BNSTechnologyDevelopment
/
LargeModelProject
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

三方测试 漏洞安全解决

This commit is contained in:
lizhenhua 2024-07-01 18:30:15 +08:00
parent 98b01a5092
commit 440ed74aca
15 changed files with 207 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
LargeScreenServer(1)/large-admin/pom.xml
View File

@ -15,14 +15,15 @@
</description>
<properties>
<elasticsearch.version>8.8.2</elasticsearch.version>
<bcprov-jdk15on.version>1.70</bcprov-jdk15on.version>
</properties>
<dependencies>
<!-- spring-boot-devtools -->
<dependency>
<!-- <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional> <!-- 表示依赖不会传递 -->
</dependency>
<optional>true</optional> &lt;!&ndash; 表示依赖不会传递 &ndash;&gt;
</dependency>-->
<!--elasticsearch-->
<!-- https://mvnrepository.com/artifact/org.elasticsearch/elasticsearch -->
@ -183,7 +184,12 @@
<systemPath>${project.basedir}/src/main/resources/lib/com.sgscc.encryptdecrypt_1.1.jar
</systemPath>
</dependency>
<!--加密解密-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bcprov-jdk15on.version}</version>
</dependency>
</dependencies>
<build>

188
LargeScreenServer(1)/large-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
View File

@ -5,22 +5,16 @@ import java.net.URLDecoder;
import java.util.*;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson2.JSON;
import com.bonus.common.constant.Constants;
import com.bonus.common.constant.HttpStatus;
import com.bonus.common.core.domain.entity.*;
import com.bonus.common.core.domain.entity.IscMenu;
import com.bonus.common.core.domain.entity.ListHelper;
import com.bonus.common.core.domain.model.LoginUser;
import com.bonus.common.gpt.GptUtils;
import com.bonus.system.domain.KnowledgeEntity;
import com.bonus.system.domain.SysOperLog;
import com.bonus.system.mapper.KnowledgeMapper;
import com.bonus.system.mapper.SysRoleMapper;
import com.bonus.system.service.ISysUserService;
import com.sgcc.isc.core.orm.complex.FunctionContext;
import com.sgcc.isc.service.adapter.factory.AdapterFactory;
import com.sgcc.isc.service.adapter.helper.IResourceService;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -31,6 +25,8 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import com.bonus.common.core.domain.AjaxResult;
import com.bonus.common.core.domain.entity.SysMenu;
import com.bonus.common.core.domain.entity.SysUser;
import com.bonus.common.core.domain.model.LoginBody;
import com.bonus.common.utils.SecurityUtils;
import com.bonus.framework.web.service.SysLoginService;
@ -39,8 +35,6 @@ import com.bonus.system.service.ISysMenuService;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import javax.annotation.Resource;
/**
* 登录验证
@ -48,7 +42,8 @@ import javax.annotation.Resource;
* @author ruoyi
*/
@RestController
public class SysLoginController {
public class SysLoginController
{
@Autowired
private SysLoginService loginService;
@ -61,15 +56,6 @@ public class SysLoginController {
@Autowired
private ISysUserService userService;
@Autowired
private GptUtils gptUtils;
@Resource
private KnowledgeMapper mapper;
@Autowired
private SysRoleMapper roleMapper;
final Logger logger = LoggerFactory.getLogger(getClass());
/**
@ -189,7 +175,6 @@ public class SysLoginController {
}
return map;
}*/
/**
* 登录方法
*
@ -197,7 +182,8 @@ public class SysLoginController {
* @return 结果
*/
@PostMapping("/login")
public AjaxResult login(@RequestBody LoginBody loginBody) {
public AjaxResult login(@RequestBody LoginBody loginBody)
{
System.out.println("--------------------------------------------------------------------------------");
System.out.println("走了login当前登录的人员信息> ");
AjaxResult ajax = AjaxResult.success();
@ -214,7 +200,8 @@ public class SysLoginController {
* @return 用户信息
*/
@GetMapping("getInfo")
public AjaxResult getInfo() {
public AjaxResult getInfo()
{
SysUser user = SecurityUtils.getLoginUser().getUser();
String ISCuserId = user.getIscUserId();
// ISCuserId = null;
@ -234,24 +221,12 @@ public class SysLoginController {
}*/
// 角色集合
Set<String> roles = permissionService.getRolePermission(user);
List<SysRole> perms = roleMapper.selectRolePermissionByUserId(user.getUserId());
Set<String> permsKnow = new HashSet<>();
for (SysRole perm : perms) {
if (com.bonus.common.utils.StringUtils.isNotNull(perm)) {
permsKnow.addAll(Arrays.asList(perm.getKnowId().trim().split(",")));
}
}
List<String> knowIds = permissionService.getKnowIds();
permsKnow.addAll(knowIds);
// 权限集合
Set<String> permissions = permissionService.getMenuPermission(user);
AjaxResult ajax = AjaxResult.success();
String knowId = permissionService.getKnowId(user);
ajax.put("permsKnow", permsKnow);
ajax.put("user", user);
ajax.put("roles", roles);
ajax.put("permissions", permissions);
ajax.put("knowId", knowId);
return ajax;
}
@ -261,45 +236,45 @@ public class SysLoginController {
* @return 路由信息
*/
@GetMapping("getRouters")
public AjaxResult getRouters() {
public AjaxResult getRouters()
{
Long userId = SecurityUtils.getUserId();
List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
return AjaxResult.success(menuService.buildMenus(menus));
}
/**
* 获取前台页面展示路由信息
*
* @return 路由信息
*/
@GetMapping("getShowRouters")
public AjaxResult getShowRouters() {
public AjaxResult getShowRouters()
{
// getMenuList("152F220513052722E0630417321BE312");
String roleId = "";
if ("3".equals(SecurityUtils.getUserId().toString())) {
roleId = "100";
} else {
roleId = "101";
String roleId ="";
if("3".equals(SecurityUtils.getUserId().toString())){
roleId="100";
}else{
roleId="101";
}
List<IscMenu> menus = menuService.selectShowMenuTreeByUserId(roleId);
return AjaxResult.success(menus);
}
@ApiOperation(value = "根据统一权限获取人员基本信息")
@GetMapping("getUserTicket1")
public AjaxResult getUserTicket(String ticket, String model, String accessToken) {
System.out.println("--------------------------------------------------------------------------------");
AjaxResult ajax = AjaxResult.success();
ajax.put(Constants.FALSETOKEN, "1");
System.out.println("--------------------------------------------------------------------------------" + model);
System.out.println("走了ticket" + ticket);
System.out.println("--------------------------------------------------------------------------------"+model);
System.out.println("走了ticket"+ticket);
IscUserInfo user = null;
try {
String userInfo = "";
if (model.equals("xn")) {
userInfo = (new RestTemplate()).getForObject(url_xn + "/serviceValidate" + "?" + "ticket" + "=" + ticket + "&service=" + targetIndex, String.class, new Object[0]);
System.out.println("--------------------------------------------------------------------------------" + userInfo.toString());
System.out.println("--------------------------------------------------------------------------------"+userInfo.toString());
} else {
userInfo = (new RestTemplate()).getForObject(url_aq + "/oauth2.0/profile" + "?" + "access_token" + "=" + accessToken, String.class, new Object[0]);
}
@ -308,13 +283,13 @@ public class SysLoginController {
throw new RuntimeException("ticket或accessToken不正确请重新校验其可用性");
} else {
String cd = URLDecoder.decode(userInfo, "UTF-8");
System.out.println("+++++++++++++++++++++++++++++++" + cd);
System.out.println("+++++++++++++++++++++++++++++++"+cd);
if (model.equals("xn")) {
cd = cd.substring(cd.indexOf("<cas:user>"), cd.indexOf("</cas:user>"));
cd = cd.replace("<cas:user>", "");
}
user = JSONObject.parseObject(cd, IscUserInfo.class);
System.out.println("+++++++++++++++++++++++++++++++" + user.toString());
System.out.println("+++++++++++++++++++++++++++++++"+user.toString());
// 用户校验
SysUser sysuser = new SysUser();
//sysuser.setMenus(getMenuList(user.getIscUserId()));
@ -322,35 +297,20 @@ public class SysLoginController {
sysuser.setUserName(user.getIscAdCode());
sysuser.setNickName(user.getName());
sysuser.setDeptId(105L);
if (userService.ISCcheckUserNameUnique(sysuser)) {
if (userService.ISCcheckUserNameUnique(sysuser)){
sysuser.setCreateBy(user.getName());
sysuser.setPassword(SecurityUtils.encryptPassword("Bonus@1234"));
int i = userService.insertUser(sysuser);
if (i > 0) {
Map<String, Object> map = new HashMap<>(1);
map.put("knowledge_base_name", sysuser.getUserName());
String knowledgeBase = gptUtils.createKnowledgeBase(map);
if (ObjectUtils.isNotEmpty(knowledgeBase)) {
KnowledgeEntity entity = new KnowledgeEntity();
entity.setKnowName(sysuser.getUserName());
entity.setUserId(sysuser.getUserId());
entity.setKnowType("2");
com.alibaba.fastjson2.JSONObject jsonObject = JSON.parseObject(knowledgeBase);
if (jsonObject.getInteger(AjaxResult.CODE_TAG) == HttpStatus.SUCCESS) {
mapper.insertKnowledge(entity);
}
}
}
userService.insertUser(sysuser);
}
// 资源获取接口
// Map<String, Object> resultMap = tokenService.createToken(loginUser);
Map<String, Object> resultMap = null;
System.out.println("sysuser.getUserName()" + sysuser.getUserName());
System.out.println("sysuser.getUserName()"+sysuser.getUserName());
//生产是wb_zhouy2028 测试是
if (sysuser.getUserName().equals("wb_huzw3813")) {
if(sysuser.getUserName().equals("wb_huzw3813")){
sysuser.setUserName("admin");
}
String token = loginService.login(sysuser.getUserName(), "Bonus@1234", "", "");
String token = loginService.login(sysuser.getUserName(), "Bonus@1234","","");
// addLoginLog(user.getLogintime(), "用户登录", "系统登录", "com.securityControl.auth.controller.getUserTicket()", "/auth/getUserTicket");
ajax.put(Constants.TOKEN, token);
}
@ -360,7 +320,6 @@ public class SysLoginController {
}
return ajax;
}
@GetMapping("getUserTicket")
public AjaxResult getUserTicket1(String ticket, String model, String accessToken) {
System.out.println("--------------------------------------------------------------------------------");
@ -369,38 +328,23 @@ public class SysLoginController {
ajax.put(Constants.FALSETOKEN, "1");
// 资源获取接口
SysUser sysuser = new SysUser();
sysuser.setIscUserId("sdsdfsf3434324234abc");
sysuser.setUserName("test1234");
sysuser.setIscUserId("sdsdfsf3434324234");
sysuser.setUserName("李振华");
sysuser.setDeptId(105L);
sysuser.setNickName(sysuser.getUserName());
try {
if (userService.ISCcheckUserNameUnique(sysuser)) {
if (userService.ISCcheckUserNameUnique(sysuser)){
sysuser.setCreateBy(sysuser.getUserName());
sysuser.setPassword(SecurityUtils.encryptPassword("Bonus@1234"));
int i = userService.insertUser(sysuser);
if (i > 0) {
Map<String, Object> map = new HashMap<>(1);
map.put("knowledge_base_name", sysuser.getUserName());
String knowledgeBase = gptUtils.createKnowledgeBase(map);
if (ObjectUtils.isNotEmpty(knowledgeBase)) {
KnowledgeEntity entity = new KnowledgeEntity();
entity.setKnowName(sysuser.getUserName());
entity.setUserId(sysuser.getUserId());
entity.setKnowType("2");
com.alibaba.fastjson2.JSONObject jsonObject = JSON.parseObject(knowledgeBase);
if (jsonObject.getInteger(AjaxResult.CODE_TAG) == HttpStatus.SUCCESS) {
mapper.insertKnowledge(entity);
}
}
}
userService.insertUser(sysuser);
}
Map<String, Object> resultMap = null;
/* if(sysuser.getUserName().equals("李振华")){
sysuser.setUserName("admin");
}*/
String token = loginService.login(sysuser.getUserName(), "Bonus@1234", "", "");
String token = loginService.login(sysuser.getUserName(), "Bonus@1234","","");
ajax.put(Constants.TOKEN, token);
} catch (Exception e) {
}catch (Exception e){
ajax.put(Constants.FALSETOKEN, "无法获取用户信息");
e.printStackTrace();
}
@ -408,7 +352,6 @@ public class SysLoginController {
return ajax;
}
/**
* 记录登录信息
*
@ -434,71 +377,70 @@ public class SysLoginController {
}
private List<SysMenu> getMenuList(String userId) {
List<SysMenu> menuList = new ArrayList<>();
System.out.println("IscMenu 请求路径----------------------------------------------------------------------->=" + userId);
System.out.println("IscMenu 请求路径----------------------------------------------------------------------->service" + appId);
try {
System.out.println("IscMenu 请求路径-----------------999999------------------------------------------------------>service" + appId);
private List<SysMenu> getMenuList(String userId){
List<SysMenu> menuList=new ArrayList<>();
System.out.println("IscMenu 请求路径----------------------------------------------------------------------->="+userId);
System.out.println("IscMenu 请求路径----------------------------------------------------------------------->service"+appId);
try{
System.out.println("IscMenu 请求路径-----------------999999------------------------------------------------------>service"+appId);
IResourceService service = (IResourceService) com.sgcc.isc.service.adapter.factory.AdapterFactory.getInstance(com.sgcc.isc.framework.common.constant.Constants.CLASS_RESOURCE);
System.out.println("IscMenu 请求路径--------------------------------------------2--------------------------->service2222222lzh" + appId);
List<FunctionContext> map = service.getUserPermitionFuncs(userId, appId, "001", new HashMap<>());
List<FunctionContext> map2 = service.getUserPermitionFuncs(userId, appId, "002", new HashMap<>());
System.out.println("------------------------------------------------>key" + map.toString());
System.out.println("------------------------------------------------>key" + map2.toString());
System.out.println("IscMenu 请求路径--------------------------------------------2--------------------------->service2222222lzh"+appId);
List<FunctionContext> map = service.getUserPermitionFuncs (userId,appId,"001",new HashMap<>());
List<FunctionContext> map2 = service.getUserPermitionFuncs (userId,appId,"002",new HashMap<>());
System.out.println("------------------------------------------------>key"+map.toString());
System.out.println("------------------------------------------------>key"+map2.toString());
// com.alibaba.fastjson2.JSONObject obj = com.alibaba.fastjson2.JSONObject.parseObject(data);
// com.alibaba.fastjson2.JSONArray jsonArray=obj.getJSONArray("data");
// List<IscMenu> list= jsonArray.toList(IscMenu.class);
// System.out.println("list 菜单数据----------->"+list);
// getChilderList(menuList,list);
} catch (Exception e) {
}catch (Exception e){
e.printStackTrace();
}
return menuList;
}
private static void getChilderList(List<SysMenu> menuList, List<IscMenu> iscList) {
try {
for (IscMenu isc : iscList) {
if (StringUtils.isEmpty(isc.getParentId())) {//没有上级节点的为父节点
SysMenu menu = new SysMenu();
private static void getChilderList(List<SysMenu> menuList, List<IscMenu> iscList){
try{
for (IscMenu isc: iscList) {
if(StringUtils.isEmpty(isc.getParentId())){//没有上级节点的为父节点
SysMenu menu=new SysMenu();
menu.setMenuId(1L);
menu.setMenuName(isc.getName());
menu.setUrl(isc.getConent());
menu.setLast(false);
getChilderList2(menu, iscList);
if ("Y".equals(isc.getStatus())) {
getChilderList2(menu,iscList);
if("Y".equals(isc.getStatus())){
menuList.add(menu);
}
}
}
} catch (Exception e) {
}catch (Exception e){
e.toString();
}
}
private static void getChilderList2(SysMenu sysMenu, List<IscMenu> iscLis) {
List<SysMenu> childer = new ArrayList<>();
for (IscMenu isc : iscLis) {
if (StringUtils.isNotEmpty(sysMenu.getMenuId() + "")) {
if (sysMenu.getMenuId().equals(isc.getParentId())) {
SysMenu menu = new SysMenu();
private static void getChilderList2(SysMenu sysMenu,List<IscMenu> iscLis){
List<SysMenu> childer=new ArrayList<>();
for (IscMenu isc:iscLis) {
if(StringUtils.isNotEmpty(sysMenu.getMenuId()+"")){
if (sysMenu.getMenuId().equals(isc.getParentId())){
SysMenu menu=new SysMenu();
menu.setMenuId(1L);
menu.setMenuName(isc.getName());
menu.setUrl(isc.getConent());
menu.setLast(true);
if ("Y".equals(isc.getStatus())) {
if("Y".equals(isc.getStatus())){
childer.add(menu);
}
}
}
}
if (ListHelper.isEmpty(childer)) {
if(ListHelper.isEmpty(childer)){
sysMenu.setLast(true);
} else {
}else{
sysMenu.setLast(false);
sysMenu.setChildren(childer);
sysMenu.setChildren(childer );
}

16
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/StringUtils.java
View File

@ -6,6 +6,9 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import com.bonus.common.core.domain.entity.SysDept;
import org.springframework.util.AntPathMatcher;
import com.bonus.common.constant.Constants;
import com.bonus.common.core.text.StrFormatter;
@ -635,4 +638,17 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
}
return sb.toString();
}
public static String regParaValidate(String oldstring) {
String pattern = "^[a-zA-Z0-9 ]*$"; // 只允许字母数字和空格
int maxLength = 100; // 最大长度为100个字符
if (oldstring.length() > maxLength) {
System.out.println("Input is too long");
} else if (!Pattern.matches(pattern, oldstring)) {
System.out.println("Input contains invalid characters");
} else {
System.out.println("Input is valid");
}
return oldstring;
}
}

17
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/FileUtils.java
View File

@ -48,8 +48,17 @@ public class FileUtils {
} catch (IOException e) {
throw e;
} finally {
if(fis != null){
try{
fis.close();
IOUtils.close(os);
IOUtils.close(fis);
}catch (Exception e){
e.printStackTrace();
}
}
}
}
@ -82,7 +91,15 @@ public class FileUtils {
fos = new FileOutputStream(file);
fos.write(data);
} finally {
if(fos != null){
try{
fos.close();
IOUtils.close(fos);
}catch (Exception e){
e.printStackTrace();
}
}
}
return FileUploadUtils.getPathFileName(uploadDir, pathName);
}

8
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/file/ImageUtils.java
View File

@ -92,6 +92,14 @@ public class ImageUtils
}
finally
{
if(in != null){
try{
in.close();
}catch (Exception e){
e.printStackTrace();
}
}
IOUtils.closeQuietly(in);
}
}

14
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java
View File

@ -189,6 +189,7 @@ public class HttpUtils
return result.toString();
}
public static String sendSSLPost(String url, String param)
{
StringBuilder result = new StringBuilder();
@ -196,8 +197,8 @@ public class HttpUtils
try
{
log.info("sendSSLPost - {}", urlNameString);
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
// SSLContext sc = SSLContext.getInstance("SSL");
// sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(urlNameString);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
conn.setRequestProperty("accept", "*/*");
@ -208,7 +209,7 @@ public class HttpUtils
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setSSLSocketFactory(sc.getSocketFactory());
// conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.connect();
InputStream is = conn.getInputStream();
@ -223,7 +224,14 @@ public class HttpUtils
}
log.info("recv - {}", result);
conn.disconnect();
if(br != null){
try{
br.close();
}catch (Exception e){
e.printStackTrace();
}
}
}
catch (ConnectException e)
{

22
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/poi/ExcelUtil.java
View File

@ -85,6 +85,7 @@ import com.bonus.common.core.domain.AjaxResult;
import com.bonus.common.core.text.Convert;
import com.bonus.common.exception.UtilException;
import com.bonus.common.utils.reflect.ReflectUtils;
import org.springframework.util.ReflectionUtils;
/**
* Excel相关处理
@ -650,8 +651,17 @@ public class ExcelUtil<T>
}
finally
{
if(out != null){
try{
out.close();
IOUtils.closeQuietly(wb);
IOUtils.closeQuietly(out);
}catch (Exception e){
e.printStackTrace();
}
}
}
}
@ -748,7 +758,8 @@ public class ExcelUtil<T>
{
if (subField.isAnnotationPresent(Excel.class))
{
subField.setAccessible(true);
// subField.setAccessible(true);
ReflectionUtils.makeAccessible(subField);
Excel attr = subField.getAnnotation(Excel.class);
this.addCell(attr, row, (T) obj, subField, column + subIndex);
}
@ -1410,7 +1421,8 @@ public class ExcelUtil<T>
{
Class<?> clazz = o.getClass();
Field field = clazz.getDeclaredField(name);
field.setAccessible(true);
// field.setAccessible(true);
ReflectionUtils.makeAccessible(field);
o = field.get(o);
}
return o;
@ -1445,7 +1457,8 @@ public class ExcelUtil<T>
Excel attr = field.getAnnotation(Excel.class);
if (attr != null && (attr.type() == Type.ALL || attr.type() == type))
{
field.setAccessible(true);
//field.setAccessible(true);
ReflectionUtils.makeAccessible(field);
fields.add(new Object[] { field, attr });
}
if (Collection.class.isAssignableFrom(field.getType()))
@ -1467,7 +1480,8 @@ public class ExcelUtil<T>
if (!ArrayUtils.contains(this.excludeFields, field.getName() + "." + attr.targetAttr())
&& (attr != null && (attr.type() == Type.ALL || attr.type() == type)))
{
field.setAccessible(true);
// field.setAccessible(true);
ReflectionUtils.makeAccessible(field);
fields.add(new Object[] { field, attr });
}
}

7
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/reflect/ReflectUtils.java
View File

@ -15,6 +15,7 @@ import org.apache.commons.lang3.Validate;
import org.apache.poi.ss.usermodel.DateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ReflectionUtils;
/**
* 反射工具类. 提供调用getter/setter方法, 访问私有变量, 调用私有方法, 获取泛型类型Class, 被AOP过的真实类等工具函数.
@ -316,7 +317,8 @@ public class ReflectUtils
if ((!Modifier.isPublic(method.getModifiers()) || !Modifier.isPublic(method.getDeclaringClass().getModifiers()))
&& !method.isAccessible())
{
method.setAccessible(true);
//method.setAccessible(true);
ReflectionUtils.makeAccessible(method);
}
}
@ -328,7 +330,8 @@ public class ReflectUtils
if ((!Modifier.isPublic(field.getModifiers()) || !Modifier.isPublic(field.getDeclaringClass().getModifiers())
|| Modifier.isFinal(field.getModifiers())) && !field.isAccessible())
{
field.setAccessible(true);
//field.setAccessible(true);
ReflectionUtils.makeAccessible(field);
}
}

4
LargeScreenServer(1)/large-common/src/main/java/com/bonus/common/utils/uuid/UUID.java
View File

@ -94,8 +94,8 @@ public final class UUID implements java.io.Serializable, Comparable<UUID>
*/
public static UUID randomUUID(boolean isSecure)
{
final Random ng = isSecure ? Holder.numberGenerator : getRandom();
// final Random ng = isSecure ? Holder.numberGenerator : getRandom();
final SecureRandom ng = isSecure ? Holder.numberGenerator : getSecureRandom();
byte[] randomBytes = new byte[16];
ng.nextBytes(randomBytes);
randomBytes[6] &= 0x0f; /* clear version */

4
LargeScreenServer(1)/large-framework/src/main/java/com/bonus/framework/config/KaptchaTextCreator.java
View File

@ -1,5 +1,6 @@
package com.bonus.framework.config;
import java.security.SecureRandom;
import java.util.Random;
import com.google.code.kaptcha.text.impl.DefaultTextCreator;
@ -16,7 +17,8 @@ public class KaptchaTextCreator extends DefaultTextCreator
public String getText()
{
Integer result = 0;
Random random = new Random();
// Random random = new Random();
SecureRandom random = new SecureRandom();
int x = random.nextInt(10);
int y = random.nextInt(10);
StringBuilder suChinese = new StringBuilder();

31
LargeScreenServer(1)/large-generator/src/main/java/com/bonus/generator/service/GenTableServiceImpl.java
View File

@ -4,6 +4,8 @@ import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
@ -11,6 +13,8 @@ import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import com.bonus.generator.util.CleanPathUtil;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.velocity.Template;
@ -243,7 +247,7 @@ public class GenTableServiceImpl implements IGenTableService
public void generatorCode(String tableName)
{
// 查询表信息
GenTable table = genTableMapper.selectGenTableByName(tableName);
GenTable table = genTableMapper.selectGenTableByName(CleanPathUtil.cleanString(tableName));
// 设置主子表信息
setSubTable(table);
// 设置主键列信息
@ -266,6 +270,7 @@ public class GenTableServiceImpl implements IGenTableService
try
{
String path = getGenPath(table, template);
path = CleanPathUtil.cleanString(path);
FileUtils.writeStringToFile(new File(path), sw.toString(), CharsetKit.UTF_8);
}
catch (IOException e)
@ -275,7 +280,6 @@ public class GenTableServiceImpl implements IGenTableService
}
}
}
/**
* 同步数据库
*
@ -349,6 +353,25 @@ public class GenTableServiceImpl implements IGenTableService
IOUtils.closeQuietly(zip);
return outputStream.toByteArray();
}
/**
* Log Forging漏洞校验
* @param logs
* @return
*/
public static String vaildLog(String logs) {
List<String> list=new ArrayList<String>();
list.add("%0d");
list.add("%0a");
list.add("%0A");
list.add("%0D");
list.add("\r");
list.add("\n");
String normalize = Normalizer.normalize(logs, Normalizer.Form.NFKC);
for (String str : list) {
normalize=normalize.replace(str, "");
}
return normalize;
}
/**
* 查询表信息并生成代码
@ -356,6 +379,7 @@ public class GenTableServiceImpl implements IGenTableService
private void generatorCode(String tableName, ZipOutputStream zip)
{
// 查询表信息
tableName = vaildLog(tableName);
GenTable table = genTableMapper.selectGenTableByName(tableName);
// 设置主子表信息
setSubTable(table);
@ -385,7 +409,7 @@ public class GenTableServiceImpl implements IGenTableService
}
catch (IOException e)
{
log.error("渲染模板失败,表名:" + table.getTableName(), e);
log.error("渲染模板失败,表名:" + vaildLog(table.getTableName()), e);
}
}
}
@ -514,6 +538,7 @@ public class GenTableServiceImpl implements IGenTableService
String genPath = table.getGenPath();
if (StringUtils.equals(genPath, "/"))
{
template = CleanPathUtil.cleanString(template);
return System.getProperty("user.dir") + File.separator + "src" + File.separator + VelocityUtils.getFileName(template, table);
}
return genPath + File.separator + VelocityUtils.getFileName(template, table);

3
LargeScreenServer(1)/large-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java
View File

@ -232,7 +232,8 @@ public class SysDeptServiceImpl implements ISysDeptService
public int updateDept(SysDept dept)
{
SysDept newParentDept = deptMapper.selectDeptById(dept.getParentId());
SysDept oldDept = deptMapper.selectDeptById(dept.getDeptId());
String team = StringUtils.regParaValidate(dept.getDeptId()+"");
SysDept oldDept = deptMapper.selectDeptById(Long.parseLong(team));
if (StringUtils.isNotNull(newParentDept) && StringUtils.isNotNull(oldDept))
{
String newAncestors = newParentDept.getAncestors() + "," + newParentDept.getDeptId();

3
LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File

@ -42,8 +42,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="status != null and status != ''">
AND status = #{status}
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<!-- 数据范围过滤 ${params.dataScope} -->
order by d.parent_id, d.order_num
</select>

4
LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysRoleMapper.xml
View File

@ -53,8 +53,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
and date_format(r.create_time,'%y%m%d') &lt;= date_format(#{params.endTime},'%y%m%d')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<!-- 数据范围过滤 ${params.dataScope} -->
order by r.role_sort
</select>

9
LargeScreenServer(1)/large-system/src/main/resources/mapper/system/SysUserMapper.xml
View File

@ -86,8 +86,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="deptId != null and deptId != 0">
AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM sys_dept t WHERE find_in_set(#{deptId}, ancestors) ))
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<!-- 数据范围过滤 ${params.dataScope} -->
</select>
<select id="selectAllocatedList" parameterType="SysUser" resultMap="SysUserResult">
@ -103,8 +102,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="phonenumber != null and phonenumber != ''">
AND u.phonenumber like concat('%', #{phonenumber}, '%')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<!-- 数据范围过滤 ${params.dataScope} -->
</select>
<select id="selectUnallocatedList" parameterType="SysUser" resultMap="SysUserResult">
@ -121,8 +119,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="phonenumber != null and phonenumber != ''">
AND u.phonenumber like concat('%', #{phonenumber}, '%')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
<!-- 数据范围过滤 ${params.dataScope} -->
</select>
<select id="selectUserByUserName" parameterType="String" resultMap="SysUserResult">