From 17925215d37dd97d744c9296b185aeb16d3e44fb Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 20:06:12 +0800
Subject: [PATCH] URL请求路径安全校验

---
 Source/UBCS/ubcs-service/ubcs-applyjtcodeservice/src/main/java/com/vci/ubcs/code/applyjtcodeservice/feigh/MdmInterJtClient.java |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-applyjtcodeservice/src/main/java/com/vci/ubcs/code/applyjtcodeservice/feigh/MdmInterJtClient.java b/Source/UBCS/ubcs-service/ubcs-applyjtcodeservice/src/main/java/com/vci/ubcs/code/applyjtcodeservice/feigh/MdmInterJtClient.java
index 320f739..df1435e 100644
--- a/Source/UBCS/ubcs-service/ubcs-applyjtcodeservice/src/main/java/com/vci/ubcs/code/applyjtcodeservice/feigh/MdmInterJtClient.java
+++ b/Source/UBCS/ubcs-service/ubcs-applyjtcodeservice/src/main/java/com/vci/ubcs/code/applyjtcodeservice/feigh/MdmInterJtClient.java
@@ -15,7 +15,6 @@
 import com.vci.ubcs.starter.util.MdmBtmTypeConstant;
 import com.vci.ubcs.starter.util.SaveLogUtil;
 import com.vci.ubcs.starter.web.util.VciBaseUtil;
-import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.map.CaseInsensitiveMap;
@@ -45,7 +44,10 @@
 public class MdmInterJtClient implements IMdmInterJtClient {
 
 	@Value("${docking.apply.partCode:10}")
-	public String partCode;
+	private String partCode;
+
+	@Value("#{'${docking.apply.jDataBtmNames:wupin}'.split(',')}")
+	private List<String> JDATABTMNAMES;
 
 	/**
 	 * 闆嗗洟鐢宠鍗曟湇鍔�
@@ -197,6 +199,10 @@
 				dockingPreApplyFormList.add(dockingPreApplyForm);
 				String jdataid = dockingPreApplyForm.getDataOid();
 				String jdatabtmname = dockingPreApplyForm.getDataBtmName();
+				// 璺宠繃涓嶉渶瑕佸鐞嗛泦鍥㈣繑鐮佺殑鍒嗙被
+				if(!JDATABTMNAMES.contains(jdatabtmname)){
+					continue;
+				}
 				if (res) {
 					//姝ゅ闇�瑕佹煡璇笟鍔℃暟鎹紝鍘绘洿鏀�
 					R<List<BaseModel>> R = mdmEngineClient.selectByTypeAndOid(jdatabtmname,jdataid);
@@ -249,6 +255,7 @@
 			return R.fail("闆嗗洟鐮侀泦鎴愯祴鍊煎け璐ワ紝鍘熷洜锛�"+e.getMessage());
 		}
 		log.info("鑾峰彇闆嗗洟闆嗗洟鐮侊紝璧嬪�煎埌涓绘暟鎹� end");
+
 		return R.success("闆嗗洟鐮佽祴鍊兼垚鍔�");
 	}
 

--
Gitblit v1.9.3