fix：修复导出excel DDE漏洞 --bug=152262094 【CMDB】导出excel表格DDE漏洞

elizabevil · elizabevil · commit 1ced5077c70c · 2026-01-26T01:27:08.000-05:00
diff --git a/pkg/excel/style.go b/pkg/excel/style.go
@@ -25,10 +25,12 @@ type Style struct {
 	Fill   *Fill
 	Border []Border
 	Font   *Font
+	NumFmt int
 }
 
 func (s *Style) convert() (*excelize.Style, error) {
 	style := new(excelize.Style)
+	style.NumFmt = s.NumFmt
 	if s.Fill != nil {
 		fill, err := s.Fill.convert()
 		if err != nil {
diff --git a/src/web_server/service/excel/operator/inst/exporter/inst_func.go b/src/web_server/service/excel/operator/inst/exporter/inst_func.go
@@ -36,13 +36,39 @@ var handleSpecialInstFieldFuncMap = make(map[string]handleInstFieldFunc)
 func init() {
 	handleInstFieldFuncMap[common.FieldTypeInt] = getHandleIntFieldFunc()
 	handleInstFieldFuncMap[common.FieldTypeFloat] = getHandleFloatFieldFunc()
+	handleInstFieldFuncMap[common.FieldTypeSingleChar] = getHandleCharFieldFunc()
+	handleInstFieldFuncMap[common.FieldTypeLongChar] = getHandleCharFieldFunc()
 	handleInstFieldFuncMap[common.FieldTypeEnum] = getHandleEnumFieldFunc()
 	handleInstFieldFuncMap[common.FieldTypeEnumMulti] = getHandleEnumMultiFieldFunc()
 	handleInstFieldFuncMap[common.FieldTypeBool] = getHandleBoolFieldFunc()
 	handleInstFieldFuncMap[common.FieldTypeInnerTable] = getHandleTableFieldFunc()
 
 	handleSpecialInstFieldFuncMap[common.BKCloudIDField] = getHandleInstCloudAreaFunc()
 }
+func getHandleCharFieldFunc() handleInstFieldFunc {
+	return func(e *Exporter, property *core.ColProp, val interface{}) ([][]excel.Cell, error) {
+		if val == nil {
+			return [][]excel.Cell{getRowWithOneCell()}, nil
+		}
+
+		strVal := util.GetStrByInterface(val)
+		strVal = handleDDE(strVal)
+		handleFunc := getDefaultHandleFieldFunc()
+		return handleFunc(e, property, strVal)
+	}
+}
+
+// handleDDE Add a prefix of ' to the characters '=', '+', '-', '@' to disrupt the Excel DDE formula
+func handleDDE(str string) string {
+	prefix := strings.TrimSpace(str)
+	if len(prefix) > 0 {
+		switch prefix[0] {
+		case '=', '+', '-', '@':
+			prefix = `'` + prefix
+		}
+	}
+	return prefix
+}
 
 func getHandleInstFieldFunc(property *core.ColProp) handleInstFieldFunc {
 	handleFunc, isSpecial := handleSpecialInstFieldFuncMap[property.ID]
@@ -231,13 +257,13 @@ func getHandleTableFieldFunc() handleInstFieldFunc {
 
 func getDefaultHandleFieldFunc() handleInstFieldFunc {
 	return func(e *Exporter, property *core.ColProp, val interface{}) ([][]excel.Cell, error) {
-		var styleID int
+		style := normalField
 		if property.NotEditable {
-			var err error
-			styleID, err = e.styleCreator.getStyle(noEditField)
-			if err != nil {
-				return nil, err
-			}
+			style = noEditField
+		}
+		styleID, err := e.styleCreator.getPropertyStyle(style, property.PropertyType)
+		if err != nil {
+			return nil, err
 		}
 
 		result := make([][]excel.Cell, singleCellLen)
diff --git a/src/web_server/service/excel/operator/inst/exporter/style.go b/src/web_server/service/excel/operator/inst/exporter/style.go
@@ -18,6 +18,7 @@ package exporter
 
 import (
 	"configcenter/pkg/excel"
+	"configcenter/src/common"
 )
 
 type styleType string
@@ -37,6 +38,8 @@ const (
 	noEditField styleType = "noEditField"
 	// example 例子数据的单元格类型
 	example styleType = "example"
+	// normalField 普通数据单元格类型
+	normalField styleType = "normal"
 
 	requiredFieldColor = "#FF0000"
 	noEditHeaderColor  = "fabf8f"
@@ -52,6 +55,30 @@ var generalBorder = []excel.Border{
 	{Type: excel.Left, Color: borderColor, Style: 1}, {Type: excel.Right, Color: borderColor, Style: 1},
 	{Type: excel.Top, Color: borderColor, Style: 1}, {Type: excel.Bottom, Color: borderColor, Style: 1},
 }
+var styleTypeMap = map[styleType]excel.Style{
+	requiredField: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{noEditHeaderColor}, Pattern: 1},
+		Border: generalBorder},
+
+	noEditHeader: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{noEditFieldColor}, Pattern: 1},
+		Border: generalBorder},
+
+	noEditField: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{firstRowColor}, Pattern: 1},
+		Border: generalBorder},
+
+	firstRow: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{generalHeaderColor}, Pattern: 1},
+		Border: generalBorder},
+
+	generalHeader: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{tableHeaderColor}, Pattern: 1},
+		Border: generalBorder},
+
+	tableHeader: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{exampleColor}, Pattern: 1},
+		Border: generalBorder},
+
+	example: {Fill: &excel.Fill{Type: excel.Pattern, Color: []string{firstRowColor}, Pattern: 1},
+		Border: generalBorder, Font: &excel.Font{Color: requiredFieldColor}},
+
+	normalField: {Fill: &excel.Fill{Type: excel.Pattern, Pattern: 1}, Border: generalBorder},
+}
 
 var createStyleFuncMap = make(map[styleType]createStyleFunc)
 
@@ -67,6 +94,35 @@ func init() {
 
 type createStyleFunc func(s *styleCreator) (int, error)
 
+// handlePropertyTypeNumFmt propType->excel code
+func handlePropertyTypeNumFmt(propType string) int {
+	switch propType {
+	case common.FieldTypeInt:
+		return 1
+	case common.FieldTypeFloat:
+		return 2
+	case common.FieldTypeLongChar, common.FieldTypeSingleChar:
+		return 49
+	case common.FieldTypeInnerTable,
+		common.FieldTypeEnum,
+		common.FieldTypeEnumMulti,
+		common.FieldTypeBool:
+		return 0
+	}
+	return 0
+}
+
+func getDataStyleFunc(style styleType, property string) createStyleFunc {
+	return func(s *styleCreator) (int, error) {
+		style := styleTypeMap[style]
+		style.NumFmt = handlePropertyTypeNumFmt(property)
+		result, err := s.excel.NewStyle(&style)
+		if err != nil {
+			return 0, err
+		}
+		return result, nil
+	}
+}
 func getNoEditHeaderStyleFunc() createStyleFunc {
 	return func(s *styleCreator) (int, error) {
 		style := &excel.Style{Fill: &excel.Fill{Type: "pattern", Color: []string{noEditHeaderColor}, Pattern: 1},
@@ -205,3 +261,22 @@ func (s *styleCreator) getStyle(style styleType) (int, error) {
 
 	return result, nil
 }
+
+func (s *styleCreator) getPropertyStyle(style styleType, propertyType string) (int, error) {
+
+	if len(propertyType) == 0 {
+		return s.getStyle(style)
+	}
+
+	styleKey := styleType(string(style) + "_" + propertyType)
+	result, ok := s.styleMap[styleKey]
+	if !ok {
+		var err error
+		result, err = getDataStyleFunc(style, propertyType)(s)
+		if err != nil {
+			return 0, err
+		}
+		s.styleMap[styleKey] = result
+	}
+	return result, nil
+}
