leftyer/bk-cmdb
1
0
Fork 0
mirror of https://gitee.com/Tencent-BlueKing/bk-cmdb.git synced 2025-12-06 08:59:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8551 from wcy00000000000000/v3.14.x

Browse Source 
v3.13.x合入v3.14.x
This commit is contained in:
扬扬扬扬扬
2025-11-25 14:44:45 +08:00
committed by GitHub
parent cc811ee0f5 b4ccc454a2
commit 0443f95601
8 changed files with 46 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
go.mod
View File

@@ -57,7 +57,7 @@ require (
go.opentelemetry.io/otel v1.19.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.17.0
go.opentelemetry.io/otel/sdk v1.19.0
golang.org/x/text v0.15.0 // indirect
golang.org/x/text v0.22.0 // indirect
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22
gopkg.in/yaml.v2 v2.4.0
k8s.io/client-go v0.24.2
@@ -146,10 +146,11 @@ require (
go.opentelemetry.io/otel/metric v1.19.0 // indirect
go.opentelemetry.io/otel/trace v1.19.0 // indirect
golang.org/x/arch v0.3.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/net v0.23.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/crypto v0.35.0 // indirect
golang.org/x/image v0.18.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/sync v0.11.0 // indirect
golang.org/x/sys v0.30.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8 // indirect
google.golang.org/grpc v1.64.0 // indirect

23
go.sum
View File

@@ -616,8 +616,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -630,8 +630,9 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.5.0 h1:5JMiNunQeQw++mMOz48/ISeNu3Iweh/JaZU8ZLqHRrI=
golang.org/x/image v0.5.0/go.mod h1:FVC7BI/5Ym8R25iw5OLsgshdUBbT1h5jZTpA+mvAdZ4=
golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ=
golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -704,8 +705,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -732,8 +733,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -802,8 +803,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -820,8 +821,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

4
src/ui/package.json
View File

@@ -17,7 +17,7 @@
"lint-fix": "eslint --fix --ext .js,.vue ./src"
},
"dependencies": {
"@babel/runtime": "^7.27.1",
"@babel/runtime": "^7.28.4",
"@blueking/bkui-library": "^0.0.0-beta.6",
"@blueking/functional-dependency": "^0.0.1-beta.10",
"@blueking/login-modal": "^1.0.0",
@@ -114,7 +114,7 @@
"minimist": "^1.2.5",
"os-browserify": "^0.3.0",
"path-browserify": "^1.0.1",
"path-to-regexp": "^6.2.1",
"path-to-regexp": "^6.3.0",
"postcss": "^8.2.10",
"postcss-deep-scopable": "0.0.2",
"postcss-loader": "^5.2.0",

7
src/ui/src/components/model-manage/field-group/preview-field.vue
View File

@@ -76,6 +76,7 @@
<script>
import formMixins from '@/mixins/form'
import { filterXSS } from '@/utils/util'
import TableDefaultSettings from './table-default-settings.vue'
import { PROPERTY_TYPES } from '@/dictionary/property-constants'
@@ -149,11 +150,7 @@
return !property.editable || property.isreadonly
},
htmlEncode(placeholder) {
let temp = document.createElement('div')
temp.innerHTML = placeholder
const output = temp.innerText
temp = null
return output
return filterXSS(placeholder)
},
getPlaceholder(property) {
const placeholderTxt = ['enum', 'list'].includes(property.bk_property_type) ? '请选择xx' : '请输入xx'

11
src/ui/src/components/ui/form/form-multiple.vue
View File

@@ -43,7 +43,7 @@
v-if="property.placeholder && $tools.isIconTipProperty(property.bk_property_type)"
v-bk-tooltips="{
trigger: 'mouseenter',
content: property.placeholder
content: htmlEncode(property.placeholder)
}">
</i>
</bk-checkbox>
@@ -65,7 +65,7 @@
disabled: !property.placeholder,
theme: 'light',
trigger: 'click',
content: property.placeholder
content: htmlEncode(property.placeholder)
}"
v-bind="$tools.getValidateEvents(property)"
v-validate="getValidateRules(property)"
@@ -125,6 +125,7 @@
import { BUILTIN_UNEDITABLE_FIELDS } from '@/dictionary/model-constants'
import useSideslider from '@/hooks/use-sideslider'
import cmdbDefaultPicker from '@/components/ui/other/default-value-picker'
import { filterXSS } from '@/utils/util'
export default {
name: 'cmdb-form-multiple',
@@ -242,11 +243,7 @@
this.editable = editable
},
htmlEncode(placeholder) {
let temp = document.createElement('div')
temp.innerHTML = placeholder
const output = temp.innerText
temp = null
return output
return filterXSS(placeholder)
},
getProperty(id) {
return this.properties.find(property => property.bk_property_id === id)

7
src/ui/src/components/ui/form/form.vue
View File

@@ -123,6 +123,7 @@
import useSideslider from '@/hooks/use-sideslider'
import isEqual from 'lodash/isEqual'
import cmdbDefaultPicker from '@/components/ui/other/default-value-picker'
import { filterXSS } from '@/utils/util'
export default {
name: 'cmdb-form',
@@ -258,11 +259,7 @@
return property.isrequired
},
htmlEncode(placeholder) {
let temp = document.createElement('div')
temp.innerHTML = placeholder
const output = temp.innerText
temp = null
return output
return filterXSS(placeholder)
},
getValidateRules(property) {
const rules = this.$tools.getValidateRules(property)

16
src/ui/src/utils/util.js
View File

@@ -11,6 +11,7 @@
*/
import { t } from '@/i18n'
import xss from 'xss'
import { BUILTIN_PASTE_SPLIT_FIELDS } from '@/dictionary/model-constants.js'
const hex2grb = (hex) => {
@@ -345,6 +346,21 @@ export function* paginateIterator(list, pageSize) {
}
}
/**
* 过滤XSS攻击只保留纯文本
* @param {string} str 字符串
* @returns 过滤后的字符串
*/
export function filterXSS(str) {
if (!str) return str
const result = xss(str, {
whiteList: {},
stripIgnoreTag: true,
stripIgnoreTagBody: ['script']
})
return result
}
/**
* 设置当前字段是否分割字符串
* @param {string} id 字段ID

7
src/ui/src/views/service-template/children/process-form.vue
View File

@@ -104,6 +104,7 @@
<script>
import formMixins from '@/mixins/form'
import { mapMutations } from 'vuex'
import { filterXSS } from '@/utils/util'
import ProcessFormPropertyTable from './process-form-property-table'
import has from 'has'
import useSideslider from '@/hooks/use-sideslider'
@@ -287,11 +288,7 @@
return !property.editable || property.isreadonly
},
htmlEncode(placeholder) {
let temp = document.createElement('div')
temp.innerHTML = placeholder
const output = temp.innerText
temp = null
return output
return filterXSS(placeholder)
},
getPlaceholder(property) {
const placeholderTxt = ['enum', 'list'].includes(property.bk_property_type) ? '请选择xx' : '请输入xx'