Giter Site home page Giter Site logo

kalvingit / kvf-admin Goto Github PK

View Code? Open in Web Editor NEW
439.0 16.0 164.0 10.1 MB

kvf-admin是一套基于springboot、mybatis、shiro及layui的轻量级快速开发框架、脚手架、后台管理系统、权限系统、基于activiti6整合的工作流OA系统,上手简单,拿来即用。

Home Page: http://kvfadmin.kalvinbg.cn

License: MIT License

Java 99.49% Dockerfile 0.01% Shell 0.01% Less 0.50%
admin layui-admin activiti6 mybatis-plus spring-boot code-generator spring-mvc docker

kvf-admin's People

Contributors

kalvingit avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

khari21 mytripod yangzilong1986 xlwt2113 wutougui shihangqi zhangdong86 smile2049 dongann penbor anyine weico-xlb yuamo hinate phh2008 739568808 mizong xiaomi6 cnpepper wngpenghao andlygao zhanglei huangweil tellerattack chenzen94 jolejian2012 dairuijie lirunsheng qingo00o gitkra dongshanghua pananshuai ftao82 c740514683 zhaoing jamesyu89 zhangzhenguan linsheng234 zhanglj888 sunjieyi y0911 learnjingjin alexsworld 18159412089 xu-x-lcc wushipan123 panpanda kinsirz dalige88 guardhub849529806 mywaystay fenghao13 wangscript007 lovepli dystudio yue818 matng chivasan itmandy nearpengju123 lotusmboo l48x4264l46 zzh2334 noobxrw pk87654 freedomjax yin-quan jerryking1980qq bitorange 399601829 zhudunfeng hanwenjun wanshijiain admlke dyfbj1208 shiverzm mahu8766 xhuanghun sanliu2015 wanghui66 jifffffy yunshitiger user7124732 dj-yc yingkuiwen supair gongzhijian sirgaga cxl6688 jiazhiwen ywtnhm iuriimattos2 whyloveyou yanzheng326 zmjheart codebyteme ahyanhailong anglabace xingxiuyi javamanyy

kvf-admin's Issues

流程过程错误

在请假流程发起请假的时候,显示错误
Unknown property used in expression: ${result == 'access'}

quarz.sql 运行报错

[Err] 1046 - No database selected
[Err] -- quartz自带表结构
-- 需要用到定时任务才需要创建
DROP TABLE IF EXISTS qrtz_blob_triggers;
DROP TABLE IF EXISTS qrtz_calendars;
DROP TABLE IF EXISTS qrtz_cron_triggers;
DROP TABLE IF EXISTS qrtz_fired_triggers;
DROP TABLE IF EXISTS qrtz_job_details;
DROP TABLE IF EXISTS qrtz_locks;
DROP TABLE IF EXISTS qrtz_paused_trigger_grps;
DROP TABLE IF EXISTS qrtz_scheduler_state;
DROP TABLE IF EXISTS qrtz_simple_triggers;
DROP TABLE IF EXISTS qrtz_simprop_triggers;
DROP TABLE IF EXISTS qrtz_triggers;

CREATE TABLE QRTZ_JOB_DETAILS(
SCHED_NAME VARCHAR(120) NOT NULL,
JOB_NAME VARCHAR(200) NOT NULL,
JOB_GROUP VARCHAR(200) NOT NULL,
DESCRIPTION VARCHAR(250) NULL,
JOB_CLASS_NAME VARCHAR(250) NOT NULL,
IS_DURABLE VARCHAR(1) NOT NULL,
IS_NONCONCURRENT VARCHAR(1) NOT NULL,
IS_UPDATE_DATA VARCHAR(1) NOT NULL,
REQUESTS_RECOVERY VARCHAR(1) NOT NULL,
JOB_DATA BLOB NULL,
PRIMARY KEY (SCHED_NAME,JOB_NAME,JOB_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_TRIGGERS (
SCHED_NAME VARCHAR(120) NOT NULL,
TRIGGER_NAME VARCHAR(200) NOT NULL,
TRIGGER_GROUP VARCHAR(200) NOT NULL,
JOB_NAME VARCHAR(200) NOT NULL,
JOB_GROUP VARCHAR(200) NOT NULL,
DESCRIPTION VARCHAR(250) NULL,
NEXT_FIRE_TIME BIGINT(13) NULL,
PREV_FIRE_TIME BIGINT(13) NULL,
PRIORITY INTEGER NULL,
TRIGGER_STATE VARCHAR(16) NOT NULL,
TRIGGER_TYPE VARCHAR(8) NOT NULL,
START_TIME BIGINT(13) NOT NULL,
END_TIME BIGINT(13) NULL,
CALENDAR_NAME VARCHAR(200) NULL,
MISFIRE_INSTR SMALLINT(2) NULL,
JOB_DATA BLOB NULL,
PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),
FOREIGN KEY (SCHED_NAME,JOB_NAME,JOB_GROUP)
REFERENCES QRTZ_JOB_DETAILS(SCHED_NAME,JOB_NAME,JOB_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_SIMPLE_TRIGGERS (
SCHED_NAME VARCHAR(120) NOT NULL,
TRIGGER_NAME VARCHAR(200) NOT NULL,
TRIGGER_GROUP VARCHAR(200) NOT NULL,
REPEAT_COUNT BIGINT(7) NOT NULL,
REPEAT_INTERVAL BIGINT(12) NOT NULL,
TIMES_TRIGGERED BIGINT(10) NOT NULL,
PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),
FOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)
REFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_CRON_TRIGGERS (
SCHED_NAME VARCHAR(120) NOT NULL,
TRIGGER_NAME VARCHAR(200) NOT NULL,
TRIGGER_GROUP VARCHAR(200) NOT NULL,
CRON_EXPRESSION VARCHAR(120) NOT NULL,
TIME_ZONE_ID VARCHAR(80),
PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),
FOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)
REFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_SIMPROP_TRIGGERS
(
SCHED_NAME VARCHAR(120) NOT NULL,
TRIGGER_NAME VARCHAR(200) NOT NULL,
TRIGGER_GROUP VARCHAR(200) NOT NULL,
STR_PROP_1 VARCHAR(512) NULL,
STR_PROP_2 VARCHAR(512) NULL,
STR_PROP_3 VARCHAR(512) NULL,
INT_PROP_1 INT NULL,
INT_PROP_2 INT NULL,
LONG_PROP_1 BIGINT NULL,
LONG_PROP_2 BIGINT NULL,
DEC_PROP_1 NUMERIC(13,4) NULL,
DEC_PROP_2 NUMERIC(13,4) NULL,
BOOL_PROP_1 VARCHAR(1) NULL,
BOOL_PROP_2 VARCHAR(1) NULL,
PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),
FOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)
REFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_BLOB_TRIGGERS (
SCHED_NAME VARCHAR(120) NOT NULL,
TRIGGER_NAME VARCHAR(200) NOT NULL,
TRIGGER_GROUP VARCHAR(200) NOT NULL,
BLOB_DATA BLOB NULL,
PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),
INDEX (SCHED_NAME,TRIGGER_NAME, TRIGGER_GROUP),
FOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)
REFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE QRTZ_CALENDARS (
SCHED_NAME VARCHAR(120) NOT NULL,
CALENDAR_NAME VARCHAR(200) NOT NULL,
CALENDAR BLOB NOT NULL,
PRIMARY KEY (SCHED_NAME,CALENDAR_NAME))
ENGINE=InnoDB DEFAULT CHARSET=utf8;

[Msg] Finished - Unsuccessfully

寻求课程合作

hi,我们对您分享的这个工单系统项目十分感兴趣,希望能与您进根据此项目进行课程合作,但是 github 上没有留下您的联系方式,可以在这里留下您的邮箱或微信,方便我们与您建立联系;或者可以直接联系我们的官方合作微信号 “shiyanloukecheng”,期待您的回复。

activiti分支 工作流管理-》表单管理-》新建表单报错

Error updating database. Cause: java.sql.SQLSyntaxErrorException: Unknown column 'bind_table' in 'field list' ### The error may exist in com/kalvin/kvf/modules/workflow/mapper/FormMapper.java (best guess) ### The error may involve com.kalvin.kvf.modules.workflow.mapper.FormMapper.insert-Inline ### The error occurred while setting parameters ### SQL: INSERT INTO wf_form ( code, name, type, theme, design_data, bind_table, service_bean, entity_clazz, show_columns ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? ) ### Cause: java.sql.SQLSyntaxErrorException: Unknown column 'bind_table' in 'field list' ; bad SQL grammar []; nested exception is java.sql.SQLSyntaxErrorException: Unknown column 'bind_table' in 'field list'

原因:wf_form表少了bind_table, service_bean, entity_clazz, show_columns字段
up主记得更新kvf_admin_activiti.sql文件

CREATE TABLE wf_form (
id bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
code varchar(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '表单代号',
name varchar(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '表单名称',
type tinyint(2) NOT NULL DEFAULT 0 COMMENT '表单类型。0:简单表单;1:复杂表单;',
theme varchar(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '表单主题。不配置默认为表单名称',
design_data text CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL COMMENT '表单设计数据。',
js_code text CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL COMMENT '表单js代码。仅当复杂表单才有',
create_time datetime(0) NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
update_time datetime(0) NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP(0) COMMENT '更新时间',
PRIMARY KEY (id) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 10 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci COMMENT = '表单设计表' ROW_FORMAT = Dynamic;

流程图绘制优化

希望在绘制流程图时,可以在选择审批人时自动查询出系统里的用户

There is a deserialization vulnerability that can cause RCE

The author sets a fixed key in the com.kalvin.kvf.common.shiro.ShiroConfig file and uses this key to encrypt the rememberMe parameter in the cookie. This situation can cause a deserialization attack with very serious consequences.
2
Set up a local environment for attacks. When the attacker logs in and selects remember me, the cookie will have the rememberMe field
3

Blast the field and find that the encoded key is 2AvVhdsgUs0FSA3SDFAdag==, which is the same as the one set in the source code

After an audit, I found that the source code contains commons-beanutils-1.9.4.jar dependency, which is actually a dependency included in shiro.
Using this dependency, it is possible to generate a deserialized payload and then encrypt the payload using the key obtained by blasting.
Finally, write this payload after the rememberMe field and attack it. Successful RCE
00

Note that the JSESSIONID in the cookie field should be deleted, otherwise the system will make judgments directly based on the JSESSIONID.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.