Skip to content

A
amos-boot-biz
Commit 32b85432 authored by zhangsen's avatar zhangsen
Browse files
Options

漏洞文件漏洞修改 - 随机数安全性

parent 99007a37
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 26 deletions
amos-boot-biz-common/src/main/java/com/yeejoin/amos/boot/biz/common/utils/SecureRandomUtil.java
View file @ 32b85432
package com.yeejoin.amos.boot.biz.common.utils; package com.yeejoin.amos.boot.biz.common.utils;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Random;
public class SecureRandomUtil { public class SecureRandomUtil {
public static int getIntSecureRandom(Integer bound) { public static int getIntSecureRandom(Integer bound) {
...@@ -17,14 +16,4 @@ public class SecureRandomUtil { ...@@ -17,14 +16,4 @@ public class SecureRandomUtil {
public static int getIntSecureRandom(Integer bound, SecureRandom secureRandom) { public static int getIntSecureRandom(Integer bound, SecureRandom secureRandom) {
return secureRandom.nextInt(bound); return secureRandom.nextInt(bound);
} }
public static void main(String[] args) {
SecureRandom secureRandom = new SecureRandom();
System.out.println((secureRandom.nextDouble() * 9 + 1) * 100000 + "-----");
Random random = new Random();
System.out.println((Math.random() * 9 + 1) * 100000);
System.out.println((int) (secureRandom.nextDouble() * 900 + 100));
}
} }
amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/RandomUtil.java
View file @ 32b85432
...@@ -5,11 +5,8 @@ import com.yeejoin.amos.boot.biz.common.utils.SecureRandomUtil; ...@@ -5,11 +5,8 @@ import com.yeejoin.amos.boot.biz.common.utils.SecureRandomUtil;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.Date;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
public class RandomUtil { public class RandomUtil {
private static ThreadLocalRandom threadLocalRandom;
public static String buildOrderNo() { public static String buildOrderNo() {
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss"); SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
...@@ -33,14 +30,12 @@ public class RandomUtil { ...@@ -33,14 +30,12 @@ public class RandomUtil {
* @Date 2020/12/18 11:49 * @Date 2020/12/18 11:49
*/ */
public static String buildNo(String resourceType, String companyCode) { public static String buildNo(String resourceType, String companyCode) {
threadLocalRandom = ThreadLocalRandom.current(); int intSecureRandom = SecureRandomUtil.getIntSecureRandom(9999 - 1000) + 1000;
int num = threadLocalRandom.nextInt(1000, 9999); return resourceType + companyCode + intSecureRandom;
return resourceType + companyCode + num;
} }
public static String buildNo() { public static String buildNo() {
threadLocalRandom = ThreadLocalRandom.current(); int num = SecureRandomUtil.getIntSecureRandom(9999 - 1000) + 1000;
int num = threadLocalRandom.nextInt(1000, 9999);
return String.valueOf(num); return String.valueOf(num);
} }
} }
amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/controller/EquipmentDetailController.java
View file @ 32b85432
...@@ -651,12 +651,12 @@ public class EquipmentDetailController extends AbstractBaseController { ...@@ -651,12 +651,12 @@ public class EquipmentDetailController extends AbstractBaseController {
// List<EquipmentDetailDownloadTemplateVO> equipmentDetailDownloadS = ExcelUtils.importExcel(file, 1, 1, EquipmentDetailDownloadTemplateVO.class); // List<EquipmentDetailDownloadTemplateVO> equipmentDetailDownloadS = ExcelUtils.importExcel(file, 1, 1, EquipmentDetailDownloadTemplateVO.class);
String key=""; String stringUUid="";
try { try {
UUID uuid = UUID.randomUUID(); UUID uuid = UUID.randomUUID();
key= uuid.toString(); stringUUid = uuid.toString();
ExcelEnums excelEnums = null; ExcelEnums excelEnums = null;
if (!enabled){ if (!enabled) {
excelEnums = ExcelEnums.getByKey(ExcelEnums.XFZBSINGLE.getType()); excelEnums = ExcelEnums.getByKey(ExcelEnums.XFZBSINGLE.getType());
}else { }else {
excelEnums = ExcelEnums.getByKey(ExcelEnums.XFZB.getType()); excelEnums = ExcelEnums.getByKey(ExcelEnums.XFZB.getType());
...@@ -664,14 +664,14 @@ public class EquipmentDetailController extends AbstractBaseController { ...@@ -664,14 +664,14 @@ public class EquipmentDetailController extends AbstractBaseController {
ExcelDto excelDto = new ExcelDto(excelEnums.getFileName(), excelEnums.getSheetName(), excelEnums.getClassUrl(), excelEnums.getType()); ExcelDto excelDto = new ExcelDto(excelEnums.getFileName(), excelEnums.getSheetName(), excelEnums.getClassUrl(), excelEnums.getType());
// date= excelService.commonUpload(file, excelDto, getSelectedOrgInfo(), getUserInfo()); // date= excelService.commonUpload(file, excelDto, getSelectedOrgInfo(), getUserInfo());
EquipmentDetailController controllerProxy1 = SpringUtils.getBean(EquipmentDetailController.class); EquipmentDetailController controllerProxy1 = SpringUtils.getBean(EquipmentDetailController.class);
controllerProxy1.commonUpload(file, excelDto,key, getSelectedOrgInfo(), getUserInfo()); controllerProxy1.commonUpload(file, excelDto, stringUUid, getSelectedOrgInfo(), getUserInfo());
EquipmentDetailController controllerProxy = SpringUtils.getBean(EquipmentDetailController.class); EquipmentDetailController controllerProxy = SpringUtils.getBean(EquipmentDetailController.class);
controllerProxy.refreshAllCount(); controllerProxy.refreshAllCount();
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
throw new BadRequest(e.getMessage()); throw new BadRequest(e.getMessage());
} }
return ResponseHelper.buildResponse(key); return ResponseHelper.buildResponse(stringUUid);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment