From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java | 59 +++++++++++++++++++++++++++++++++++++----------------------
1 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
index f9c3efc..3c6c37b 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
@@ -25,6 +25,7 @@
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyTemplateVO;
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyVO;
import com.vci.ubcs.code.vo.pagemodel.CodeRuleVO;
+import com.vci.ubcs.omd.cache.EnumCache;
import com.vci.ubcs.starter.exception.VciBaseException;
import com.vci.ubcs.starter.revision.model.BaseModel;
import com.vci.ubcs.starter.util.DefaultAttrAssimtUtil;
@@ -51,6 +52,7 @@
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
@@ -117,7 +119,7 @@
//VciBaseUtil.setCurrentUserSessionInfo(sessionInfo);
String code = cbo.getId();
List<String> serialUnitList = new CopyOnWriteArrayList<>();
- String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
+ //String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
String[] secLengths = cbo.getData().get(CODE_SEC_LENGTH_FIELD).split("#");
cbo.getData().remove(CODE_SEC_LENGTH_FIELD);//灏嗘key闄ゅ幓
cbo.getData().remove(IMPORT_ROW_INDEX);//灏嗘key闄ゅ幓
@@ -136,11 +138,11 @@
//鏈�鍚�
thisSecValue = seclenghStr.contains("#")?code.substring(VciBaseUtil.getInt(secLengths[i-1]),code.length()):code;
}else {*/
- int start = 0;
- for (int j = 0; j < i; j++) {
- start += VciBaseUtil.getInt(secLengths[j]);
- }
- thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
+ int start = 0;
+ for (int j = 0; j < i; j++) {
+ start += VciBaseUtil.getInt(secLengths[j]);
+ }
+ thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
// }
if(VciBaseUtil.getBoolean(secVO.getSerialDependFlag())){
serialUnitList.add(thisSecValue);
@@ -154,7 +156,7 @@
List<String> serialUnFileStringList = new ArrayList<>();
AtomicReference<String> newSerialUnitString = new AtomicReference<>("");
if(!CollectionUtils.isEmpty(serialValueMap)){
- AtomicInteger index= new AtomicInteger();
+ AtomicInteger index = new AtomicInteger();
serialValueMap.forEach((secOid,secValue)->{
//瑕佺湅鏄笉鏄ˉ浣嶇殑
CodeBasicSecVO secVO = secVOMap.get(secOid);
@@ -175,7 +177,7 @@
if(OsCodeFillTypeEnum.NONE.getValue().equalsIgnoreCase(secVO.getCodeFillType())){
//涓嶈ˉ鐮�
//鎶婃墍鏈変笉鏄暟瀛楃殑鍘绘帀锛屽洜涓哄彲鑳戒細鏄�佹暟鎹紝鏂拌鍒�
- // serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
+ //serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
//serialDb = killUnNumberChar(subSecValue);
serialDb=subSecValue;
}else {
@@ -183,21 +185,24 @@
serialDb = killFillChar(subSecValue,secVO.getCodeFillSeparator(),
OsCodeFillTypeEnum.LEFT.getValue().equalsIgnoreCase(secVO.getCodeFillType()));
}
- Double newSerialDb= CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
- HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
- Double maxValue=newSerialDb;
- if(thisUnitMaxMap.containsKey(secOid)){
- String newMaxValue= thisUnitMaxMap.getOrDefault(secOid,"");
- maxValue=StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
- if(maxValue<newSerialDb){
- maxValue=newSerialDb;
+ Double newSerialDb = CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
+ //TODO: 20240822闇�瑕佽繖鍧椾唬鐮佹槸鍚屾鎬х殑锛宮axSerialMap杩欏効浼氬洜涓虹嚎绋嬪彈褰卞搷锛屼慨鏀瑰悗娴嬭瘯澶氭鎬绘暟涓�5000鏉′竴娆″鍏ヨ�楄垂鏃堕棿涓�3鍒�30绉掑乏鍙�
+ synchronized(this) {
+ HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
+ Double maxValue=newSerialDb;
+ if(thisUnitMaxMap.containsKey(secOid)){
+ String newMaxValue = thisUnitMaxMap.getOrDefault(secOid,"");
+ maxValue = StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
+ if(maxValue < newSerialDb){
+ maxValue = newSerialDb;
+ }
}
+ String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
+ serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
+ thisUnitMaxMap.put(secOid,newMaxValue);
+ maxSerialMap.put(serialUnitString,thisUnitMaxMap);
+ serialUnFileStringList.add(String.valueOf(serialDb));
}
- String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
- serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
- thisUnitMaxMap.put(secOid,newMaxValue);
- maxSerialMap.put(serialUnitString,thisUnitMaxMap);
- serialUnFileStringList.add(String.valueOf(serialDb));
});
}
CodeAllCode allCodeDO = new CodeAllCode();
@@ -273,7 +278,6 @@
allCodeWrapper.in("id", QueryOptionConstant.IN + "(" +
VciBaseUtil.toInSql(codeDOs.stream().map(s->s.getId()).collect(Collectors.toList()).toArray(new String[0])) + ")");
List<CodeAllCode> existCodes = codeAllCodeService.selectByWrapper(allCodeWrapper);
-
if(!CollectionUtils.isEmpty(existCodes)){
existCodes.stream().forEach(existCode->{
@@ -819,6 +823,12 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ //褰撶爜鍊间负绌烘垨#NaN?鏃跺嵆琛ㄧず浣滀负绌哄瓧绗︿覆杩涜鎷兼帴
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
@@ -1323,6 +1333,11 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
--
Gitblit v1.9.3