feat:RuoYi_Vue test #9
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| restart.include.json=/com.alibaba.fastjson2.*.jar |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| # 数据源配置 | ||
| spring: | ||
| datasource: | ||
| type: com.alibaba.druid.pool.DruidDataSource | ||
| driverClassName: com.mysql.cj.jdbc.Driver | ||
| druid: | ||
| # 主库数据源 | ||
| master: | ||
| url: jdbc:mysql://localhost:3306/ry-vue?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8 | ||
| username: root | ||
| password: password | ||
| # 从库数据源 | ||
| slave: | ||
| # 从数据源开关/默认关闭 | ||
| enabled: false | ||
| url: | ||
| username: | ||
| password: | ||
| # 初始连接数 | ||
| initialSize: 5 | ||
| # 最小连接池数量 | ||
| minIdle: 10 | ||
| # 最大连接池数量 | ||
| maxActive: 20 | ||
| # 配置获取连接等待超时的时间 | ||
| maxWait: 60000 | ||
| # 配置连接超时时间 | ||
| connectTimeout: 30000 | ||
| # 配置网络超时时间 | ||
| socketTimeout: 60000 | ||
| # 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 | ||
| timeBetweenEvictionRunsMillis: 60000 | ||
| # 配置一个连接在池中最小生存的时间,单位是毫秒 | ||
| minEvictableIdleTimeMillis: 300000 | ||
| # 配置一个连接在池中最大生存的时间,单位是毫秒 | ||
| maxEvictableIdleTimeMillis: 900000 | ||
| # 配置检测连接是否有效 | ||
| validationQuery: SELECT 1 FROM DUAL | ||
| testWhileIdle: true | ||
| testOnBorrow: false | ||
| testOnReturn: false | ||
| webStatFilter: | ||
| enabled: true | ||
| statViewServlet: | ||
| enabled: true | ||
| # 设置白名单,不填则允许所有访问 | ||
| allow: | ||
| url-pattern: /druid/* | ||
| # 控制台管理用户名和密码 | ||
| login-username: ruoyi | ||
| login-password: 123456 | ||
| filter: | ||
| stat: | ||
| enabled: true | ||
| # 慢SQL记录 | ||
| log-slow-sql: true | ||
| slow-sql-millis: 1000 | ||
| merge-sql: true | ||
| wall: | ||
| config: | ||
| multi-statement-allow: true | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| # 项目相关配置 | ||
| ruoyi: | ||
| # 名称 | ||
| name: RuoYi | ||
| # 版本 | ||
| version: 3.9.0 | ||
| # 版权年份 | ||
| copyrightYear: 2025 | ||
| # 文件路径 示例( Windows配置D:/ruoyi/uploadPath,Linux配置 /home/ruoyi/uploadPath) | ||
| profile: D:/ruoyi/uploadPath | ||
| # 获取ip地址开关 | ||
| addressEnabled: false | ||
| # 验证码类型 math 数字计算 char 字符验证 | ||
| captchaType: math | ||
|
|
||
| # 开发环境配置 | ||
| server: | ||
| # 服务器的HTTP端口,默认为8080 | ||
| port: 8080 | ||
| servlet: | ||
| # 应用的访问路径 | ||
| context-path: / | ||
| tomcat: | ||
| # tomcat的URI编码 | ||
| uri-encoding: UTF-8 | ||
| # 连接数满后的排队数,默认为100 | ||
| accept-count: 1000 | ||
| threads: | ||
| # tomcat最大线程数,默认为200 | ||
| max: 800 | ||
| # Tomcat启动初始化的线程数,默认值10 | ||
| min-spare: 100 | ||
|
|
||
| # 日志配置 | ||
| logging: | ||
| level: | ||
| com.ruoyi: debug | ||
| org.springframework: warn | ||
|
|
||
| # 用户配置 | ||
| user: | ||
| password: | ||
| # 密码最大错误次数 | ||
| maxRetryCount: 5 | ||
| # 密码锁定时间(默认10分钟) | ||
| lockTime: 10 | ||
|
|
||
| # Spring配置 | ||
| spring: | ||
| # 资源信息 | ||
| messages: | ||
| # 国际化资源文件路径 | ||
| basename: i18n/messages | ||
| profiles: | ||
| active: druid | ||
| # 文件上传 | ||
| servlet: | ||
| multipart: | ||
| # 单个文件大小 | ||
| max-file-size: 10MB | ||
| # 设置总上传的文件大小 | ||
| max-request-size: 20MB | ||
| # 服务模块 | ||
| devtools: | ||
| restart: | ||
| # 热部署开关 | ||
| enabled: true | ||
| # redis 配置 | ||
| redis: | ||
| # 地址 | ||
| host: localhost | ||
| # 端口,默认为6379 | ||
| port: 6379 | ||
| # 数据库索引 | ||
| database: 0 | ||
| # 密码 | ||
| password: | ||
| # 连接超时时间 | ||
| timeout: 10s | ||
| lettuce: | ||
| pool: | ||
| # 连接池中的最小空闲连接 | ||
| min-idle: 0 | ||
| # 连接池中的最大空闲连接 | ||
| max-idle: 8 | ||
| # 连接池的最大数据库连接数 | ||
| max-active: 8 | ||
| # #连接池最大阻塞等待时间(使用负值表示没有限制) | ||
| max-wait: -1ms | ||
|
|
||
| # token配置 | ||
| token: | ||
| # 令牌自定义标识 | ||
| header: Authorization | ||
| # 令牌密钥 | ||
| secret: abcdefghijklmnopqrstuvwxyz | ||
|
There was a problem hiding this comment. Weak JWT secret key committed in configHigh Severity The JWT token   There was a problem hiding this comment. Critical: Hardcoded JWT secret is a severe security vulnerability. The token secret Use environment variables or external secrets management: token:
secret: ${TOKEN_SECRET}🤖 Prompt for AI Agents |
||
| # 令牌有效期(默认30分钟) | ||
| expireTime: 30 | ||
|
|
||
| # MyBatis配置 | ||
| mybatis: | ||
| # 搜索指定包别名 | ||
| typeAliasesPackage: com.ruoyi.**.domain | ||
| # 配置mapper的扫描,找到所有的mapper.xml映射文件 | ||
| mapperLocations: classpath*:mapper/**/*Mapper.xml | ||
| # 加载全局的配置文件 | ||
| configLocation: classpath:mybatis/mybatis-config.xml | ||
|
|
||
| # PageHelper分页插件 | ||
| pagehelper: | ||
| helperDialect: mysql | ||
| supportMethodsArguments: true | ||
| params: count=countSql | ||
|
|
||
| # Swagger配置 | ||
| swagger: | ||
| # 是否开启swagger | ||
| enabled: true | ||
| # 请求前缀 | ||
| pathMapping: /dev-api | ||
|
|
||
| # 防止XSS攻击 | ||
| xss: | ||
| # 过滤开关 | ||
| enabled: true | ||
| # 排除链接(多个用逗号分隔) | ||
| excludes: /system/notice | ||
| # 匹配链接 | ||
| urlPatterns: /system/*,/monitor/*,/tool/* | ||
|
There was a problem hiding this comment. Build artifacts committed to version controlHigh Severity The entire Additional Locations (2) |
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| Application Version: ${ruoyi.version} | ||
| Spring Boot Version: ${spring-boot.version} | ||
| //////////////////////////////////////////////////////////////////// | ||
| // _ooOoo_ // | ||
| // o8888888o // | ||
| // 88" . "88 // | ||
| // (| ^_^ |) // | ||
| // O\ = /O // | ||
| // ____/`---'\____ // | ||
| // .' \\| |// `. // | ||
| // / \\||| : |||// \ // | ||
| // / _||||| -:- |||||- \ // | ||
| // | | \\\ - /// | | // | ||
| // | \_| ''\---/'' | | // | ||
| // \ .-\__ `-` ___/-. / // | ||
| // ___`. .' /--.--\ `. . ___ // | ||
| // ."" '< `.___\_<|>_/___.' >'"". // | ||
| // | | : `- \`.;`\ _ /`;.`/ - ` : | | // | ||
| // \ \ `-. \_ __\ /__ _/ .-` / / // | ||
| // ========`-.____`-.___\_____/___.-`____.-'======== // | ||
| // `=---=' // | ||
| // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ // | ||
| // 佛祖保佑 永不宕机 永无BUG // | ||
| //////////////////////////////////////////////////////////////////// |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| #错误消息 | ||
| not.null=* 必须填写 | ||
| user.jcaptcha.error=验证码错误 | ||
| user.jcaptcha.expire=验证码已失效 | ||
| user.not.exists=用户不存在/密码错误 | ||
| user.password.not.match=用户不存在/密码错误 | ||
| user.password.retry.limit.count=密码输入错误{0}次 | ||
| user.password.retry.limit.exceed=密码输入错误{0}次,帐户锁定{1}分钟 | ||
| user.password.delete=对不起,您的账号已被删除 | ||
| user.blocked=用户已封禁,请联系管理员 | ||
| role.blocked=角色已封禁,请联系管理员 | ||
| login.blocked=很遗憾,访问IP已被列入系统黑名单 | ||
| user.logout.success=退出成功 | ||
|
|
||
| length.not.valid=长度必须在{min}到{max}个字符之间 | ||
|
|
||
| user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成,且必须以非数字开头 | ||
| user.password.not.valid=* 5-50个字符 | ||
|
|
||
| user.email.not.valid=邮箱格式错误 | ||
| user.mobile.phone.number.not.valid=手机号格式错误 | ||
| user.login.success=登录成功 | ||
| user.register.success=注册成功 | ||
| user.notfound=请重新登录 | ||
| user.forcelogout=管理员强制退出,请重新登录 | ||
| user.unknown.error=未知错误,请重新登录 | ||
|
|
||
| ##文件上传消息 | ||
| upload.exceed.maxSize=上传的文件大小超出限制的文件大小!<br/>允许的文件最大大小是:{0}MB! | ||
| upload.filename.exceed.length=上传的文件名最长{0}个字符 | ||
|
|
||
| ##权限 | ||
| no.permission=您没有数据的权限,请联系管理员添加权限 [{0}] | ||
| no.create.permission=您没有创建数据的权限,请联系管理员添加权限 [{0}] | ||
| no.update.permission=您没有修改数据的权限,请联系管理员添加权限 [{0}] | ||
| no.delete.permission=您没有删除数据的权限,请联系管理员添加权限 [{0}] | ||
| no.export.permission=您没有导出数据的权限,请联系管理员添加权限 [{0}] | ||
| no.view.permission=您没有查看数据的权限,请联系管理员添加权限 [{0}] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,93 @@ | ||||||||||||||||||||||||||||||
| <?xml version="1.0" encoding="UTF-8"?> | ||||||||||||||||||||||||||||||
| <configuration> | ||||||||||||||||||||||||||||||
| <!-- 日志存放路径 --> | ||||||||||||||||||||||||||||||
| <property name="log.path" value="/home/ruoyi/logs" /> | ||||||||||||||||||||||||||||||
| <!-- 日志输出格式 --> | ||||||||||||||||||||||||||||||
| <property name="log.pattern" value="%d{HH:mm:ss.SSS} [%thread] %-5level %logger{20} - [%method,%line] - %msg%n" /> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!-- 控制台输出 --> | ||||||||||||||||||||||||||||||
| <appender name="console" class="ch.qos.logback.core.ConsoleAppender"> | ||||||||||||||||||||||||||||||
| <encoder> | ||||||||||||||||||||||||||||||
| <pattern>${log.pattern}</pattern> | ||||||||||||||||||||||||||||||
| </encoder> | ||||||||||||||||||||||||||||||
| </appender> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!-- 系统日志输出 --> | ||||||||||||||||||||||||||||||
| <appender name="file_info" class="ch.qos.logback.core.rolling.RollingFileAppender"> | ||||||||||||||||||||||||||||||
| <file>${log.path}/sys-info.log</file> | ||||||||||||||||||||||||||||||
| <!-- 循环政策:基于时间创建日志文件 --> | ||||||||||||||||||||||||||||||
| <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> | ||||||||||||||||||||||||||||||
| <!-- 日志文件名格式 --> | ||||||||||||||||||||||||||||||
| <fileNamePattern>${log.path}/sys-info.%d{yyyy-MM-dd}.log</fileNamePattern> | ||||||||||||||||||||||||||||||
| <!-- 日志最大的历史 60天 --> | ||||||||||||||||||||||||||||||
| <maxHistory>60</maxHistory> | ||||||||||||||||||||||||||||||
| </rollingPolicy> | ||||||||||||||||||||||||||||||
| <encoder> | ||||||||||||||||||||||||||||||
| <pattern>${log.pattern}</pattern> | ||||||||||||||||||||||||||||||
| </encoder> | ||||||||||||||||||||||||||||||
| <filter class="ch.qos.logback.classic.filter.LevelFilter"> | ||||||||||||||||||||||||||||||
| <!-- 过滤的级别 --> | ||||||||||||||||||||||||||||||
| <level>INFO</level> | ||||||||||||||||||||||||||||||
| <!-- 匹配时的操作:接收(记录) --> | ||||||||||||||||||||||||||||||
| <onMatch>ACCEPT</onMatch> | ||||||||||||||||||||||||||||||
| <!-- 不匹配时的操作:拒绝(不记录) --> | ||||||||||||||||||||||||||||||
| <onMismatch>DENY</onMismatch> | ||||||||||||||||||||||||||||||
| </filter> | ||||||||||||||||||||||||||||||
| </appender> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <appender name="file_error" class="ch.qos.logback.core.rolling.RollingFileAppender"> | ||||||||||||||||||||||||||||||
| <file>${log.path}/sys-error.log</file> | ||||||||||||||||||||||||||||||
| <!-- 循环政策:基于时间创建日志文件 --> | ||||||||||||||||||||||||||||||
| <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> | ||||||||||||||||||||||||||||||
| <!-- 日志文件名格式 --> | ||||||||||||||||||||||||||||||
| <fileNamePattern>${log.path}/sys-error.%d{yyyy-MM-dd}.log</fileNamePattern> | ||||||||||||||||||||||||||||||
| <!-- 日志最大的历史 60天 --> | ||||||||||||||||||||||||||||||
| <maxHistory>60</maxHistory> | ||||||||||||||||||||||||||||||
| </rollingPolicy> | ||||||||||||||||||||||||||||||
| <encoder> | ||||||||||||||||||||||||||||||
| <pattern>${log.pattern}</pattern> | ||||||||||||||||||||||||||||||
| </encoder> | ||||||||||||||||||||||||||||||
| <filter class="ch.qos.logback.classic.filter.LevelFilter"> | ||||||||||||||||||||||||||||||
| <!-- 过滤的级别 --> | ||||||||||||||||||||||||||||||
| <level>ERROR</level> | ||||||||||||||||||||||||||||||
| <!-- 匹配时的操作:接收(记录) --> | ||||||||||||||||||||||||||||||
| <onMatch>ACCEPT</onMatch> | ||||||||||||||||||||||||||||||
| <!-- 不匹配时的操作:拒绝(不记录) --> | ||||||||||||||||||||||||||||||
| <onMismatch>DENY</onMismatch> | ||||||||||||||||||||||||||||||
| </filter> | ||||||||||||||||||||||||||||||
| </appender> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!-- 用户访问日志输出 --> | ||||||||||||||||||||||||||||||
| <appender name="sys-user" class="ch.qos.logback.core.rolling.RollingFileAppender"> | ||||||||||||||||||||||||||||||
| <file>${log.path}/sys-user.log</file> | ||||||||||||||||||||||||||||||
| <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> | ||||||||||||||||||||||||||||||
| <!-- 按天回滚 daily --> | ||||||||||||||||||||||||||||||
| <fileNamePattern>${log.path}/sys-user.%d{yyyy-MM-dd}.log</fileNamePattern> | ||||||||||||||||||||||||||||||
| <!-- 日志最大的历史 60天 --> | ||||||||||||||||||||||||||||||
| <maxHistory>60</maxHistory> | ||||||||||||||||||||||||||||||
| </rollingPolicy> | ||||||||||||||||||||||||||||||
| <encoder> | ||||||||||||||||||||||||||||||
| <pattern>${log.pattern}</pattern> | ||||||||||||||||||||||||||||||
| </encoder> | ||||||||||||||||||||||||||||||
| </appender> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!-- 系统模块日志级别控制 --> | ||||||||||||||||||||||||||||||
| <logger name="com.ruoyi" level="info" /> | ||||||||||||||||||||||||||||||
| <!-- Spring日志级别控制 --> | ||||||||||||||||||||||||||||||
| <logger name="org.springframework" level="warn" /> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <root level="info"> | ||||||||||||||||||||||||||||||
| <appender-ref ref="console" /> | ||||||||||||||||||||||||||||||
| </root> | ||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!--系统操作日志--> | ||||||||||||||||||||||||||||||
| <root level="info"> | ||||||||||||||||||||||||||||||
| <appender-ref ref="file_info" /> | ||||||||||||||||||||||||||||||
| <appender-ref ref="file_error" /> | ||||||||||||||||||||||||||||||
| </root> | ||||||||||||||||||||||||||||||
|
Comment on lines
+79
to
+87
There was a problem hiding this comment. Invalid configuration: Multiple Logback allows only one 🐛 Proposed fix- <root level="info">
- <appender-ref ref="console" />
- </root>
-
- <!--系统操作日志-->
- <root level="info">
- <appender-ref ref="file_info" />
- <appender-ref ref="file_error" />
- </root>
+ <root level="info">
+ <appender-ref ref="console" />
+ <appender-ref ref="file_info" />
+ <appender-ref ref="file_error" />
+ </root>📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||
| <!--系统用户操作日志--> | ||||||||||||||||||||||||||||||
| <logger name="sys-user" level="info"> | ||||||||||||||||||||||||||||||
| <appender-ref ref="sys-user"/> | ||||||||||||||||||||||||||||||
| </logger> | ||||||||||||||||||||||||||||||
| </configuration> | ||||||||||||||||||||||||||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| <?xml version="1.0" encoding="UTF-8" ?> | ||
| <!DOCTYPE configuration | ||
| PUBLIC "-//mybatis.org//DTD Config 3.0//EN" | ||
| "http://mybatis.org/dtd/mybatis-3-config.dtd"> | ||
| <configuration> | ||
| <!-- 全局参数 --> | ||
| <settings> | ||
| <!-- 使全局的映射器启用或禁用缓存 --> | ||
| <setting name="cacheEnabled" value="true" /> | ||
| <!-- 允许JDBC 支持自动生成主键 --> | ||
| <setting name="useGeneratedKeys" value="true" /> | ||
| <!-- 配置默认的执行器.SIMPLE就是普通执行器;REUSE执行器会重用预处理语句(prepared statements);BATCH执行器将重用语句并执行批量更新 --> | ||
| <setting name="defaultExecutorType" value="SIMPLE" /> | ||
| <!-- 指定 MyBatis 所用日志的具体实现 --> | ||
| <setting name="logImpl" value="SLF4J" /> | ||
| <!-- 使用驼峰命名法转换字段 --> | ||
| <!-- <setting name="mapUnderscoreToCamelCase" value="true"/> --> | ||
| </settings> | ||
|
|
||
| </configuration> |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Database credentials hardcoded and committed to repository
High Severity
Database credentials (
root/password) and Druid monitoring console credentials (ruoyi/123456) are hardcoded inapplication-druid.yml. ThestatViewServlet.allowwhitelist is empty, meaning the Druid monitoring endpoint at/druid/*is accessible from any IP. Combined with weak credentials, this exposes database internals and SQL monitoring data to anyone with network access.Additional Locations (1)
RuoYi-Vue-3.9.0/ruoyi-admin/target/classes/application-druid.yml#L48-L51