From 17925215d37dd97d744c9296b185aeb16d3e44fb Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 20:06:12 +0800
Subject: [PATCH] URL请求路径安全校验

---
 Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/controller/DeployAppsController.java |   24 +++++++++++++++---------
 1 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/controller/DeployAppsController.java b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/controller/DeployAppsController.java
index 133fd58..05dd46f 100644
--- a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/controller/DeployAppsController.java
+++ b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/controller/DeployAppsController.java
@@ -1,27 +1,22 @@
 package com.vci.ubcs.deploy.controller;
 
 import com.alibaba.nacos.shaded.com.google.protobuf.ServiceException;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
 import com.vci.ubcs.deploy.entity.DeployApps;
 import com.vci.ubcs.deploy.service.IDeployAppsService;
 import com.vci.ubcs.deploy.vo.DeployAppsVO;
-import com.vci.ubcs.starter.util.LocalFileUtil;
-import com.vci.ubcs.starter.web.util.ControllerUtil;
-import com.vci.ubcs.starter.web.util.LangBaseUtil;
 import io.swagger.annotations.Api;
-import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.http.auth.AuthenticationException;
 import org.springblade.core.tenant.annotation.NonDS;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.utils.Func;
-import org.springframework.http.ResponseEntity;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import springfox.documentation.annotations.ApiIgnore;
 
 import javax.servlet.ServletRequest;
-import java.io.File;
 import java.util.List;
 
 /**
@@ -39,6 +34,12 @@
 public class DeployAppsController {
 
 	private final IDeployAppsService deployAppsService;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	@Autowired
+	private ComprehensiveFileValidator fileValidator;
 
 	/**
 	 * 鑾峰彇鏈嶅姟杩愯鍒楄〃
@@ -70,7 +71,7 @@
 	 */
 	@PostMapping("/saveOrUpdateServiceInfo")
 	public R saveOrUpdateDefault(@RequestBody DeployAppsVO deployAppsVO) throws ServiceException {
-		return R.status(deployAppsService.saveOrUpdateServiceInfo(deployAppsVO));
+		return deployAppsService.saveOrUpdateServiceInfo(deployAppsVO);
 	}
 
 	/**
@@ -93,10 +94,15 @@
 	 */
 	@PostMapping("/importUpdateServiceJar")
 	public R importClassify(@RequestParam("files") MultipartFile[] files,@RequestParam String serverName) throws ServiceException {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.MultiUploadValidationResult quickResult = fileValidator.validateFiles(files, true);
+		if (!quickResult.isValid()) {
+			return R.fail(quickResult.getMessage());
+		}
 		if(Func.isBlank(serverName)){
 			return R.fail("Mandatory parameter service name not found!");
 		}
-		return deployAppsService.importClassify(files,serverName);
+		return deployAppsService.importJarUpdate(files,serverName);
 	}
 
 	/**

--
Gitblit v1.9.3