From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java | 47 +++++++++++++++++++++++++++++------------------
1 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
index 22f9c36..364dedf 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
@@ -3,6 +3,7 @@
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.StringUtils;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.google.protobuf.ServiceException;
import com.vci.ubcs.code.applyjtcodeservice.feign.IMdmInterJtClient;
@@ -430,6 +431,7 @@
throw new VciBaseException("妯℃澘娌℃湁閰嶇疆灞炴��");
}
}
+ //鍓旈櫎鎺夐粯璁ょ殑灞炴�э紝浠ュ強琛ㄥ崟涓嶆樉绀虹殑灞炴��
List<CodeClassifyTemplateAttrVO> templateAttrVOS = codeClassifyTemplateAttrVOList.stream().filter(s ->
!DEFAULT_ATTR_LIST.contains(s.getId())
&& StringUtils.isBlank(s.getComponentRule())
@@ -1246,19 +1248,21 @@
//鎴戜滑闇�瑕佸厛鏌ヨ涓�涓嬶紝鍐呭鏄惁宸茬粡瀛樺湪
if (!CollectionUtils.isEmpty(thisCbos)) {
List<String> existIds = new ArrayList<>();
+ // TODO: 2024/12/3 Ludc 杩欏効鏌ヨ鍋氫簡淇敼鏀规垚缁勬垚涓�鍙ql鏌ヨ锛岃�屼笉鏄垎鎵规鏌ヨ
+ LambdaQueryWrapper<CodeAllCode> wrapper = Wrappers.<CodeAllCode>query().lambda()
+ .eq(CodeAllCode::getCodeRuleOid, ruleOid);
VciBaseUtil.switchCollectionForOracleIn(thisCbos).stream().forEach(cbos -> {
- List<CodeAllCode> codeAllCodeList = codeAllCodeService.selectByWrapper(Wrappers.<CodeAllCode>query().lambda().eq(CodeAllCode::getCodeRuleOid, ruleOid)
- .notIn(CodeAllCode::getId, cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0]))
- .notIn(CodeAllCode::getLcStatus, CodeAllCodeLC.TASK_BACK.getValue() + "','" + CodeAllCodeLC.OBSOLETED.getValue())
- );
- existIds.addAll(Optional.ofNullable(codeAllCodeList).orElseGet(() -> new ArrayList<>()).stream().map(s -> {
- String id = s.getId();
- if (StringUtils.isBlank(id)) {
- id = s.getId();
- }
- return id;
- }).collect(Collectors.toList()));
+ wrapper.notIn(CodeAllCode::getId, cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0]));
});
+ wrapper.notIn(CodeAllCode::getLcStatus, CodeAllCodeLC.TASK_BACK.getValue() + "','" + CodeAllCodeLC.OBSOLETED.getValue());
+ List<CodeAllCode> codeAllCodeList = codeAllCodeService.selectByWrapper(wrapper);
+ existIds.addAll(Optional.ofNullable(codeAllCodeList).orElseGet(() -> new ArrayList<>()).stream().map(s -> {
+ String id = s.getId();
+ if (StringUtils.isBlank(id)) {
+ id = s.getId();
+ }
+ return id;
+ }).collect(Collectors.toList()));
List<String> existIdCbos = thisCbos.stream().filter(s -> {
String id = s.getId();
if (StringUtils.isBlank(id)) {
@@ -3372,10 +3376,16 @@
private void getCodeOrderDTOs(CodeClassifyVO codeClassifyVO, CodeClassifyTemplateVO templateVO, Map<String, RowDatas> codeDataMap, Map<String, ClientBusinessObject> codeSystemObjectMap, List<CodeOrderDTO> codeOrderDTOList, Map<String, String> errorMap, boolean isCodeOrGroupCode) {
codeSystemObjectMap.keySet().forEach(code -> {
ClientBusinessObject sysDataObject = codeSystemObjectMap.get(code);
- if (isCodeOrGroupCode) {
- code = sysDataObject.getAttributeValue("GROUPCODE");
+ /*if (isCodeOrGroupCode) {
+ // code = sysDataObject.getAttributeValue("GROUPCODE");
if (StringUtils.isBlank(code)) {
code = sysDataObject.getId();
+ }
+ }*/
+ if(isCodeOrGroupCode){
+ String groupCode=sysDataObject.getAttributeValue("GROUPCODE");
+ if(codeDataMap.containsKey(groupCode)){
+ code=groupCode;
}
}
CodeOrderDTO orderDTO = new CodeOrderDTO();
@@ -4117,7 +4127,8 @@
StringBuffer sb = new StringBuffer();
sb.append(" select id from ");
sb.append(finalTableName);
- sb.append(" where 1=1 ");
+ //sb.append(" where 1 = 1");
+ sb.append(" where lastr = 1 and lastv = 1"); //TODO:娑夊強鍒板凡鍗囩増鐨勬暟鎹篃搴旇鎺掗櫎鎺夛紝鍚﹀垯浼氭姤閲�
sb.append(" and id in (");
sb.append(VciBaseUtil.toInSql(cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0])));
sb.append(")");
@@ -4456,7 +4467,7 @@
if (Func.isNotEmpty(codeSynonymMaps)) {
codeSynonymMaps.keySet().stream().forEach(item -> {
synonymResString.append(item);
- synonymResString.append("锛�");
+ synonymResString.append(",");
});
}
resultVO.setSynonymRuleInfo(Func.isEmpty(codeSynonymMaps) ? "" : String.format("浠ヤ笅[%s]琚缃簡杩戜箟璇嶆煡璇㈣鍒欑殑鍏抽敭灞炴��,涓嚭鐜颁簡閲嶅锛�", synonymResString));
@@ -4481,7 +4492,7 @@
// ,鎵�浠ユ殏鏃跺皢parallelStream鏀规垚浜唖tream锛屾敼鎴愪簡stream涔嬪悗鍙戠幇宸ㄦ參
// customForkJoinPool鎺у埗骞跺彂搴�
final List<ClientBusinessObject> finalCboList = cboList;
- Map<String, List<CodeSynonym>> finalCodeSynonymMaps = codeSynonymMaps;
+ final Map<String, List<CodeSynonym>> finalCodeSynonymMaps = codeSynonymMaps;
List<ClientBusinessObject> repeatDataMap = (List<ClientBusinessObject>) customForkJoinPool.submit(() -> {
finalCboList.parallelStream().filter(cbo -> {
//姣忚閮藉緱鏌ヨ.濡傛灉鍏朵腑鍑虹幇浜嗛敊璇紝鎴戜滑灏辩洿鎺ユ姏鍑哄紓甯革紝鍏朵綑鐨勬樉绀�
@@ -4950,7 +4961,7 @@
}
}
- /******
+ /**
* 鏍规嵁缂栫爜瑙勫垯缂撳瓨鏁版嵁
* @param uuid
* @param codeImprotDataVOs
@@ -4994,7 +5005,7 @@
});
}
- /****
+ /**
* 鏁版嵁鐩镐技椤规暟鎹牎楠宺edis缂撳瓨
* @param codeClassifyOid
* @param templateVO
--
Gitblit v1.9.3