From 9bb1ee8d456d1a6c1149963eeb9c8285844466ef Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期五, 16 一月 2026 17:39:12 +0800
Subject: [PATCH] 文件后缀校验逻辑修改
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyValueController.java | 2
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java | 16 ++++---
Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/CommonConstant.java | 1
Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java | 8 +++
Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/LauncherConstant.java | 12 +++---
Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java | 16 +++++--
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java | 10 +---
7 files changed, 37 insertions(+), 28 deletions(-)
diff --git a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/CommonConstant.java b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/CommonConstant.java
index 32f4448..801934b 100644
--- a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/CommonConstant.java
+++ b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/CommonConstant.java
@@ -93,5 +93,4 @@
*/
Integer API_SCOPE_CATEGORY = 2;
-
}
diff --git a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/LauncherConstant.java b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/LauncherConstant.java
index a17a3b0..03010fc 100644
--- a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/LauncherConstant.java
+++ b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/constant/LauncherConstant.java
@@ -40,20 +40,20 @@
/**
* nacos dev 鍦板潃
*/
- String NACOS_DEV_ADDR = "dev.vci-tech.com:38848";
- //String NACOS_DEV_ADDR = "127.0.0.1:8848";
+ //String NACOS_DEV_ADDR = "dev.vci-tech.com:38848";
+ String NACOS_DEV_ADDR = "127.0.0.1:8848";
/**
* nacos prod 鍦板潃
*/
- String NACOS_PROD_ADDR = "dev.vci-tech.com:38848";
- //String NACOS_PROD_ADDR = "127.0.0.1:8848";
+ //String NACOS_PROD_ADDR = "dev.vci-tech.com:38848";
+ String NACOS_PROD_ADDR = "127.0.0.1:8848";
/**
* nacos test 鍦板潃
*/
- String NACOS_TEST_ADDR = "dev.vci-tech.com:38848";
- //String NACOS_TEST_ADDR = "127.0.0.1:8848";
+ //String NACOS_TEST_ADDR = "dev.vci-tech.com:38848";
+ String NACOS_TEST_ADDR = "127.0.0.1:8848";
/**
* sentinel dev 鍦板潃
diff --git a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
index 96b19cc..aed7e31 100644
--- a/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
+++ b/Source/UBCS/ubcs-common/src/main/java/com/vci/ubcs/common/validator/ComprehensiveFileValidator.java
@@ -21,7 +21,7 @@
/**
* 鏂囦欢鐧藉悕鍗�
*/
- @Value("${app.upload.security.allowed-extensions:jpg,jpeg,png,pdf}")
+ @Value("${app.upload.security.allowed-extensions:xls,xlsx,jar,doc,docx,jpg,jpeg,png,pdf}")
private String allowedExtensionsConfig;
/**
@@ -274,9 +274,13 @@
private boolean contentSecurityValidation(MultipartFile file, UploadValidationResult result) {
// 鍐呭绫诲瀷楠岃瘉
- if (validateContentType && !validateContentType(file)) {
- result.setMessage("鏂囦欢鍐呭绫诲瀷涓嶅尮閰�");
- return false;
+ if (validateContentType) { //閰嶇疆浜嗘牎楠屼綅true
+ //鍚庣紑涓嶅湪鐧藉悕鍗曚腑锛屽苟涓旀枃浠跺唴瀹逛笌绫诲瀷涓嶅尮閰嶇洿鎺ヨ繑鍥�
+ String finalExtension = getFinalExtension(file.getOriginalFilename().toLowerCase());
+ if(!allowedExtensions.contains(finalExtension) && !validateContentType(file)){
+ result.setMessage("鏂囦欢鍐呭绫诲瀷涓嶅尮閰峓鍚庣紑:"+finalExtension+";ContentType:"+file.getContentType()+"]");
+ return false;
+ }
}
// 鏂囦欢澶撮獙璇�
@@ -313,9 +317,11 @@
if (declaredType == null) {
return true; // 娌℃湁澹版槑绫诲瀷锛屾斁杩�
}
-
+ log.info("===========================ContentType: " + declaredType);
// 绠�鍗曠殑绫诲瀷鍖归厤妫�鏌�
String finalExtension = getFinalExtension(file.getOriginalFilename()).toLowerCase();
+ log.info("===========================finalExtension: " + finalExtension);
+
return isContentTypeConsistent(declaredType, finalExtension);
} catch (Exception e) {
log.error("鍐呭绫诲瀷楠岃瘉澶辫触", e);
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyValueController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyValueController.java
index 70092de..5ea3f82 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyValueController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyValueController.java
@@ -43,7 +43,7 @@
*/
@GetMapping("/treeCodeClassifyValue")
public List<Tree> treeCodeClassifyValue(TreeQueryObject treeQueryObject) {
- return codeClassifyValueService.treeCodeClassifyValue(treeQueryObject);
+ return codeClassifyValueService.treeCodeClassifyValue(treeQueryObject);
}
/**
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
index 3c6c37b..33763a5 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
@@ -1,13 +1,12 @@
package com.vci.ubcs.code.service.impl;
-import com.alibaba.fastjson.JSON;
+import com.alibaba.nacos.common.utils.StringUtils;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.vci.ubcs.code.algorithm.CustomSerialEnum;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithm;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithmMethod;
-import com.vci.ubcs.code.dto.CodeCustomSerialDTO;
-import com.alibaba.nacos.common.utils.StringUtils;
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.vci.ubcs.code.bo.CodeClassifyFullInfoBO;
+import com.vci.ubcs.code.dto.CodeCustomSerialDTO;
import com.vci.ubcs.code.dto.CodeOrderSecDTO;
import com.vci.ubcs.code.entity.CodeAllCode;
import com.vci.ubcs.code.entity.CodeClassifyValue;
@@ -41,7 +40,6 @@
import org.springblade.core.secure.BladeUser;
import org.springblade.core.secure.utils.AuthUtil;
import org.springblade.core.tool.utils.Func;
-import org.springblade.core.tool.utils.WebUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
@@ -49,10 +47,8 @@
import org.springframework.util.CollectionUtils;
import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
index 3c11372..aa05bdd 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
@@ -250,7 +250,7 @@
return request;
}
- /***
+ /**
* 鐢宠缂栫爜鎺ュ彛
* @param data 浼犻�掔殑鏁版嵁鍙傛暟
* @param dataType 鏍囪瘑data鏄痻ml鏍煎紡杩樻槸json鏍煎紡锛屾帴鍙h繑鍥炴暟鎹篃鏄寜鐓ц繖涓牸寮忥紝浠ヤ笅鎺ュ彛绫诲悓
@@ -1494,7 +1494,7 @@
errorid ="101";
throw new Throwable("绯荤粺鏍囪瘑涓恒��"+ systemId +"銆戯紝闆嗘垚鍒嗙被涓恒��"+currentCodeClassify[0].getName()+"銆戜互涓婂垎绫伙紝"+sysIntegrationPushTypeEnum.ACCPET_QUERYDATA.getText()+"鎺ュ彛閰嶇疆宸插仠鐢ㄦ垨鑰呮湭閰嶇疆锛岃鑱旂郴缂栫爜绠$悊鍛橈紒");
}
- isCodeOrGroupCode="true".equals(dockingSystemConfig.getIsGroupCodeFlag())?true:false;
+ isCodeOrGroupCode = "true".equals(dockingSystemConfig.getIsGroupCodeFlag());
}
List<CodeClassifyVO> dataCodeClassifyVOList =new ArrayList<>();
String oid= currentCodeClassify[0].getOid();
@@ -2461,24 +2461,26 @@
CodeOrderSecDTO.setSecOid(codeBasicSecVO.getOid());
String sectypeValue = sectionVOMap.get(name);
log.info("鐮佹鍊�:"+sectypeValue);
- // CodeSecTypeEnum secType = CodeSecTypeEnum.forValue(sectype);
+ // CodeSecTypeEnum secType = CodeSecTypeEnum.forValue(sectype);
if(CODE_CLASSIFY_SEC.getValue().equals(sectype)) {//濡傛灉鏄垎绫荤殑璇濓紝鍒欓渶瑕佸尮閰嶄紶杩囨潵鐨勫垎绫讳唬鍙蜂笌
//鍏堢畝绉版槸鍚︽湁鍏宠仈妯℃澘锛屾湁妯℃澘瑕佸厛鍒犻櫎
List<CodeClassifyValue> codeClassifyValueDOList = codeClassifyValueService.list(Wrappers.<CodeClassifyValue>query().lambda().eq(CodeClassifyValue::getCodeClassifySecOid,classifySecOid));
if (!CollectionUtils.isEmpty(codeClassifyValueDOList)) {
Map<String, CodeClassifyValue> codeClassifyValueDOMap = codeClassifyValueDOList.stream().collect(Collectors.toMap(s -> s.getId(), t -> t, (o1, o2) -> o2));
- if(codeClassifyValueDOMap.containsKey(sectypeValue) || nullSymbol.equals(sectypeValue)){
+ if(codeClassifyValueDOMap.containsKey(sectypeValue)){
CodeClassifyValue codeClassifyValue = codeClassifyValueDOMap.get(sectypeValue);
sectypeValue=codeClassifyValue.getOid();
- }else {
- //throw new Throwable("浼犲叆鐨勫垎绫荤爜娈碉細銆�" + name + " 鍊硷細" + sectypeValue + "銆戯紝涓嶇鍚堝綋鍓嶅垎绫诲眰绾т唬鍙�");
+ }else if (nullSymbol.equals(sectypeValue)) {
+ CodeClassifyValue codeClassifyValue = (CodeClassifyValue)codeClassifyValueDOMap
+ .getOrDefault((Object)null, codeClassifyValueDOMap.get(""));
+ sectypeValue = codeClassifyValue.getOid();
+ } else {
message="浼犲叆鐨勫垎绫荤爜娈碉細銆�" + name + " 鍊硷細" + sectypeValue + "銆戯紝涓嶇鍚堝綋鍓嶅垎绫诲眰绾т唬鍙�";
errorMap.put("error",errorMap.getOrDefault("error","")+";"+message);
}
}
}else if(CODE_REFER_SEC.getValue().equals(sectype)){
String referBtmId=codeBasicSecVO.getReferBtmId();
- String btmName=codeBasicSecVO.getReferBtmName();
String referConfig= codeBasicSecVO.getReferConfig();
CoderefersecSearchVO coderefersecSearchVO=new CoderefersecSearchVO();
if(StringUtils.isNotBlank(referConfig)){
diff --git a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
index 676068a..92229f9 100644
--- a/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-deploy/src/main/java/com/vci/ubcs/deploy/service/impl/DeployAppsServiceImpl.java
@@ -102,15 +102,21 @@
String cookie = request.getHeaders("Cookie").nextElement();
// 鍏嶅瘑鐧诲綍鎺ュ彛鍦板潃
String loginUrl = "http://"+pwdFreeAddr+":"+this.getGatewayPort("ubcs-gateway")+"/ubcs-admin/applications";
- log.debug("鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+ log.info("鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+ System.out.println("=================鑾峰彇鏈嶅姟淇℃伅璋冪敤鍦板潃锛�"+loginUrl);
+
// 璇锋眰ubcs-admin鑾峰彇鏈嶅姟淇℃伅
HttpHeaders headers = new HttpHeaders();
ArrayList<MediaType> mediaTypes = new ArrayList<>();
mediaTypes.add(MediaType.APPLICATION_JSON);
headers.set("Authorization","Basic c2FiZXI6c2FiZXJfc2VjcmV0");
headers.set("Blade-Auth",baldeAuth);
+ System.out.println("============Blade-Auth:"+baldeAuth);
headers.set("Cookie",cookie);
+ System.out.println("============Cookie:"+cookie);
+
headers.setAccept(mediaTypes);
+
List<DeployAppsVO> deployAppsVOList = new ArrayList<>();
try {
// 鍙戦�丟ET璇锋眰
--
Gitblit v1.10.0