From 8e6021c5e719715e6d2fc5bb6cfdf7e78dbba88e Mon Sep 17 00:00:00 2001 From: DDSRem <73049927+DDSRem@users.noreply.github.com> Date: Fri, 5 Sep 2025 19:23:23 +0800 Subject: [PATCH 1/2] fix(u115): code logic vulnerabilities --- app/modules/filemanager/storages/u115.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/app/modules/filemanager/storages/u115.py b/app/modules/filemanager/storages/u115.py index 18efaf83..0cff5f38 100644 --- a/app/modules/filemanager/storages/u115.py +++ b/app/modules/filemanager/storages/u115.py @@ -195,6 +195,7 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): result = resp.json() if result.get("code") != 0: logger.warn(f"【115】刷新 access_token 失败:{result.get('code')} - {result.get('message')}!") + return None return result.get("data") def _request_api(self, method: str, endpoint: str, @@ -233,7 +234,12 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): # 返回数据 ret_data = resp.json() if ret_data.get("code") != 0: - logger.warn(f"【115】{method} 请求 {endpoint} 出错:{ret_data.get('message')}!") + error_msg = ret_data.get("message") + logger.warn(f"【115】{method} 请求 {endpoint} 出错:{error_msg}!") + if "已达到当前访问上限" in error_msg: + time.sleep(70) + return self._request_api(method, endpoint, result_key, **kwargs) + return None if result_key: return ret_data.get(result_key) @@ -259,8 +265,8 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): """ 自动延迟重试 get_item 模块 """ - for _ in range(2): - time.sleep(2) + for i in range(1, 4): + time.sleep(2 ** i) fileitem = self.get_item(path) if fileitem: return fileitem @@ -435,6 +441,9 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): ) if not init_resp: return None + if not init_resp.get("state"): + logger.warn(f"【115】上传二次认证失败: {init_resp.get('error')}") + return None # 二次认证结果 init_result = init_resp.get("data") logger.debug(f"【115】上传 Step 2 二次认证结果: {init_result}") @@ -787,8 +796,8 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): if resp["state"]: new_path = Path(path) / fileitem.name new_item = self._delay_get_item(new_path) - self.rename(new_item, new_name) - return True + if self.rename(new_item, new_name): + return True return False def move(self, fileitem: schemas.FileItem, path: Path, new_name: str) -> bool: @@ -817,8 +826,8 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): if resp["state"]: new_path = Path(path) / fileitem.name new_file = self._delay_get_item(new_path) - self.rename(new_file, new_name) - return True + if self.rename(new_file, new_name): + return True return False def link(self, fileitem: schemas.FileItem, target_file: Path) -> bool: From 926343ee86a03b5b2764c8ca8bebb45f9d3f827f Mon Sep 17 00:00:00 2001 From: DDSRem <73049927+DDSRem@users.noreply.github.com> Date: Fri, 5 Sep 2025 19:37:41 +0800 Subject: [PATCH 2/2] fix(u115): code logic vulnerabilities --- app/modules/filemanager/storages/u115.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/modules/filemanager/storages/u115.py b/app/modules/filemanager/storages/u115.py index 0cff5f38..f4a8e61d 100644 --- a/app/modules/filemanager/storages/u115.py +++ b/app/modules/filemanager/storages/u115.py @@ -796,6 +796,8 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): if resp["state"]: new_path = Path(path) / fileitem.name new_item = self._delay_get_item(new_path) + if not new_item: + return False if self.rename(new_item, new_name): return True return False @@ -826,6 +828,8 @@ class U115Pan(StorageBase, metaclass=WeakSingleton): if resp["state"]: new_path = Path(path) / fileitem.name new_file = self._delay_get_item(new_path) + if not new_file: + return False if self.rename(new_file, new_name): return True return False