yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9355 from lafirest/fix/indirectly_bin_to_atom 

fix(mgmt_api): Convert only what is needed when parsing subscription information
This commit is contained in:
lafirest 2022-11-14 17:45:58 +08:00 committed by GitHub
parent 298cd2c3c9 d9e7d36580
commit 56d443d19a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_management/src/emqx_management.app.src
View File

@ -2,7 +2,7 @@
{application, emqx_management, [ {application, emqx_management, [
{description, "EMQX Management API and CLI"}, {description, "EMQX Management API and CLI"},
% strict semver, bump manually! % strict semver, bump manually!
{vsn, "5.0.7"}, {vsn, "5.0.8"},
{modules, []}, {modules, []},
{registered, [emqx_management_sup]}, {registered, [emqx_management_sup]},
{applications, [kernel, stdlib, emqx_plugins, minirest, emqx]}, {applications, [kernel, stdlib, emqx_plugins, minirest, emqx]},

8
apps/emqx_management/src/emqx_mgmt_api_clients.erl
View File

@ -584,13 +584,13 @@ authz_cache(delete, #{bindings := Bindings}) ->
clean_authz_cache(Bindings). clean_authz_cache(Bindings).
subscribe(post, #{bindings := #{clientid := ClientID}, body := TopicInfo}) -> subscribe(post, #{bindings := #{clientid := ClientID}, body := TopicInfo}) ->
Opts = emqx_map_lib:unsafe_atom_key_map(TopicInfo), Opts = to_topic_info(TopicInfo),
subscribe(Opts#{clientid => ClientID}). subscribe(Opts#{clientid => ClientID}).
subscribe_batch(post, #{bindings := #{clientid := ClientID}, body := TopicInfos}) -> subscribe_batch(post, #{bindings := #{clientid := ClientID}, body := TopicInfos}) ->
Topics = Topics =
[ [
emqx_map_lib:unsafe_atom_key_map(TopicInfo) to_topic_info(TopicInfo)
|| TopicInfo <- TopicInfos || TopicInfo <- TopicInfos
], ],
subscribe_batch(#{clientid => ClientID, topics => Topics}). subscribe_batch(#{clientid => ClientID, topics => Topics}).
@ -973,3 +973,7 @@ format_authz_cache({{PubSub, Topic}, {AuthzResult, Timestamp}}) ->
result => AuthzResult, result => AuthzResult,
updated_time => Timestamp updated_time => Timestamp
}. }.
to_topic_info(Data) ->
M = maps:with([<<"topic">>, <<"qos">>, <<"nl">>, <<"rap">>, <<"rh">>], Data),
emqx_map_lib:safe_atom_key_map(M).

2
changes/v5.0.11-en.md
View File

@ -5,6 +5,8 @@
- Security enhancement for retained messages [#9326](https://github.com/emqx/emqx/pull/9326). - Security enhancement for retained messages [#9326](https://github.com/emqx/emqx/pull/9326).
The retained messages will not be published if the publisher client is banned. The retained messages will not be published if the publisher client is banned.
- Security enhancement for the `subscribe` API [#9355](https://github.com/emqx/emqx/pull/9355).
## Bug fixes ## Bug fixes
- Return 404 for status of unknown authenticator in `/authenticator/{id}/status` [#9328](https://github.com/emqx/emqx/pull/9328). - Return 404 for status of unknown authenticator in `/authenticator/{id}/status` [#9328](https://github.com/emqx/emqx/pull/9328).

2
changes/v5.0.11-zh.md
View File

@ -5,6 +5,8 @@
- 增强 `保留消息` 的安全性 [#9332](https://github.com/emqx/emqx/pull/9332)。 - 增强 `保留消息` 的安全性 [#9332](https://github.com/emqx/emqx/pull/9332)。
现在投递保留消息前,会先过滤掉来源客户端被封禁了的那些消息。 现在投递保留消息前,会先过滤掉来源客户端被封禁了的那些消息。
- 增强订阅 API 的安全性 [#9355](https://github.com/emqx/emqx/pull/9355)。
## 修复 ## 修复
- 通过 `/authenticator/{id}/status` 请求未知认证器的状态时,将会返回 404。 - 通过 `/authenticator/{id}/status` 请求未知认证器的状态时,将会返回 404。