From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java | 70 ++++++++++++++++++++++------------
1 files changed, 45 insertions(+), 25 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
index 3f64e15..3c6c37b 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
@@ -1,5 +1,6 @@
package com.vci.ubcs.code.service.impl;
+import com.alibaba.fastjson.JSON;
import com.vci.ubcs.code.algorithm.CustomSerialEnum;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithm;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithmMethod;
@@ -24,6 +25,7 @@
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyTemplateVO;
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyVO;
import com.vci.ubcs.code.vo.pagemodel.CodeRuleVO;
+import com.vci.ubcs.omd.cache.EnumCache;
import com.vci.ubcs.starter.exception.VciBaseException;
import com.vci.ubcs.starter.revision.model.BaseModel;
import com.vci.ubcs.starter.util.DefaultAttrAssimtUtil;
@@ -50,6 +52,7 @@
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
@@ -116,7 +119,7 @@
//VciBaseUtil.setCurrentUserSessionInfo(sessionInfo);
String code = cbo.getId();
List<String> serialUnitList = new CopyOnWriteArrayList<>();
- String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
+ //String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
String[] secLengths = cbo.getData().get(CODE_SEC_LENGTH_FIELD).split("#");
cbo.getData().remove(CODE_SEC_LENGTH_FIELD);//灏嗘key闄ゅ幓
cbo.getData().remove(IMPORT_ROW_INDEX);//灏嗘key闄ゅ幓
@@ -135,11 +138,11 @@
//鏈�鍚�
thisSecValue = seclenghStr.contains("#")?code.substring(VciBaseUtil.getInt(secLengths[i-1]),code.length()):code;
}else {*/
- int start = 0;
- for (int j = 0; j < i; j++) {
- start += VciBaseUtil.getInt(secLengths[j]);
- }
- thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
+ int start = 0;
+ for (int j = 0; j < i; j++) {
+ start += VciBaseUtil.getInt(secLengths[j]);
+ }
+ thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
// }
if(VciBaseUtil.getBoolean(secVO.getSerialDependFlag())){
serialUnitList.add(thisSecValue);
@@ -153,7 +156,7 @@
List<String> serialUnFileStringList = new ArrayList<>();
AtomicReference<String> newSerialUnitString = new AtomicReference<>("");
if(!CollectionUtils.isEmpty(serialValueMap)){
- AtomicInteger index= new AtomicInteger();
+ AtomicInteger index = new AtomicInteger();
serialValueMap.forEach((secOid,secValue)->{
//瑕佺湅鏄笉鏄ˉ浣嶇殑
CodeBasicSecVO secVO = secVOMap.get(secOid);
@@ -174,7 +177,7 @@
if(OsCodeFillTypeEnum.NONE.getValue().equalsIgnoreCase(secVO.getCodeFillType())){
//涓嶈ˉ鐮�
//鎶婃墍鏈変笉鏄暟瀛楃殑鍘绘帀锛屽洜涓哄彲鑳戒細鏄�佹暟鎹紝鏂拌鍒�
- // serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
+ //serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
//serialDb = killUnNumberChar(subSecValue);
serialDb=subSecValue;
}else {
@@ -182,21 +185,24 @@
serialDb = killFillChar(subSecValue,secVO.getCodeFillSeparator(),
OsCodeFillTypeEnum.LEFT.getValue().equalsIgnoreCase(secVO.getCodeFillType()));
}
- Double newSerialDb= CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
- HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
- Double maxValue=newSerialDb;
- if(thisUnitMaxMap.containsKey(secOid)){
- String newMaxValue= thisUnitMaxMap.getOrDefault(secOid,"");
- maxValue=StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
- if(maxValue<newSerialDb){
- maxValue=newSerialDb;
+ Double newSerialDb = CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
+ //TODO: 20240822闇�瑕佽繖鍧椾唬鐮佹槸鍚屾鎬х殑锛宮axSerialMap杩欏効浼氬洜涓虹嚎绋嬪彈褰卞搷锛屼慨鏀瑰悗娴嬭瘯澶氭鎬绘暟涓�5000鏉′竴娆″鍏ヨ�楄垂鏃堕棿涓�3鍒�30绉掑乏鍙�
+ synchronized(this) {
+ HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
+ Double maxValue=newSerialDb;
+ if(thisUnitMaxMap.containsKey(secOid)){
+ String newMaxValue = thisUnitMaxMap.getOrDefault(secOid,"");
+ maxValue = StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
+ if(maxValue < newSerialDb){
+ maxValue = newSerialDb;
+ }
}
+ String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
+ serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
+ thisUnitMaxMap.put(secOid,newMaxValue);
+ maxSerialMap.put(serialUnitString,thisUnitMaxMap);
+ serialUnFileStringList.add(String.valueOf(serialDb));
}
- String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
- serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
- thisUnitMaxMap.put(secOid,newMaxValue);
- maxSerialMap.put(serialUnitString,thisUnitMaxMap);
- serialUnFileStringList.add(String.valueOf(serialDb));
});
}
CodeAllCode allCodeDO = new CodeAllCode();
@@ -272,7 +278,6 @@
allCodeWrapper.in("id", QueryOptionConstant.IN + "(" +
VciBaseUtil.toInSql(codeDOs.stream().map(s->s.getId()).collect(Collectors.toList()).toArray(new String[0])) + ")");
List<CodeAllCode> existCodes = codeAllCodeService.selectByWrapper(allCodeWrapper);
-
if(!CollectionUtils.isEmpty(existCodes)){
existCodes.stream().forEach(existCode->{
@@ -360,7 +365,11 @@
List<CodeBasicSecVO> attrSecVOList = new ArrayList<>();
for (int i = 0; i < secVOList.size(); i++) {
CodeBasicSecVO secVO = secVOList.get(i);
- switchSecValue(secVO, secValueMap, classifyFullInfoBO, serialSecVOList, attrSecVOList, serialUnitList, secValueList);
+ try{
+ switchSecValue(secVO, secValueMap, classifyFullInfoBO, serialSecVOList, attrSecVOList, serialUnitList, secValueList);
+ }catch (Exception e){
+ throw new ServiceException("鐮佸�艰浆鎹㈡椂鍑虹幇閿欒锛屽師鍥狅細"+e.getMessage());
+ }
}
//澶勭悊灞炴�х爜娈靛拰娴佹按鐮佹
Map<String/**娴佹按鐮佹鐨勪富閿�**/, Map<String/**娴佹按渚濇嵁**/, String>> lastMaxSerialValueMap = new HashMap<>();
@@ -814,6 +823,12 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ //褰撶爜鍊间负绌烘垨#NaN?鏃跺嵆琛ㄧず浣滀负绌哄瓧绗︿覆杩涜鎷兼帴
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
@@ -884,7 +899,7 @@
case CODE_VARIABLE_SEC:
//鍙彉鐮佹锛屾槸鍦ㄩ〉闈笂杈撳叆鍐呭
if (secValue.length() > VciBaseUtil.getInt(secVO.getCodeSecLength())) {
- throw new VciBaseException("銆恵0}銆戣繖涓爜娈垫槸鍙彉鐮佹锛屼絾鏄幇鍦ㄨ緭鍏ョ殑鐮佸�肩殑闀垮害({1})瓒呰繃浜嗚瀹氱殑闀垮害{2}", new String[]{secVO.getName(), String.valueOf(secValue.length()), secVO.getCodeSecLength()});
+ throw new ServiceException(String.format("銆恵%s}銆戣繖涓爜娈垫槸鍙彉鐮佹锛屼絾鏄幇鍦ㄨ緭鍏ョ殑鐮佸�肩殑闀垮害({%s})瓒呰繃浜嗚瀹氱殑闀垮害{%s}", secVO.getName(), secValue.length(), secVO.getCodeSecLength()));
}
OsCodeFillTypeEnum fillTypeEnum = OsCodeFillTypeEnum.forValue(secVO.getCodeFillType());
secValue = fillString(VciBaseUtil.getInt(secVO.getCodeSecLength()), fillTypeEnum, secValue, secVO.getCodeFillSeparator());
@@ -1215,7 +1230,7 @@
for (int j = 0; j < serialSecVOList.size(); j++) {
CodeBasicSecVO secVO = serialSecVOList.get(j);
if(lastMaxSerialValueMap.containsKey(secVO.getOid())){//姝や负鏈�鍚庨渶瑕佸瓨鍏ユ祦姘翠緷璧栫殑鏈�澶ф祦姘�
- Map<String/**娴佹按渚濇嵁**/, String> serialValueMap= lastMaxSerialValueMap.get(secVO.getOid());
+ Map<String/**娴佹按渚濇嵁**/, String> serialValueMap = lastMaxSerialValueMap.get(secVO.getOid());
serialValueMap.forEach((maxSerialUnitString,serialValue)->{
if(StringUtils.isNotBlank(serialValue)){
serialUnitString.set(maxSerialUnitString);
@@ -1318,6 +1333,11 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
--
Gitblit v1.9.3