参考代码检查插件处理阻断漏洞

0175e81f · zhangsen · 4d7aa03a · 0175e81f · 0175e81f · 0175e81f
Commit 0175e81f authored Feb 22, 2023 by zhangsen
8 changed files
--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/CarLonAndLatDataServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/CarLonAndLatDataServiceImpl.java
@@ -8,6 +8,7 @@ import com.yeejoin.equipmanage.common.vo.SpeedAndTimeList;
 import com.yeejoin.equipmanage.service.ICarLonAndLatDataService;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import java.util.ArrayList;
 import java.util.List;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
@@ -28,30 +29,37 @@ public class CarLonAndLatDataServiceImpl implements ICarLonAndLatDataService {
    @Override
    public List<LonAndLatEntityVo> listCarLonAndLat() throws Exception {
        Resource resource = new ClassPathResource("car-history-track-data.xml");
-        BufferedReader br = new BufferedReader(new InputStreamReader(resource.getInputStream()));
+        try (InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream());
-        StringBuffer buffer = new StringBuffer();
+             BufferedReader br = new BufferedReader(inputStreamReader);) {
-        String line = "";
+            StringBuffer buffer = new StringBuffer();
-        while((line = br.readLine())!=null)
+            String line = "";
-        {
+            while((line = br.readLine())!=null)
-            buffer.append(line);
+            {
+                buffer.append(line);
+            }
+            LonAndLatList list = (LonAndLatList) XmlBuilder.xmlStrToObject(LonAndLatList.class, buffer.toString());
+            return list.getDataList();
+        } catch (Exception e) {
+            e.printStackTrace();
        }
-        br.close();
+        return new ArrayList<>();
-        LonAndLatList list = (LonAndLatList) XmlBuilder.xmlStrToObject(LonAndLatList.class, buffer.toString());
-        return list.getDataList();
    }
    @Override
    public List<SpeedAndTimeEntityVo> listCarSpeedAndGround() throws Exception {
        Resource resource = new ClassPathResource("car-history-trend-data.xml");
-        BufferedReader br = new BufferedReader(new InputStreamReader(resource.getInputStream()));
+        try (InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream());
-        StringBuffer buffer = new StringBuffer();
+             BufferedReader br = new BufferedReader(inputStreamReader);) {
-        String line = "";
+            StringBuffer buffer = new StringBuffer();
-        while((line = br.readLine())!=null)
+            String line = "";
-        {
+            while ((line = br.readLine()) != null) {
-            buffer.append(line);
+                buffer.append(line);
+            }
+            SpeedAndTimeList list = (SpeedAndTimeList) XmlBuilder.xmlStrToObject(SpeedAndTimeList.class, buffer.toString());
+            return list.getDataList();
+        } catch (Exception e) {
+            e.printStackTrace();
        }
-        br.close();
+        return new ArrayList<>();
-        SpeedAndTimeList list = (SpeedAndTimeList) XmlBuilder.xmlStrToObject(SpeedAndTimeList.class, buffer.toString());
-        return list.getDataList();
    }
 }
--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FilePatrolReportServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FilePatrolReportServiceImpl.java
@@ -408,16 +408,14 @@ public class FilePatrolReportServiceImpl implements IFirePatrolReportService {
 	public static byte[] file2byte(File file)
 	{
-		try {
+		try (FileInputStream in =new FileInputStream(file);) {
-			FileInputStream in =new FileInputStream(file);
 			//当文件没有结束时，每次读取一个字节显示
-			byte[] data=new byte[in.available()];
+			byte[] data = new byte[in.available()];
 			in.read(data);
-			in.close();
 			return data;
 		} catch (Exception e) {
 			e.printStackTrace();
-			return null;
+			return new byte[0];
 		}
 	}

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FireAutoSysManageReportServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FireAutoSysManageReportServiceImpl.java
@@ -280,16 +280,14 @@ public class FireAutoSysManageReportServiceImpl implements IFireAutoSysManageRep
    }
    public static byte[] file2byte(File file) {
-        try {
+        try (FileInputStream in = new FileInputStream(file);) {
-            FileInputStream in = new FileInputStream(file);
            //当文件没有结束时，每次读取一个字节显示
            byte[] data = new byte[in.available()];
            in.read(data);
-            in.close();
            return data;
        } catch (Exception e) {
            e.printStackTrace();
-            return null;
+            return new byte[0];
        }
    }
 }
--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FireFightingSystemServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/FireFightingSystemServiceImpl.java
@@ -1072,7 +1072,7 @@ public class FireFightingSystemServiceImpl extends ServiceImpl<FireFightingSyste
    public Map<String, Object> integrationPageSysData(String systemCode, Boolean isUpdate) {
        // TODO Auto-generated method stub
        if (!StringUtil.isNotEmpty(SystemTypeEnum.getEnum(systemCode))) {
-            return null;
+            return Collections.emptyMap();
        }
        Map<String, Object> data;
        if (isUpdate) {
@@ -1088,7 +1088,7 @@ public class FireFightingSystemServiceImpl extends ServiceImpl<FireFightingSyste
        if (!ObjectUtils.isEmpty(data)) {
            mqttSendGateway.sendToMqtt(String.format("%s%s", "INTEGRATE_TOPIC/", systemCode), JSON.toJSONString(data));
        }
-        return null;
+        return Collections.emptyMap();
    }
    public Map<String, Object> saveIntegrationPageSysData(String systemCode) {
@@ -1682,11 +1682,9 @@ public class FireFightingSystemServiceImpl extends ServiceImpl<FireFightingSyste
    }
    private static byte[] file2byte(File file) {
-        try {
+        try (FileInputStream in = new FileInputStream(file);) {
-            FileInputStream in = new FileInputStream(file);
            byte[] data = new byte[in.available()];
            in.read(data);
-            in.close();
            return data;
        } catch (Exception e) {
            e.printStackTrace();

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/SocketClient.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/SocketClient.java
@@ -34,9 +34,9 @@ public class SocketClient {
    public void processUdp(int port, int type) throws SocketException {
        if (type < 0) type = 0;
        if (type >= testFilePath.length) type -= 1;
-        DatagramSocket datagramSocket = new DatagramSocket();
-        try {
+        try (DatagramSocket datagramSocket = new DatagramSocket();
-            FileInputStream fis = new FileInputStream(new File("C:\\Users\\DELL\\Desktop\\ffmpeg-4.4-full_build-shared\\bin\\out.pcm"));
+             FileInputStream fis = new FileInputStream(new File("C:\\Users\\DELL\\Desktop\\ffmpeg-4.4-full_build-shared\\bin\\out.pcm"));) {
            byte[] b = new byte[1280];
            int len;
            while ((len = fis.read(b)) > 0) {
@@ -57,11 +57,10 @@ public class SocketClient {
        if (type < 0) type = 0;
        if (type >= testFilePath.length) type -= 1;
-        Socket socket = new Socket();
+        try (Socket socket = new Socket();
-        try {
+             FileInputStream fis = new FileInputStream(new File(testFilePath[type]));) {
            socket.connect(new InetSocketAddress(InetAddress.getLocalHost().getHostAddress(), port));
            OutputStream outputStream = socket.getOutputStream();
-            FileInputStream fis = new FileInputStream(new File(testFilePath[type]));
            byte[] b = new byte[4096];
            int len;
            while ((len = fis.read(b)) > 0) {

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/util/SpeechTranscriberDemo.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-jcs-biz/src/main/java/com/yeejoin/amos/boot/module/jcs/biz/audioToText/util/SpeechTranscriberDemo.java
@@ -125,7 +125,9 @@ public class SpeechTranscriberDemo {
    public void process(String filepath) {
        SpeechTranscriber transcriber = null;
-        try {
+        File file = new File(filepath);
+        try (FileInputStream fis = new FileInputStream(file);
+             DatagramSocket datagramSocket = new DatagramSocket();) {
            //创建实例、建立连接。
            transcriber = new SpeechTranscriber(client, getTranscriberListener());
            transcriber.setAppKey("89KKwpGXXN37Pn1G");
@@ -164,12 +166,9 @@ public class SpeechTranscriberDemo {
            //此方法将以上参数设置序列化为JSON发送给服务端，并等待服务端确认。
            transcriber.start();
-            File file = new File(filepath);
-            FileInputStream fis = new FileInputStream(file);
            byte[] b = new byte[320];
            int len;
-            DatagramSocket datagramSocket = new DatagramSocket();
            while ((len = fis.read(b)) > 0) {
             //   logger.info("send data pack length: " + len);
                datagramSocket.send(new DatagramPacket(b, b.length, InetAddress.getLocalHost(), 25000));

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/FileHelper.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/FileHelper.java
@@ -41,6 +41,7 @@ import java.net.URLEncoder;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channel;
 import java.nio.channels.FileChannel;
+import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
@@ -98,20 +99,10 @@ public class FileHelper {
   * @return
   */
  public static boolean isWord2003(File file) {
-    InputStream is = null;
+    try (InputStream is = new FileInputStream(file);
-    try {
+         HWPFDocument hwpfDocument = new HWPFDocument(is);) {
-      is = new FileInputStream(file);
-      new HWPFDocument(is);
    } catch (Exception e) {
      return false;
-    } finally {
-      try {
-        if (null != is) {
-          is.close();
-        }
-      } catch (IOException e) {
-        e.printStackTrace();
-      }
    }
    return true;
  }
@@ -141,24 +132,10 @@ public class FileHelper {
   * @return
   */
  public static boolean isPPT2003(File file) {
-    InputStream is = null;
+    try ( InputStream is = new FileInputStream(file);
-    HSLFSlideShow ppt = null;
+          HSLFSlideShow ppt = new HSLFSlideShow(is);) {
-    try {
-      is = new FileInputStream(file);
-      ppt = new HSLFSlideShow(is);
    } catch (Exception e) {
      return false;
-    } finally {
-      try {
-        if (null != is) {
-          is.close();
-        }
-        if (null != ppt) {
-          ppt.close();
-        }
-      } catch (IOException e) {
-        e.printStackTrace();
-      }
    }
    return true;
  }
@@ -170,34 +147,19 @@ public class FileHelper {
   */
  public static StringBuffer readFile(String path) {
    StringBuffer buffer = new StringBuffer();
-    InputStream is = null;
+    File file = new File(path);
-    BufferedReader br = null;
+    if (file.exists()) {
-    try {
+      try (InputStream is = new FileInputStream(file);
-      File file = new File(path);
+           BufferedReader br = new BufferedReader(new InputStreamReader(is))) {
-      if (file.exists()) {
-        is = new FileInputStream(file);
-        br = new BufferedReader(new InputStreamReader(is));
        String content = br.readLine();
        while (null != content) {
          buffer.append(content);
          content = br.readLine();
        }
-      }
-    } catch (Exception e) {
-      e.printStackTrace();
-    } finally {
-      try {
-        if (null != is) {
-          is.close();
-        }
-        if (null != br) {
-          br.close();
-        }
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
    return buffer;
  }
@@ -209,34 +171,20 @@ public class FileHelper {
   */
  public static StringBuffer readFile(String path, String split) {
    StringBuffer buffer = new StringBuffer();
-    InputStream is = null;
+    File file = new File(path);
-    BufferedReader br = null;
+    if (file.exists()) {
-    try {
+      try (InputStream is = new FileInputStream(file);
-      File file = new File(path);
+           BufferedReader br = new BufferedReader(new InputStreamReader(is))) {
-      if (file.exists()) {
-        is = new FileInputStream(file);
-        br = new BufferedReader(new InputStreamReader(is));
        String content = br.readLine();
        while (null != content) {
          buffer.append(content).append(split);
          content = br.readLine();
        }
-      }
-    } catch (Exception exception) {
+      } catch (Exception exception) {
-      exception.printStackTrace();
+        exception.printStackTrace();
-    } finally {
-      try {
-        if (null != is) {
-          is.close();
-        }
-        if (null != br) {
-          br.close();
-        }
-      } catch (Exception exception2) {
-        exception2.printStackTrace();
      }
    }
    return buffer;
  }
@@ -246,28 +194,15 @@ public class FileHelper {
   * @param path 写入内容的文件路径
   */
  public static void writeFile(String content, String path) {
-    OutputStream fos = null;
+    File file = new File(path);
-    BufferedWriter bw = null;
+    try (OutputStream fos = new FileOutputStream(file);
-    try {
+         BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(fos, StandardCharsets.UTF_8))) {
-      File file = new File(path);
      if (!file.getParentFile().exists()) {
        file.getParentFile().mkdirs();
      }
-      fos = new FileOutputStream(file);
-      bw = new BufferedWriter(new OutputStreamWriter(fos, "UTF-8"));
      bw.write(content);
-    } catch (FileNotFoundException fnfe) {
+    } catch (IOException fnfe) {
      fnfe.printStackTrace();
-    } catch (IOException ioe) {
-      ioe.printStackTrace();
-    } finally {
-      try {
-        if (bw != null) {
-          bw.close();
-        }
-      } catch (IOException ioException) {
-        System.err.println(ioException.getMessage());
-      }
    }
  }
@@ -356,11 +291,8 @@ public class FileHelper {
  public static void rmrBlankLines(String inputFile, String outPutFile) throws IOException {
    File htmFile = new File(inputFile);
    // 以GB2312读取文件
-    BufferedReader br = null;
+    try (BufferedReader br = new BufferedReader(new FileReader(htmFile));
-    BufferedWriter bw = null;
+         BufferedWriter bw = new BufferedWriter(new FileWriter(new File(outPutFile)));) {
-    try {
-      br = new BufferedReader(new FileReader(htmFile));
-      bw = new BufferedWriter(new FileWriter(new File(outPutFile)));
      String result = null;
      while (null != (result = br.readLine())) {
        if (!"".equals(result.trim())) {
@@ -369,20 +301,7 @@ public class FileHelper {
      }
    } catch (Exception e) {
      e.printStackTrace();
-    } finally {
-      try {
-        if (null != br) {
-          br.close();
-        }
-        if (null != bw) {
-          bw.close();
-        }
-      } catch (Exception e) {
-      }
    }
  }
  /**
@@ -1258,35 +1177,28 @@ private static void defaultExport(List<Map<String, Object>> list, String fileNam
     * @throws
     */
    public static void getExcel(String url, String fileName, HttpServletResponse response,HttpServletRequest request){
+      //通过文件路径获得File对象
-         try {
+      File file = new File(url);
+      //1.设置文件ContentType类型，这样设置，会自动判断下载文件类型
-            //1.设置文件ContentType类型，这样设置，会自动判断下载文件类型
+      response.setContentType("multipart/form-data");
-            response.setContentType("multipart/form-data");
+      //2.设置文件头：最后一个参数是设置下载文件名
+      try {
-            //2.设置文件头：最后一个参数是设置下载文件名
+        response.setHeader("Content-disposition", "attachment; filename=\""
-            response.setHeader("Content-disposition", "attachment; filename=\""
+                + encodeChineseDownloadFileName(request, fileName+".xls") +"\"");
-                    + encodeChineseDownloadFileName(request, fileName+".xls") +"\"");
+      } catch (UnsupportedEncodingException e) {
+        e.printStackTrace();
+      }
+      try ( FileInputStream in = new FileInputStream(file);
+            OutputStream out = new BufferedOutputStream(response.getOutputStream());) {
 //            response.setHeader("Content-Disposition", "attachment;filename="
 //                    + new String(fileName.getBytes("UTF-8"), "ISO-8859-1") + ".xls"); //中文文件名
-            //通过文件路径获得File对象
-            File file = new File(url);
-            FileInputStream in = new FileInputStream(file);
            //3.通过response获取OutputStream对象(out)
-            OutputStream out = new BufferedOutputStream(response.getOutputStream());
            int b = 0;
            byte[] buffer = new byte[2048];
            while ((b=in.read(buffer)) != -1){
                out.write(buffer,0,b); //4.写到输出流(out)中
            }
-            in.close();
            out.flush();
-            out.close();
        } catch (IOException e) {
            log.error("下载Excel模板异常", e);
        }

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/TikaUtils.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-patrol-biz/src/main/java/com/yeejoin/amos/patrol/business/util/TikaUtils.java
@@ -34,8 +34,7 @@ public class TikaUtils {
  public static String fileToTxt(File file) {
    org.apache.tika.parser.Parser parser = new AutoDetectParser();
-    try {
+    try (InputStream inputStream = new FileInputStream(file);) {
-      InputStream inputStream = new FileInputStream(file);
      DefaultHandler handler = new BodyContentHandler();
      Metadata metadata = new Metadata();
      ParseContext parseContext = new ParseContext();
@@ -45,7 +44,6 @@ public class TikaUtils {
       * for (String string : metadata.names()) {
       * System.out.println(string+":"+metadata.get(string)); }
       */
-      inputStream.close();
      return handler.toString();
    } catch (Exception e) {
      e.printStackTrace();
@@ -58,21 +56,15 @@ public class TikaUtils {
    ContentHandler handler = new ToHTMLContentHandler();
    AutoDetectParser parser = new AutoDetectParser();
    Metadata metadata = new Metadata();
-    InputStream stream = null;
+    try (InputStream stream = new FileInputStream(new File(fileName))) {
-    try {
-      stream = new FileInputStream(new File(fileName));
      parser.parse(stream, handler, metadata);
      FileHelper.writeFile(handler.toString(), outPutFile + ".html");
      FileHelper.parse(outPutFile + ".html");
-      return null;
    } catch (Exception e) {
      e.printStackTrace();
-    } finally {
    }
    return null;
  }