha256 --- .../app/theme/finders/impl/CommentPublicQueryServiceImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index 8655f8be97..1f06e3209e 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -172,7 +172,7 @@ private Mono filterCommentSensitiveData(CommentVo commentVo specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.md5DigestAsHex(email.getBytes()); + var emailHash = DigestUtils.sha256DigestAsHex(email.getBytes()); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } @@ -224,7 +224,7 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.md5DigestAsHex(email.getBytes()); + var emailHash = DigestUtils.sha256DigestAsHex(email.getBytes()); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } From 8ad7ae8a3d8b950ed76c0686aae43b70cd3e3e92 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Thu, 28 Nov 2024 10:39:26 +0800 Subject: [PATCH 2/9] Update CommentPublicQueryServiceImpl.java --- .../finders/impl/CommentPublicQueryServiceImpl.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index 1f06e3209e..f6bc85adf2 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -11,6 +11,7 @@ import java.util.HashMap; import java.util.Optional; import java.util.function.Function; +import com.google.common.hash.Hashing; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; @@ -172,7 +173,9 @@ private Mono filterCommentSensitiveData(CommentVo commentVo specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.sha256DigestAsHex(email.getBytes()); + var emailHash = Hashing.sha256() + .hashString(email, java.nio.charset.StandardCharsets.UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } @@ -224,7 +227,9 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { specOwner.setName(""); var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { - var emailHash = DigestUtils.sha256DigestAsHex(email.getBytes()); + var emailHash = Hashing.sha256() + .hashString(email, java.nio.charset.StandardCharsets.UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } From c576f009095dc0ace550992f5cc8c5b51683fa78 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Thu, 28 Nov 2024 16:15:05 +0800 Subject: [PATCH 3/9] Update CommentPublicQueryServiceIntegrationTest.java --- .../finders/impl/CommentPublicQueryServiceIntegrationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java index 463e5b0562..3e40d2f720 100644 --- a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java +++ b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java @@ -389,7 +389,7 @@ String fakeReplyJson() { "name":"", "displayName":"fake-display-name", "annotations":{ - "email-hash": "4249f4df72b475e7894fabed1c5888cf" + "email-hash": "4c05c58111251cebb0f0a452c5886a87425dd1bf24a9eb53ec92164f49f8d601" } }, "creationTime": "2024-03-11T06:23:42.923294424Z", From 04e9a316076acb838b7d27072c5cede926eca3c1 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Mon, 2 Dec 2024 19:35:15 +0800 Subject: [PATCH 4/9] Update CommentPublicQueryServiceImpl.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 增加邮件进行小写转换 --- .../app/theme/finders/impl/CommentPublicQueryServiceImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index f6bc85adf2..5e68c90a4c 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -174,7 +174,7 @@ private Mono filterCommentSensitiveData(CommentVo commentVo var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email, java.nio.charset.StandardCharsets.UTF_8) + .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); @@ -228,7 +228,7 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email, java.nio.charset.StandardCharsets.UTF_8) + .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); From a8a7ebab9d218664c9533aae6785fc7be484f732 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Thu, 5 Dec 2024 10:19:42 +0800 Subject: [PATCH 5/9] Update CommentPublicQueryServiceImpl.java MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 符合check要求 --- .../app/theme/finders/impl/CommentPublicQueryServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index 5e68c90a4c..bafa9be8cb 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -7,11 +7,11 @@ import static run.halo.app.extension.index.query.QueryFactory.isNull; import static run.halo.app.extension.index.query.QueryFactory.or; +import com.google.common.hash.Hashing; import java.security.Principal; import java.util.HashMap; import java.util.Optional; import java.util.function.Function; -import com.google.common.hash.Hashing; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; From 34ca42ce72347a270cdf99e6cdd1caadbf7b1592 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Thu, 5 Dec 2024 15:25:12 +0800 Subject: [PATCH 6/9] Update CommentPublicQueryServiceImpl.java --- .../theme/finders/impl/CommentPublicQueryServiceImpl.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index bafa9be8cb..d3e7aabf85 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -174,8 +174,8 @@ private Mono filterCommentSensitiveData(CommentVo commentVo var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) - .toString(); + .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } @@ -228,8 +228,8 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) - .toString(); + .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } From d750219a99c649fa7d134fc7b749df2bf73ba664 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Fri, 6 Dec 2024 16:40:09 +0800 Subject: [PATCH 7/9] Update CommentPublicQueryServiceIntegrationTest.java --- .../finders/impl/CommentPublicQueryServiceIntegrationTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java index 3e40d2f720..a31d1cd36b 100644 --- a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java +++ b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java @@ -389,7 +389,7 @@ String fakeReplyJson() { "name":"", "displayName":"fake-display-name", "annotations":{ - "email-hash": "4c05c58111251cebb0f0a452c5886a87425dd1bf24a9eb53ec92164f49f8d601" + "email-hash": "79783106d88279c6c8f94f1f4dec22bdb9f90a8d14c9d6c6628a11430e236cbf" } }, "creationTime": "2024-03-11T06:23:42.923294424Z", From ed9fa4e05ffc19e4ded0c67ad37b709baef3c324 Mon Sep 17 00:00:00 2001 From: cryptochecktool Date: Fri, 6 Dec 2024 17:10:29 +0800 Subject: [PATCH 8/9] Update CommentPublicQueryServiceImpl.java --- .../app/theme/finders/impl/CommentPublicQueryServiceImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index d3e7aabf85..5a912edd31 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -21,7 +21,6 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.stereotype.Component; import org.springframework.util.Assert; -import org.springframework.util.DigestUtils; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import run.halo.app.content.comment.OwnerInfo; From b6187915e7b4f96c68f2aeb7e8f5e12cc5b91304 Mon Sep 17 00:00:00 2001 From: John Niang Date: Sun, 8 Dec 2024 23:08:39 +0800 Subject: [PATCH 9/9] Format code --- .../theme/finders/impl/CommentPublicQueryServiceImpl.java | 7 ++++--- .../impl/CommentPublicQueryServiceIntegrationTest.java | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java index 5a912edd31..e6a157967f 100644 --- a/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java +++ b/application/src/main/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceImpl.java @@ -1,6 +1,7 @@ package run.halo.app.theme.finders.impl; +import static java.nio.charset.StandardCharsets.UTF_8; import static org.apache.commons.lang3.ObjectUtils.defaultIfNull; import static run.halo.app.extension.index.query.QueryFactory.and; import static run.halo.app.extension.index.query.QueryFactory.equal; @@ -173,8 +174,8 @@ private Mono filterCommentSensitiveData(CommentVo commentVo var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) - .toString(); + .hashString(email.toLowerCase(), UTF_8) + .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); } @@ -227,7 +228,7 @@ private Mono filterReplySensitiveData(ReplyVo replyVo) { var email = owner.getEmail(); if (StringUtils.isNotBlank(email)) { var emailHash = Hashing.sha256() - .hashString(email.toLowerCase(), java.nio.charset.StandardCharsets.UTF_8) + .hashString(email.toLowerCase(), UTF_8) .toString(); if (specOwner.getAnnotations() == null) { specOwner.setAnnotations(new HashMap<>(2)); diff --git a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java index a31d1cd36b..5413e62b4d 100644 --- a/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java +++ b/application/src/test/java/run/halo/app/theme/finders/impl/CommentPublicQueryServiceIntegrationTest.java @@ -389,7 +389,8 @@ String fakeReplyJson() { "name":"", "displayName":"fake-display-name", "annotations":{ - "email-hash": "79783106d88279c6c8f94f1f4dec22bdb9f90a8d14c9d6c6628a11430e236cbf" + "email-hash": \ + "79783106d88279c6c8f94f1f4dec22bdb9f90a8d14c9d6c6628a11430e236cbf" } }, "creationTime": "2024-03-11T06:23:42.923294424Z",