From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 105 insertions(+), 10 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
index 14c5bc0..fb2c8eb 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
@@ -56,6 +56,9 @@
import javax.servlet.http.HttpServletRequest;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
+import java.math.BigDecimal;
+import java.sql.Timestamp;
+import java.text.SimpleDateFormat;
import java.util.*;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.ForkJoinPool;
@@ -158,6 +161,8 @@
// webservice璇锋眰鏂瑰紡鑾峰彇HttpServletRequest瀵硅薄
request = (HttpServletRequest)webServiceContext.getMessageContext().get(MessageContext.SERVLET_REQUEST);
}catch (Exception e){
+ e.printStackTrace();
+ log.error("鑾峰彇httpServletRequest澶辫触锛屽師鍥�:***********:",e);
throw new ServiceException("鑾峰彇httpServletRequest澶辫触锛屽師鍥�:"+e.getMessage());
}
}else {
@@ -173,7 +178,7 @@
List<ResultMdMapping> resultMdMappingList=new ArrayList<>();
String message="";
AtomicBoolean success = new AtomicBoolean(true);
- List<Map<String,String>> masterDataList = new ArrayList<>();
+ List<Map<String,Object>> masterDataList = new ArrayList<>();
AtomicReference<ClassifyConfig> currentClassifyConfig = new AtomicReference<>(new ClassifyConfig());
try {
if (mdmParamData == null) {
@@ -213,12 +218,14 @@
});
masterDataList.stream().forEach(masterData -> {
masterData.forEach((field, vaule) -> {
+ String newValue="";
if (fieldClassifyConfigMap.containsKey(field)) {
- vaule=StringUtils.isBlank(vaule) ? "" : vaule;
+ //vaule=StringUtils.isBlank(vaule) ? "" : vaule;
+ newValue=objectToStr(vaule);
List<ClassifyConfig> classifyConfigs = fieldClassifyConfigMap.get(field);
Map<String, ClassifyConfig> classifyConfigMap = classifyConfigs.stream().filter(classify -> classify != null && StringUtils.isNotBlank(classify.getSourceClassifyCode())).collect(Collectors.toList()).stream().collect(Collectors.toMap(s -> s.getSourceClassifyCode(), t -> t));
- if (classifyConfigMap.containsKey(vaule)) {
- currentClassifyConfig.set(classifyConfigMap.get(vaule));
+ if (classifyConfigMap.containsKey(newValue)) {
+ currentClassifyConfig.set(classifyConfigMap.get(newValue));
}
}
});
@@ -282,8 +289,9 @@
/***
* 鏍规嵁閰嶇疆鏂囦欢鑾峰彇鏋氫妇鍊�
*/
+ String newValue=objectToStr(vaule);
if(fields.contains(field)){//濡傛灉鏄灇涓撅紝鍒欓渶瑕佽浆鎹㈡灇涓惧��
- String enumFiled = masterData.get(field);
+ String enumFiled = newValue;
EnumerableData enumerableData = JSONObject.toJavaObject(JSONObject.parseObject(enumFiled), EnumerableData.class);
String enumCode = enumerableData.getCode();
//String enumCodeValue=enumerableData.getName();
@@ -294,7 +302,7 @@
}else {
ProppertyVO proppertyVO = new ProppertyVO();
proppertyVO.setKey(field);
- proppertyVO.setValue(vaule);
+ proppertyVO.setValue(newValue);
proppertyVOList.add(proppertyVO);
}
@@ -319,7 +327,15 @@
String fixedField=fixedFieldMap.getOrDefault("dr","");
dr = masterData.getOrDefault(fixedField, "").toString();
}
- object.setCode(masterData.getOrDefault(currentClassifyConfig.get().getSourceCodeKey(),"").toString());//缂栫爜
+ List<String> sourceCodeKeyList=VciBaseUtil.str2List(currentClassifyConfig.get().getSourceCodeKey());
+ //object.setCode(masterData.getOrDefault(currentClassifyConfig.get().getSourceCodeKey(),"").toString());//缂栫爜
+ if(!CollectionUtils.isEmpty(sourceCodeKeyList)) {
+ sourceCodeKeyList.stream().forEach(codekey -> {
+ if (StringUtils.isNotBlank(masterData.getOrDefault(codekey, "").toString())) {
+ object.setCode(masterData.getOrDefault(codekey, "").toString());//缂栫爜
+ }
+ });
+ }
object.setProp(proppertyVOList);
if (dr.equals(1)) {
@@ -334,6 +350,9 @@
codeList.add(object.getCode());
});
+ if(CollectionUtils.isEmpty(codeList)){
+ throw new Throwable("妫�鏌ラ厤缃枃浠�:銆恠ourceCodeKey銆戯紝鍞竴鏍囪瘑瀛楁鏄惁姝g‘");
+ }
String targetCodeKey=currentClassifyConfig.get().getTargetCodeKey();
StringBuffer sb = new StringBuffer();
sb.append(" select * from ");
@@ -350,7 +369,7 @@
ApplyDatasVO editDatasVO = new ApplyDatasVO();
if (!CollectionUtils.isEmpty(cboList)) {
//鏍规嵁MDM缂栫爜鍘诲垽鏂暟鎹槸鍚﹂噸澶�.
- Map<String, ClientBusinessObject> oldpplyDataVOMap = cboList.stream().filter(data -> data != null && StringUtils.isNotBlank(data.getAttributeValue(targetCodeKey))).collect(Collectors.toList()).stream().collect(Collectors.toMap(s -> s.getAttributeValue(targetCodeKey).toLowerCase(Locale.ROOT), t -> t));
+ Map<String, ClientBusinessObject> oldpplyDataVOMap = cboList.stream().filter(data -> data != null && StringUtils.isNotBlank(data.getAttributeValue(targetCodeKey))).collect(Collectors.toList()).stream().collect(Collectors.toMap(s -> s.getAttributeValue(targetCodeKey), t -> t));
//鏁版嵁搴撲笉瀛樺湪鐨�
List<ApplyDataVO> applyApplyDataVOList = applyDataVOList.stream().filter(cbo -> {
String code = cbo.getCode();
@@ -361,6 +380,8 @@
List<ApplyDataVO> editApplyDataVOList = applyDataVOList.stream().filter(cbo -> {
String code = cbo.getCode();
if (oldpplyDataVOMap.containsKey(code)) {
+ ClientBusinessObject object= oldpplyDataVOMap.get(code);
+ cbo.setCode(object.getId());
cbo.setOperate("update");
}
return oldpplyDataVOMap.containsKey(code);
@@ -434,6 +455,8 @@
});
}catch (Throwable e){
mesg="璁$畻鐮佹鐮佸�煎嚭鐜板紓甯�:"+e.getMessage();
+ e.printStackTrace();
+ log.error("璁$畻鐮佹鐮佸�煎嚭鐜板紓甯�,鍘熷洜:***********:",e);
new Throwable("璁$畻鐮佹鐮佸�煎嚭鐜板紓甯�:"+e.getMessage());
}
}
@@ -469,10 +492,11 @@
}
}
} catch (Exception e) {
+ log.error("闆嗘垚绯荤粺锛氥��"+systemCode+"銆戠敵璇风紪鐮佸け璐�:锛屽師鍥�:***********:",e);
mesg="闆嗘垚绯荤粺锛氥��"+systemCode+"銆戠敵璇风紪鐮佸け璐�:" + e.getMessage();
mesg = e.getMessage();
e.printStackTrace();
- throw new ServiceException(e.getMessage());
+ // throw new ServiceException(e.getMessage());
} finally {
XMLResultDataObjectDetailDO x = new XMLResultDataObjectDetailDO();
x.setId(rowData.getOid());
@@ -501,6 +525,8 @@
log.info("end锛氱敵璇疯幏鍙栧畬姣�");
}
} catch (Throwable e) {
+ e.printStackTrace();
+ log.error("闆嗘垚绯荤粺锛氥��"+systemCode+"銆戞墽琛岄泦鎴愬け璐�:",e);
success.set(false);
message = "闆嗘垚绯荤粺锛氥��"+systemCode+"銆戞墽琛岄泦鎴愬け璐�:" + e.getMessage();
msg ="闆嗘垚绯荤粺锛氥��"+systemCode+"銆戞墽琛岄泦鎴愬け璐�" + e.getMessage();
@@ -529,6 +555,7 @@
//璁板綍鏃ュ織
this.saveLogs(systemCode, systemCode, data, resultStr, success.get(), msg, "syncDataForMDM");
} catch (Throwable e) {
+ log.error("淇濆瓨鏃ュ織鍑洪敊,鍘熷洜:",e);
e.printStackTrace();
}
return mdmResultData;
@@ -586,6 +613,8 @@
}
}catch (Throwable e){
objerrorCode="100";
+ log.error("鑾峰彇鍒嗙被淇℃伅澶辫触:",e);
+ e.printStackTrace();
throw new Throwable("鑾峰彇鍒嗙被淇℃伅澶辫触:"+e.getMessage());
}
return classifyVO;
@@ -608,6 +637,7 @@
} catch (Throwable e) {
objerrorCode = "1";
e.printStackTrace();
+ log.error("闆嗘垚绯荤粺鏍囪瘑涓猴細銆�" + systemId + "銆戯紝鍒嗙被搴撲负:銆�" + libray + "銆戠殑闆嗘垚灞炴�ч厤缃枃浠惰鍙栧け璐�",e);
throw new Throwable("闆嗘垚绯荤粺鏍囪瘑涓猴細銆�" + systemId + "銆戯紝鍒嗙被搴撲负:銆�" + libray + "銆戠殑闆嗘垚灞炴�ч厤缃枃浠惰鍙栧け璐�");
}
// String path = stringStringMap.get(systemId);
@@ -683,6 +713,7 @@
String dataValue = sourceKeyValueMap.get(sourceKey);
if (attrMapConfigMap.containsKey(sourceKey)) {
String targetKey = attrMapConfigMap.get(sourceKey);
+ log.info("xxxxx灞炴�ф槧灏勫��:sourceKey銆�"+sourceKey+"銆戔�斺�斻��+targetKey---銆�"+targetKey+":"+dataValue);
keyValueMap.put(targetKey, StringUtils.isBlank(dataValue)?"":dataValue);
}
});
@@ -708,7 +739,9 @@
dataObjectVO.setRowData(rowDataList);
}catch (Throwable e){
objerrorCode="1";
- throw new Throwable("缁勭粐鏁版嵁鏄犲皠鍊煎け璐�");
+ e.printStackTrace();
+ log.error("缁勭粐鏁版嵁鏄犲皠鍊煎け璐�",e);
+ throw new Throwable("缁勭粐鏁版嵁鏄犲皠鍊煎け璐�"+e);
}
}
/*private void codeValueList(List<CodeBasicSecVO> secVOList,String codeseclengthfield ){
@@ -811,4 +844,66 @@
dockingLogeService.save(dockingLoge);
log.info("闆嗘垚鎺ㄩ�佹暟鎹�,systemId:"+systemId+",systemname:"+systemName+",operation:"+operation+",param:"+parmaData);
}
+
+ /***
+ * 灞炴�х被鍨嬭浆鎹�
+ * @param vaule
+ * @return
+ */
+ private String objectToStr(Object vaule) {
+ String newValue="";
+ if(vaule ==null||"".equals(vaule)||vaule==""){
+ return "";
+ }
+ try {
+ if (vaule instanceof Integer) {
+ Integer intValue = (Integer) vaule;
+ newValue = String.valueOf(intValue);
+ } else if (vaule instanceof Boolean) {
+ boolean boolValue = (Boolean) vaule;
+ newValue = Boolean.toString(boolValue);
+ } else if (vaule instanceof Timestamp) {
+ Timestamp timestampValue = (Timestamp) vaule;
+ newValue = timestamp2Str(timestampValue);
+ } else if (vaule instanceof Date) {
+ Date dataValue = (Date) vaule;
+ newValue = date2Str(dataValue, "yyyy-MM-dd HH:mm:ss");
+ }else if (vaule instanceof BigDecimal){
+ BigDecimal bigDecimal=(BigDecimal)vaule;
+ newValue = bigDecimal.toString();
+ } else {
+ return vaule.toString();
+ }
+ }catch (Throwable e){
+ // log.error("灞炴�х被鍨嬭浆鎹㈤敊璇�",e);
+ e.printStackTrace();
+ }
+ return newValue;
+ }
+
+ private String date2Str(Date date, String format) {
+ if (null == date) {
+ return null;
+ } else {
+ if (format == null || format.trim().length() == 0) {
+ format = "yyyy-MM-dd HH:mm:ss.SSS";
+ }
+
+ SimpleDateFormat sdf = new SimpleDateFormat(format);
+ return sdf.format(date);
+ }
+ }
+
+ private String timestamp2Str(Timestamp time) {
+ Date date = null;
+ if (null == time) {
+ return null;
+ } else {
+ if (null != time) {
+ date = new Date(time.getTime());
+ }
+
+ return date2Str(date, "yyyy-MM-dd HH:mm:ss.SSS");
+ }
+ }
}
--
Gitblit v1.9.3