From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
index 9fff05b..6850502 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
@@ -1,11 +1,14 @@
 package com.vci.ubcs.code.service.impl;
 
+import cn.hutool.db.sql.Query;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.vci.ubcs.code.applyjtcodeservice.entity.DockingPreMetaAttr;
 import com.vci.ubcs.code.applyjtcodeservice.vo.BaseModelVO;
 import com.vci.ubcs.code.bo.CodeClassifyFullInfoBO;
 import com.vci.ubcs.code.bo.CodeTemplateAttrSqlBO;
@@ -440,10 +443,18 @@
 				throw new VciBaseException("鏈煡璇㈠埌鐩稿叧鏁版嵁銆�");
 			}
 			//杩橀渶瑕佷慨鏀筧llCode鐨勭敓鍛藉懆鏈�
-			QueryWrapper<CodeAllCode> allCodeWrapper = new QueryWrapper<>();
-			allCodeWrapper.eq("createcodebtm", baseModelDTO.getBtmname());
-			allCodeWrapper.in("createcodeoid", oids);
-			List<CodeAllCode> codeCbos = codeAllCodeService.selectByWrapper(allCodeWrapper);// 鍥炴敹闇�瑕佷笟鍔℃暟鎹垹闄�
+			LambdaQueryWrapper<CodeAllCode> allCodeWrapper = Wrappers.<CodeAllCode>query().lambda();
+			allCodeWrapper.eq(CodeAllCode::getCreateCodeBtm, baseModelDTO.getBtmname());
+			allCodeWrapper.in(CodeAllCode::getCreateCodeOid, oids);
+
+			List<CodeAllCode> codeCbos = codeAllCodeService.selectByWrapper(allCodeWrapper);
+			if(codeCbos.size() != baseModels.size()){
+				throw new ServiceException("褰撳墠鍥炴敹鎿嶄綔涓煡璇㈠嚭鐨勪笟鍔℃暟鎹腑锛屽瓨鍦ㄥ鏉＄爜鍊兼暟鎹搴斿叧绯伙紝璇疯仈绯诲紑鍙戜汉鍛樺鏁版嵁杩涜鎺掓煡澶勭悊锛侊紒");
+			}
+			//杞负map鍚庣画鍙栫殑鏃跺�欐柟渚�
+			Map<String, BaseModel> baseModelMap = baseModels.stream().collect(Collectors.toMap(BaseModel::getId, baseModel -> baseModel));
+
+			// 鍥炴敹闇�瑕佷笟鍔℃暟鎹垹闄�
 			if (CodeDefaultLC.TASK_BACK.getValue().equals(baseModelDTO.getLcStatus())) {
 				R<List<BtmTypeVO>> listR = btmTypeClient.selectByIdCollection(Collections.singletonList(baseModelDTO.getBtmname()));
 				if (!listR.isSuccess() || listR.getData().size() == 0) {
@@ -462,12 +473,13 @@
 				}
 			}
 			// 鍒氬ソ椤哄簭鏄竴鑷寸殑锛屾墍浠ョ洿鎺ユ寜鐓odeallcode鐨勯『搴忔潵鎷夸笟鍔℃暟鎹�
-			int i = -1;
+			BaseModel baseModel = null;
 			for (CodeAllCode codeCbo : codeCbos) {
 				codeCbo.setLcStatus(baseModelDTO.getLcStatus());
 				// 濡傛灉鏄洖鏀讹紝灏遍渶瑕佸皢涓氬姟鏁版嵁瀛樺偍鍒扮爜鍊艰〃涓�
+				baseModel = baseModelMap.get(codeCbo.getId());
 				if (baseModelDTO.getLcStatus().equals(FrameWorkDefaultValueConstant.FRAMEWORK_RELEASE_TAKEBACK)) {
-					codeCbo.setBusinessData(JSON.toJSONString(baseModels.get(++i)));
+					codeCbo.setBusinessData(JSON.toJSONString(baseModel));
 				}
 			}
 			codeAllCodeService.updateBatchById(codeCbos);
@@ -496,7 +508,7 @@
 		return addSaveCode(orderDTO, true);
 	}
 
-	/***
+	/**
 	 * 闆嗘垚鍙彉鐮佹鐢宠鎺ュ彛
 	 * @param orderDTO 鐢宠鐨勪俊鎭紝闇�瑕佸寘鍚睘鎬х殑鍐呭鍜岀爜娈电浉鍏崇殑鍐呭
 	 * @return

--
Gitblit v1.9.3