参考代码检查插件处理阻断漏洞

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/entity/StockDetail.java

@@ -24,7 +24,7 @@ import java.util.Date;
 @Accessors(chain = true)
 @TableName("wl_stock_detail")
 @ApiModel(value = "StockDetail对象", description = "库存明细")
-public class StockDetail extends BaseEntity implements Cloneable {
+public class StockDetail extends BaseEntity {
 
 	private static final long serialVersionUID = 1L;
 
@@ -90,14 +90,4 @@ public class StockDetail extends BaseEntity implements Cloneable {
 
 	@ApiModelProperty(value = "位置信息")
 	private String area;
-
-	@Override
-	public StockDetail clone() {
-		try {
-			return (StockDetail) super.clone();
-		} catch (CloneNotSupportedException e) {
-			e.printStackTrace();
-		}
-		return null;
-	}
 }

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/ChartsUtils.java

@@ -23,12 +23,8 @@ import java.awt.image.BufferedImage;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * @author lisong
@@ -76,6 +72,14 @@ public class ChartsUtils {
             fis.close();
         } catch (Exception e) {
             e.printStackTrace();
+        } finally {
+            if (fis != null) {
+                try {
+                    fis.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
         }
         return fileBytes;
     }

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/ExcelUtil.java

 package com.yeejoin.equipmanage.common.utils;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.poi.hssf.usermodel.HSSFCell;
-import org.apache.poi.hssf.usermodel.HSSFCellStyle;
-import org.apache.poi.hssf.usermodel.HSSFFont;
-import org.apache.poi.hssf.usermodel.HSSFRichTextString;
-import org.apache.poi.hssf.usermodel.HSSFRow;
-import org.apache.poi.hssf.usermodel.HSSFSheet;
-import org.apache.poi.hssf.usermodel.HSSFWorkbook;
-import org.apache.poi.hssf.util.HSSFColor;
-import org.apache.poi.ss.usermodel.BorderStyle;
-import org.apache.poi.ss.usermodel.Cell;
-import org.apache.poi.ss.usermodel.CellStyle;
-import org.apache.poi.ss.usermodel.Font;
-import org.apache.poi.ss.usermodel.HorizontalAlignment;
-import org.apache.poi.ss.usermodel.Row;
-import org.apache.poi.ss.usermodel.Sheet;
-import org.apache.poi.ss.usermodel.VerticalAlignment;
-import org.apache.poi.ss.usermodel.Workbook;
+import org.apache.poi.hssf.usermodel.*;
+import org.apache.poi.ss.usermodel.*;
 import org.apache.poi.ss.util.CellRangeAddress;
 import org.apache.poi.xssf.streaming.SXSSFCell;
 import org.apache.poi.xssf.streaming.SXSSFRow;
@@ -36,6 +9,12 @@ import org.apache.poi.xssf.streaming.SXSSFSheet;
 import org.apache.poi.xssf.streaming.SXSSFWorkbook;
 import org.apache.poi.xssf.usermodel.XSSFWorkbook;
 
+import javax.servlet.http.HttpServletResponse;
+import java.io.*;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
 
 /**
  * 
@@ -105,22 +84,16 @@ public class ExcelUtil
 		}
 		return workbook;
 	}
-	
+
 	public static void createXSSFExcel(String path, String fileName, List<String> headers, List<List<String>> dataList) {
-		try {
-			File file = new File(path);
-			if (!file.isDirectory()) {
-				file.mkdirs();
-			}
-			
-			file = new File(path + "\\" + fileName);
-			XSSFWorkbook workbook;
-			if (!file.exists()) {
-				workbook = new XSSFWorkbook();
-			} else {
-				workbook = new XSSFWorkbook(new FileInputStream(file));
-			}
-			SXSSFWorkbook sxssfWorkbook = new SXSSFWorkbook(workbook, 2000);
+		File file = new File(path + "\\" + fileName);
+		if (!file.isDirectory()) {
+			file.mkdirs();
+		}
+		try (FileInputStream inputStream = new FileInputStream(file);
+			 FileOutputStream out = new FileOutputStream(file);
+			 XSSFWorkbook workbook = file.exists() ? new XSSFWorkbook(inputStream) : new XSSFWorkbook();
+			 SXSSFWorkbook sxssfWorkbook = new SXSSFWorkbook(workbook, 2000)) {
 			int sheetNum = sxssfWorkbook.getNumberOfSheets();
 			if (sheetNum == 0) {
 				sxssfWorkbook.createSheet();
@@ -150,16 +123,13 @@ public class ExcelUtil
 				}
 				fillExcelContent(sheet, sheet.getLastRowNum(), dataList);
 			}
-			FileOutputStream out = new FileOutputStream(file);
 			sxssfWorkbook.write(out);
-			out.close();
-		} catch (FileNotFoundException e) {
-			e.printStackTrace();
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
 	}
 
+
 	public static void fillExcelContent(SXSSFSheet sheet, int lastRowNum, List<List<String>> dataList) {
 		for (int i = 0; i < dataList.size(); i++) {
 			SXSSFRow row = sheet.createRow(lastRowNum + i + 1);
@@ -217,14 +187,14 @@ public class ExcelUtil
 	public static void exportXlSXExcel(
 			HttpServletResponse response, File file, String fileName)
 	{
-		try
+		OutputStream output = null;
+		try (FileInputStream inputStream = new FileInputStream(file))
 		{
 			String name = new String(fileName.getBytes("UTF-8"), "ISO8859_1");
-			OutputStream output = response.getOutputStream();
+			output = response.getOutputStream();
 			response.setHeader("Content-disposition",
 					"attachment; filename=" + name);
 			response.setContentType("application/vnd.ms-excel;charset=utf-8");
-			FileInputStream inputStream = new FileInputStream(file); 
 			int b = 0;  
             byte[] buffer = new byte[1024*10];  
             while (b != -1){  
@@ -232,14 +202,21 @@ public class ExcelUtil
                 if (-1 != b) {
                 	output.write(buffer, 0, b);  
                 }
-            }  
-            inputStream.close();
+            }
 			output.flush();
 			output.close();
 		}
 		catch (IOException e)
 		{
 			e.printStackTrace();
+		} finally {
+			try {
+				if (output != null) {
+					output.close();
+				}
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
 		}
 	}
 
@@ -517,11 +494,17 @@ public class ExcelUtil
 					cell.setCellStyle(style2);
 				}
 			}
+			return workbook;
 		} catch (Exception e) {
 			e.printStackTrace();
 			return null;
+		} finally {
+			try {
+				workbook.close();
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
 		}
-		return workbook;
 	}
 
 	/**

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/FileHelper.java

@@ -10,12 +10,10 @@ import org.apache.commons.io.FileUtils;
 import org.apache.poi.hslf.usermodel.HSLFSlideShow;
 import org.apache.poi.hssf.usermodel.DVConstraint;
 import org.apache.poi.hssf.usermodel.HSSFDataValidation;
-import org.apache.poi.hssf.usermodel.HSSFWorkbook;
 import org.apache.poi.hwpf.HWPFDocument;
 import org.apache.poi.ss.formula.functions.T;
 import org.apache.poi.ss.usermodel.*;
 import org.apache.poi.ss.util.CellRangeAddressList;
-import org.apache.poi.xssf.usermodel.XSSFWorkbook;
 import org.apache.poi.xwpf.usermodel.XWPFDocument;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
@@ -34,6 +32,7 @@ import java.net.URLEncoder;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channel;
 import java.nio.channels.FileChannel;
+import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
@@ -87,20 +86,11 @@ public class FileHelper {
      * @return
      */
     public static boolean isWord2003(File file) {
-        InputStream is = null;
-        try {
-            is = new FileInputStream(file);
-            new HWPFDocument(is);
-        } catch (Exception e) {
+        try (InputStream is = new FileInputStream(file);
+             HWPFDocument hwpfDocument = new HWPFDocument(is)) {
+        } catch (IOException e) {
+            e.printStackTrace();
             return false;
-        } finally {
-            try {
-                if (null != is) {
-                    is.close();
-                }
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
         }
         return true;
     }
@@ -129,24 +119,10 @@ public class FileHelper {
      * @return
      */
     public static boolean isPPT2003(File file) {
-        InputStream is = null;
-        HSLFSlideShow ppt = null;
-        try {
-            is = new FileInputStream(file);
-            ppt = new HSLFSlideShow(is);
+        try(InputStream is = new FileInputStream(file);
+            HSLFSlideShow ppt = new HSLFSlideShow(is);) {
         } catch (Exception e) {
             return false;
-        } finally {
-            try {
-                if (null != is) {
-                    is.close();
-                }
-                if (null != ppt) {
-                    ppt.close();
-                }
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
         }
         return true;
     }
@@ -157,34 +133,19 @@ public class FileHelper {
      */
     public static StringBuffer readFile(String path) {
         StringBuffer buffer = new StringBuffer();
-        InputStream is = null;
-        BufferedReader br = null;
-        try {
-            File file = new File(path);
-            if (file.exists()) {
-                is = new FileInputStream(file);
-                br = new BufferedReader(new InputStreamReader(is));
+        File file = new File(path);
+        if (file.exists()) {
+            try (InputStream is = new FileInputStream(file);
+                 BufferedReader br = new BufferedReader(new InputStreamReader(is));) {
                 String content = br.readLine();
                 while (null != content) {
                     buffer.append(content);
                     content = br.readLine();
                 }
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        } finally {
-            try {
-                if (null != is) {
-                    is.close();
-                }
-                if (null != br) {
-                    br.close();
-                }
             } catch (Exception e) {
                 e.printStackTrace();
             }
         }
-
         return buffer;
     }
 
@@ -197,34 +158,19 @@ public class FileHelper {
      */
     public static StringBuffer readFile(String path, String split) {
         StringBuffer buffer = new StringBuffer();
-        InputStream is = null;
-        BufferedReader br = null;
-        try {
-            File file = new File(path);
-            if (file.exists()) {
-                is = new FileInputStream(file);
-                br = new BufferedReader(new InputStreamReader(is));
+        File file = new File(path);
+        if (file.exists()) {
+            try (InputStream is = new FileInputStream(file);
+                 BufferedReader br = new BufferedReader(new InputStreamReader(is));) {
                 String content = br.readLine();
                 while (null != content) {
                     buffer.append(content).append(split);
                     content = br.readLine();
                 }
-            }
-        } catch (Exception exception) {
-            exception.printStackTrace();
-        } finally {
-            try {
-                if (null != is) {
-                    is.close();
-                }
-                if (null != br) {
-                    br.close();
-                }
-            } catch (Exception exception2) {
-                exception2.printStackTrace();
+            } catch (Exception exception) {
+                exception.printStackTrace();
             }
         }
-
         return buffer;
     }
 
@@ -235,28 +181,15 @@ public class FileHelper {
      * @param path    写入内容的文件路径
      */
     public static void writeFile(String content, String path) {
-        OutputStream fos = null;
-        BufferedWriter bw = null;
-        try {
-            File file = new File(path);
-            if (!file.getParentFile().exists()) {
-                file.getParentFile().mkdirs();
-            }
-            fos = new FileOutputStream(file);
-            bw = new BufferedWriter(new OutputStreamWriter(fos, "UTF-8"));
+        File file = new File(path);
+        if (!file.getParentFile().exists()) {
+            file.getParentFile().mkdirs();
+        }
+        try (OutputStream fos = new FileOutputStream(file);
+             BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(fos, StandardCharsets.UTF_8))) {
             bw.write(content);
-        } catch (FileNotFoundException fnfe) {
+        } catch (IOException fnfe) {
             fnfe.printStackTrace();
-        } catch (IOException ioe) {
-            ioe.printStackTrace();
-        } finally {
-            try {
-                if (bw != null) {
-                    bw.close();
-                }
-            } catch (IOException ioException) {
-                System.err.println(ioException.getMessage());
-            }
         }
     }
 
@@ -346,11 +279,8 @@ public class FileHelper {
     public static void rmrBlankLines(String inputFile, String outPutFile) throws IOException {
         File htmFile = new File(inputFile);
         // 以GB2312读取文件
-        BufferedReader br = null;
-        BufferedWriter bw = null;
-        try {
-            br = new BufferedReader(new FileReader(htmFile));
-            bw = new BufferedWriter(new FileWriter(new File(outPutFile)));
+        try (BufferedReader br = new BufferedReader(new FileReader(htmFile));
+             BufferedWriter bw = new BufferedWriter(new FileWriter(new File(outPutFile)))) {
             String result = null;
             while (null != (result = br.readLine())) {
                 if (!"".equals(result.trim())) {
@@ -359,20 +289,7 @@ public class FileHelper {
             }
         } catch (Exception e) {
             e.printStackTrace();
-        } finally {
-            try {
-                if (null != br) {
-                    br.close();
-                }
-                if (null != bw) {
-                    bw.close();
-                }
-            } catch (Exception e) {
-
-            }
         }
-
-
     }
 
     /**
@@ -1259,34 +1176,31 @@ public class FileHelper {
      */
     public static void getExcel(String url, String fileName, HttpServletResponse response, HttpServletRequest request) {
 
-        try {
-
-            //1.设置文件ContentType类型，这样设置，会自动判断下载文件类型  
-            response.setContentType("multipart/form-data");
+        //1.设置文件ContentType类型，这样设置，会自动判断下载文件类型
+        response.setContentType("multipart/form-data");
 
-            //2.设置文件头：最后一个参数是设置下载文件名  
+        //2.设置文件头：最后一个参数是设置下载文件名
+        try {
             response.setHeader("Content-disposition", "attachment; filename=\""
                     + encodeChineseDownloadFileName(request, fileName + ".xls") + "\"");
-//            response.setHeader("Content-Disposition", "attachment;filename="  
-//                    + new String(fileName.getBytes("UTF-8"), "ISO-8859-1") + ".xls"); //中文文件名
-
-            //通过文件路径获得File对象
-            File file = new File(url);
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        //通过文件路径获得File对象
+        File file = new File(url);
+        try (FileInputStream in = new FileInputStream(file);
+             //3.通过response获取OutputStream对象(out)
+             OutputStream out = new BufferedOutputStream(response.getOutputStream())) {
 
-            FileInputStream in = new FileInputStream(file);
-            //3.通过response获取OutputStream对象(out)  
-            OutputStream out = new BufferedOutputStream(response.getOutputStream());
+//            response.setHeader("Content-Disposition", "attachment;filename="
+//                    + new String(fileName.getBytes("UTF-8"), "ISO-8859-1") + ".xls"); //中文文件名
 
             int b = 0;
             byte[] buffer = new byte[2048];
             while ((b = in.read(buffer)) != -1) {
                 out.write(buffer, 0, b); //4.写到输出流(out)中
             }
-
-            in.close();
             out.flush();
-            out.close();
-
         } catch (IOException e) {
             log.error("下载Excel模板异常", e);
         }

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/FileUtil.java

@@ -31,10 +31,19 @@ public class FileUtil {
         if (!targetFile.exists()) {
             targetFile.mkdirs();
         }
-        FileOutputStream out = new FileOutputStream(filePath + fileName);
-        out.write(file);
-        out.flush();
-        out.close();
+        FileOutputStream out = null;
+        try {
+            out = new FileOutputStream(filePath + fileName);
+            out.write(file);
+            out.flush();
+            out.close();
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            if (null != out) {
+                out.close();
+            }
+        }
     }
 
     /**

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/TikaUtils.java

@@ -34,8 +34,9 @@ public class TikaUtils {
 
   public static String fileToTxt(File file) {
     Parser parser = new AutoDetectParser();
+    InputStream inputStream = null;
     try {
-      InputStream inputStream = new FileInputStream(file);
+      inputStream = new FileInputStream(file);
       DefaultHandler handler = new BodyContentHandler();
       Metadata metadata = new Metadata();
       ParseContext parseContext = new ParseContext();
@@ -49,6 +50,14 @@ public class TikaUtils {
       return handler.toString();
     } catch (Exception e) {
       e.printStackTrace();
+    } finally {
+      try {
+        if (null != inputStream) {
+          inputStream.close();
+        }
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
     }
     return null;
   }
@@ -73,7 +82,7 @@ public class TikaUtils {
 
     }
 
-    return null;
+    return "";
   }
 
 

amos-boot-module/amos-boot-module-api/amos-boot-module-equip-api/src/main/java/com/yeejoin/equipmanage/common/utils/WordTemplateUtils.java

@@ -202,6 +202,12 @@ public class WordTemplateUtils {
             in.close();
         } catch (IOException e) {
             e.printStackTrace();
+        } finally {
+            try {
+                in.close();
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
         }
         BASE64Encoder encoder = new BASE64Encoder();
         return encoder.encode(data);

amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/CarServiceImpl.java

@@ -38,6 +38,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.gavaghan.geodesy.Ellipsoid;
 import org.gavaghan.geodesy.GeodeticCalculator;
 import org.gavaghan.geodesy.GlobalCoordinates;
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Lazy;
@@ -486,12 +487,13 @@ public class CarServiceImpl extends ServiceImpl<CarMapper, Car> implements ICarS
                 stockDetailMapper.updateById(stockDetail);
                 addStockDetailId(stockDetail.getId());
 
-                StockDetail stockDetail_clone = stockDetail.clone();
-                stockDetail_clone.setId(null);
-                stockDetail_clone.setAmount(lossCount);
-                stockDetail_clone.setStatus(EquipStatusEnum.LOSS.getCode().toString());
-                stockDetailMapper.insert(stockDetail_clone);
-                addStockDetailId(stockDetail_clone.getId());
+                StockDetail stockDetailClone = new StockDetail();
+                BeanUtils.copyProperties(stockDetail, stockDetailClone);
+                stockDetailClone.setId(null);
+                stockDetailClone.setAmount(lossCount);
+                stockDetailClone.setStatus(EquipStatusEnum.LOSS.getCode().toString());
+                stockDetailMapper.insert(stockDetailClone);
+                addStockDetailId(stockDetailClone.getId());
                 Stock stock = stockMapper.selectById(stockDetail.getStockId());
                 stock.setAmount(stock.getAmount() - lossCount);
                 stockMapper.updateById(stock);
@@ -501,10 +503,10 @@ public class CarServiceImpl extends ServiceImpl<CarMapper, Car> implements ICarS
                 // 损耗清单详情
                 WastageBillDetail detail = new WastageBillDetail();
                 detail.setAmount(BigDecimal.valueOf(lossCount));
-                detail.setStockDetailId(stockDetail_clone.getId());
+                detail.setStockDetailId(stockDetailClone.getId());
                 detail.setWastageBillId(bill.getId());
                 wastageBillDetailMapper.insert(detail);
-                journalMapper.insert(createJournal(ex, stockDetail_clone.getId(), lossCount));
+                journalMapper.insert(createJournal(ex, stockDetailClone.getId(), lossCount));
                 return 0d;
             } catch (Exception e) {
                 e.printStackTrace();
@@ -604,7 +606,7 @@ public class CarServiceImpl extends ServiceImpl<CarMapper, Car> implements ICarS
                 List<SystemDic> listd = systemDicMapper.selectByMap(columnMap);
                 p.setLossStateId(listd.get(0).getId());
             });
-            lossHandlers.add(p -> this.loss(p));
+            lossHandlers.add(this::loss);
 
             // 同步搜索
             /*
@@ -624,21 +626,21 @@ public class CarServiceImpl extends ServiceImpl<CarMapper, Car> implements ICarS
                 stockDetailMapper.updateById(detail);
                 params.addStockDetailId(r.getStockDetailId());
 
-                StockDetail detail_onCar = null;
-
+                StockDetail detailOnCar = new StockDetail();
+                BeanUtils.copyProperties(detail, detailOnCar);
                 // 新增车载记录
-                detail_onCar = detail.clone();
-                detail_onCar.setId(null);
-                detail_onCar.setAmount(r.getAmount());
-                detail_onCar.setStatus(EquipStatusEnum.ONCAR.getCode().toString());
-                stockDetailMapper.insert(detail_onCar);
-                params.addStockDetailId(detail_onCar.getId());
+//                detail_onCar = detail.clone();
+                detailOnCar.setId(null);
+                detailOnCar.setAmount(r.getAmount());
+                detailOnCar.setStatus(EquipStatusEnum.ONCAR.getCode().toString());
+                stockDetailMapper.insert(detailOnCar);
+                params.addStockDetailId(detailOnCar.getId());
 
                 // 装车
-                extinguishantOnCarMapper.insert(params.create(r, detail_onCar));
+                extinguishantOnCarMapper.insert(params.create(r, detailOnCar));
 
                 // 流水
-                journalMapper.insert(params.createJournal(r, detail_onCar.getId()));
+                journalMapper.insert(params.createJournal(r, detailOnCar.getId()));
 
             });
         } catch (Exception e) {