From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java | 59 +++++++++++++++++++++++++++++++++++++++++------------------
1 files changed, 41 insertions(+), 18 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
index 040630c..fb2c8eb 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/CodeMdmInfaceImpl.java
@@ -56,6 +56,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
+import java.math.BigDecimal;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.*;
@@ -326,7 +327,15 @@
String fixedField=fixedFieldMap.getOrDefault("dr","");
dr = masterData.getOrDefault(fixedField, "").toString();
}
- object.setCode(masterData.getOrDefault(currentClassifyConfig.get().getSourceCodeKey(),"").toString());//缂栫爜
+ List<String> sourceCodeKeyList=VciBaseUtil.str2List(currentClassifyConfig.get().getSourceCodeKey());
+ //object.setCode(masterData.getOrDefault(currentClassifyConfig.get().getSourceCodeKey(),"").toString());//缂栫爜
+ if(!CollectionUtils.isEmpty(sourceCodeKeyList)) {
+ sourceCodeKeyList.stream().forEach(codekey -> {
+ if (StringUtils.isNotBlank(masterData.getOrDefault(codekey, "").toString())) {
+ object.setCode(masterData.getOrDefault(codekey, "").toString());//缂栫爜
+ }
+ });
+ }
object.setProp(proppertyVOList);
if (dr.equals(1)) {
@@ -341,6 +350,9 @@
codeList.add(object.getCode());
});
+ if(CollectionUtils.isEmpty(codeList)){
+ throw new Throwable("妫�鏌ラ厤缃枃浠�:銆恠ourceCodeKey銆戯紝鍞竴鏍囪瘑瀛楁鏄惁姝g‘");
+ }
String targetCodeKey=currentClassifyConfig.get().getTargetCodeKey();
StringBuffer sb = new StringBuffer();
sb.append(" select * from ");
@@ -357,7 +369,7 @@
ApplyDatasVO editDatasVO = new ApplyDatasVO();
if (!CollectionUtils.isEmpty(cboList)) {
//鏍规嵁MDM缂栫爜鍘诲垽鏂暟鎹槸鍚﹂噸澶�.
- Map<String, ClientBusinessObject> oldpplyDataVOMap = cboList.stream().filter(data -> data != null && StringUtils.isNotBlank(data.getAttributeValue(targetCodeKey))).collect(Collectors.toList()).stream().collect(Collectors.toMap(s -> s.getAttributeValue(targetCodeKey).toLowerCase(Locale.ROOT), t -> t));
+ Map<String, ClientBusinessObject> oldpplyDataVOMap = cboList.stream().filter(data -> data != null && StringUtils.isNotBlank(data.getAttributeValue(targetCodeKey))).collect(Collectors.toList()).stream().collect(Collectors.toMap(s -> s.getAttributeValue(targetCodeKey), t -> t));
//鏁版嵁搴撲笉瀛樺湪鐨�
List<ApplyDataVO> applyApplyDataVOList = applyDataVOList.stream().filter(cbo -> {
String code = cbo.getCode();
@@ -368,6 +380,8 @@
List<ApplyDataVO> editApplyDataVOList = applyDataVOList.stream().filter(cbo -> {
String code = cbo.getCode();
if (oldpplyDataVOMap.containsKey(code)) {
+ ClientBusinessObject object= oldpplyDataVOMap.get(code);
+ cbo.setCode(object.getId());
cbo.setOperate("update");
}
return oldpplyDataVOMap.containsKey(code);
@@ -482,7 +496,7 @@
mesg="闆嗘垚绯荤粺锛氥��"+systemCode+"銆戠敵璇风紪鐮佸け璐�:" + e.getMessage();
mesg = e.getMessage();
e.printStackTrace();
- throw new ServiceException(e.getMessage());
+ // throw new ServiceException(e.getMessage());
} finally {
XMLResultDataObjectDetailDO x = new XMLResultDataObjectDetailDO();
x.setId(rowData.getOid());
@@ -699,6 +713,7 @@
String dataValue = sourceKeyValueMap.get(sourceKey);
if (attrMapConfigMap.containsKey(sourceKey)) {
String targetKey = attrMapConfigMap.get(sourceKey);
+ log.info("xxxxx灞炴�ф槧灏勫��:sourceKey銆�"+sourceKey+"銆戔�斺�斻��+targetKey---銆�"+targetKey+":"+dataValue);
keyValueMap.put(targetKey, StringUtils.isBlank(dataValue)?"":dataValue);
}
});
@@ -835,25 +850,33 @@
* @param vaule
* @return
*/
- private String objectToStr(Object vaule){
+ private String objectToStr(Object vaule) {
String newValue="";
if(vaule ==null||"".equals(vaule)||vaule==""){
return "";
}
- if(vaule instanceof Integer){
- Integer intValue=(Integer)vaule;
- newValue=String.valueOf(intValue);
- }else if (vaule instanceof Boolean){
- boolean boolValue=(Boolean) vaule;
- newValue=Boolean.toString(boolValue);
- }else if(vaule instanceof Timestamp){
- Timestamp timestampValue=(Timestamp)vaule;
- newValue=timestamp2Str(timestampValue);
- }else if(vaule instanceof Date){
- Date dataValue=(Date) vaule;
- newValue = date2Str(dataValue,"yyyy-MM-dd HH:mm:ss");
- }else {
- return vaule.toString();
+ try {
+ if (vaule instanceof Integer) {
+ Integer intValue = (Integer) vaule;
+ newValue = String.valueOf(intValue);
+ } else if (vaule instanceof Boolean) {
+ boolean boolValue = (Boolean) vaule;
+ newValue = Boolean.toString(boolValue);
+ } else if (vaule instanceof Timestamp) {
+ Timestamp timestampValue = (Timestamp) vaule;
+ newValue = timestamp2Str(timestampValue);
+ } else if (vaule instanceof Date) {
+ Date dataValue = (Date) vaule;
+ newValue = date2Str(dataValue, "yyyy-MM-dd HH:mm:ss");
+ }else if (vaule instanceof BigDecimal){
+ BigDecimal bigDecimal=(BigDecimal)vaule;
+ newValue = bigDecimal.toString();
+ } else {
+ return vaule.toString();
+ }
+ }catch (Throwable e){
+ // log.error("灞炴�х被鍨嬭浆鎹㈤敊璇�",e);
+ e.printStackTrace();
}
return newValue;
}
--
Gitblit v1.9.3