Skip to content

Y
YeeAmosFireAutoSysRoot
Commit 4bde105b authored by zhangsen's avatar zhangsen
Browse files
Options

漏洞文件漏洞修改 - 流未关闭问题

parent 5b10dbdf
Hide whitespace changes
Inline Side-by-side
Showing with 153 additions and 148 deletions
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/controller/FileController.java
View file @ 4bde105b
......@@ -236,14 +236,40 @@ public class FileController extends BaseController {
}
String htmlContent = (String) processData.get("html");
FileOutputStream fileOutputStream = null;
OutputStreamWriter outputStreamWriter = null;
Writer writer = null;
try {
Writer writer = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlFileName), "UTF-8"));
fileOutputStream = new FileOutputStream(htmlFileName);
outputStreamWriter = new OutputStreamWriter(fileOutputStream, "UTF-8");
writer = new BufferedWriter(outputStreamWriter);
writer.write(htmlContent);
writer.flush();
writer.close();
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
if (null != writer) {
writer.close();
}
} catch (IOException e) {
e.printStackTrace();
}
try {
if (null != outputStreamWriter) {
outputStreamWriter.close();
}
} catch (IOException e) {
e.printStackTrace();
}
try {
if (null != fileOutputStream) {
fileOutputStream.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
String filePath = obj.getString("file");
processData.put("html", "/" + filePath.substring(0, filePath.lastIndexOf(".")) + ".html");
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/util/FileHelper.java
View file @ 4bde105b
......@@ -267,13 +267,15 @@ public class FileHelper {
public static void writeFile(String content, String path) {
OutputStream fos = null;
BufferedWriter bw = null;
OutputStreamWriter outputStreamWriter = null;
try {
File file = new File(path);
if (!file.getParentFile().exists()) {
file.getParentFile().mkdirs();
}
fos = new FileOutputStream(file);
bw = new BufferedWriter(new OutputStreamWriter(fos, "UTF-8"));
outputStreamWriter = new OutputStreamWriter(fos, "UTF-8");
bw = new BufferedWriter(outputStreamWriter);
bw.write(content);
} catch (FileNotFoundException fnfe) {
fnfe.printStackTrace();
......@@ -281,11 +283,17 @@ public class FileHelper {
ioe.printStackTrace();
} finally {
try {
if (bw != null) {
if (null != bw) {
bw.close();
}
} catch (IOException ioException) {
System.err.println(ioException.getMessage());
if (null != fos) {
fos.close();
}
if (null != outputStreamWriter) {
outputStreamWriter.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
......@@ -377,9 +385,12 @@ public class FileHelper {
// 以GB2312读取文件
BufferedReader br = null;
BufferedWriter bw = null;
FileWriter fileWriter = null;
try {
br = new BufferedReader(new FileReader(htmFile));
bw = new BufferedWriter(new FileWriter(new File(outPutFile)));
FileReader fileReader = new FileReader(htmFile);
br = new BufferedReader(fileReader);
fileWriter = new FileWriter(new File(outPutFile));
bw = new BufferedWriter(fileWriter);
String result = null;
while (null != (result = br.readLine())) {
if (!"".equals(result.trim())) {
......@@ -393,11 +404,22 @@ public class FileHelper {
if (null != br) {
br.close();
}
} catch (Exception e) {
e.printStackTrace();
}
try {
if (null != bw) {
bw.close();
}
} catch (Exception e) {
e.printStackTrace();
}
try {
if (null != fileWriter) {
fileWriter.close();
}
} catch (Exception e) {
e.printStackTrace();
}
}
......@@ -578,37 +600,27 @@ public class FileHelper {
}
public static void nioTransferCopy(File source, File target) {
FileChannel in = null;
FileChannel out = null;
FileInputStream inStream = null;
FileOutputStream outStream = null;
try {
inStream = new FileInputStream(source);
outStream = new FileOutputStream(target);
in = inStream.getChannel();
out = outStream.getChannel();
try (
FileInputStream inStream = new FileInputStream(source);
FileOutputStream outStream = new FileOutputStream(target);
FileChannel in = inStream.getChannel();
FileChannel out = outStream.getChannel();
) {
in.transferTo(0, in.size(), out);
} catch (IOException e) {
e.printStackTrace();
} finally {
close(inStream);
close(in);
close(outStream);
close(out);
}
}
private static boolean nioBufferCopy(File source, File target) {
FileChannel in = null;
FileChannel out = null;
FileInputStream inStream = null;
FileOutputStream outStream = null;
try {
inStream = new FileInputStream(source);
outStream = new FileOutputStream(target);
in = inStream.getChannel();
out = outStream.getChannel();
try (
FileInputStream inStream = new FileInputStream(source);
FileOutputStream outStream = new FileOutputStream(target);
FileChannel in = inStream.getChannel();
FileChannel out = outStream.getChannel();
) {
ByteBuffer buffer = ByteBuffer.allocate(4096);
while (in.read(buffer) != -1) {
buffer.flip();
......@@ -618,22 +630,16 @@ public class FileHelper {
} catch (IOException e) {
e.printStackTrace();
return false;
} finally {
close(inStream);
close(in);
close(outStream);
close(out);
}
return true;
}
public static void customBufferStreamCopy(File source, File target) {
InputStream fis = null;
OutputStream fos = null;
try {
fis = new FileInputStream(source);
fos = new FileOutputStream(target);
try (
InputStream fis = new FileInputStream(source);
OutputStream fos = new FileOutputStream(target);
) {
byte[] buf = new byte[4096];
int i;
while ((i = fis.read(buf)) != -1) {
......@@ -641,9 +647,6 @@ public class FileHelper {
}
} catch (Exception e) {
e.printStackTrace();
} finally {
close(fis);
close(fos);
}
}
......@@ -1190,36 +1193,28 @@ public class FileHelper {
* @Title: getExcel
* @Description: 下载指定路径的Excel文件
*/
public static void getExcel(String url, String fileName, HttpServletResponse response, HttpServletRequest request) {
try {
//1.设置文件ContentType类型,这样设置,会自动判断下载文件类型
response.setContentType("multipart/form-data");
//2.设置文件头:最后一个参数是设置下载文件名
response.setHeader("Content-disposition", "attachment; filename=\""
+ encodeChineseDownloadFileName(request, fileName + ".xls") + "\"");
// response.setHeader("Content-Disposition", "attachment;filename="
public static void getExcel(String url, String fileName, HttpServletResponse response, HttpServletRequest request) throws UnsupportedEncodingException {
//1.设置文件ContentType类型,这样设置,会自动判断下载文件类型
response.setContentType("multipart/form-data");
//2.设置文件头:最后一个参数是设置下载文件名
response.setHeader("Content-disposition", "attachment; filename=\""
+ encodeChineseDownloadFileName(request, fileName + ".xls") + "\"");
// response.setHeader("Content-Disposition", "attachment;filename="
// + new String(fileName.getBytes("UTF-8"), "ISO-8859-1") + ".xls"); //中文文件名
//通过文件路径获得File对象
File file = new File(url);
FileInputStream in = new FileInputStream(file);
//3.通过response获取OutputStream对象(out)
OutputStream out = new BufferedOutputStream(response.getOutputStream());
//通过文件路径获得File对象
try (
FileInputStream in = new FileInputStream(new File(url));
//3.通过response获取OutputStream对象(out)
OutputStream out = new BufferedOutputStream(response.getOutputStream());
) {
int b = 0;
byte[] buffer = new byte[2048];
while ((b = in.read(buffer)) != -1) {
out.write(buffer, 0, b); //4.写到输出流(out)中
}
in.close();
out.flush();
out.close();
} catch (IOException e) {
log.error("下载Excel模板异常", e);
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/util/FileUtils.java
View file @ 4bde105b
......@@ -79,33 +79,42 @@ public class FileUtils {
* @return
*/
public static String fileToZip(List<String> list, String fileName, String ipUrl) {
InputStream fis = null;
BufferedInputStream bis = null;
FileOutputStream fos = null;
ZipOutputStream zos = null;
// 临时目录
String path = System.getProperty("java.io.tmpdir") + fileName;
File zipFile = new File(path);
zipFile.deleteOnExit();
try {
File zipFile = new File(path);
zipFile.deleteOnExit();
zipFile.createNewFile();
} catch (IOException e) {
e.printStackTrace();
}
try (
FileOutputStream fos = new FileOutputStream(zipFile);
BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fos);
ZipOutputStream zos = new ZipOutputStream(bufferedOutputStream);
) {
fos = new FileOutputStream(zipFile);
zos = new ZipOutputStream(new BufferedOutputStream(fos));
byte[] bufs = new byte[1024 * 10];
for (String a : list) {
fis = getInputStreamFromURL(ipUrl + a);
String subFileName = new File(ipUrl + a).getName();
//创建ZIP实体,并添加进压缩包
ZipEntry zipEntry = new ZipEntry(subFileName);
zos.putNextEntry(zipEntry);
bis = new BufferedInputStream(fis, 1024 * 10);
int read = 0;
while ((read = bis.read(bufs, 0, 1024 * 10)) != -1) {
zos.write(bufs, 0, read);
try (
InputStream fis = getInputStreamFromURL(ipUrl + a)
) {
assert fis != null;
try (BufferedInputStream bis = new BufferedInputStream(fis, 1024 * 10)
) {
String subFileName = new File(ipUrl + a).getName();
//创建ZIP实体,并添加进压缩包
ZipEntry zipEntry = new ZipEntry(subFileName);
zos.putNextEntry(zipEntry);
int read = 0;
while ((read = bis.read(bufs, 0, 1024 * 10)) != -1) {
zos.write(bufs, 0, read);
}
} catch (IOException e) {
e.printStackTrace();
}
} catch (IOException e) {
e.printStackTrace();
}
}
System.out.println("压缩成功");
......@@ -115,18 +124,6 @@ public class FileUtils {
} catch (IOException e) {
e.printStackTrace();
throw new RuntimeException(e);
} finally {
try {
if (null != bis) {
bis.close();
}
if (null != zos) {
zos.close();
}
} catch (IOException e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
return path;
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/core/util/FileUtil.java
View file @ 4bde105b
......@@ -26,10 +26,15 @@ public class FileUtil {
if (!targetFile.exists()) {
targetFile.mkdirs();
}
FileOutputStream out = new FileOutputStream(filePath + fileName);
out.write(file);
out.flush();
out.close();
try (
FileOutputStream out = new FileOutputStream(filePath + fileName);
) {
out.write(file);
out.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
/**
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/core/util/MyImageExtractor.java
View file @ 4bde105b
......@@ -41,19 +41,11 @@ public class MyImageExtractor implements IImageExtractor {
imagePath = s1 + pre + s2;
File imageFile = new File(baseDir, imagePath);
imageFile.getParentFile().mkdirs();
InputStream in = null;
OutputStream out = null;
try {
in = new ByteArrayInputStream(imageData);
out = new FileOutputStream(imageFile);
try (
InputStream in = new ByteArrayInputStream(imageData);
OutputStream out = new FileOutputStream(imageFile);
) {
IOUtils.copy(in, out);
} finally {
if (in != null) {
IOUtils.closeQuietly(in);
}
if (out != null) {
IOUtils.closeQuietly(out);
}
}
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/core/util/WordConverterUtils.java
View file @ 4bde105b
......@@ -77,7 +77,10 @@ public class WordConverterUtils {
* @param readUrl html中img标签的图片存储路径
*/
private static void docToHtml(File srcFile, File targetFile, String readUrl) {
try {
try (
FileInputStream inputStream = new FileInputStream(srcFile);
HWPFDocument wordDocument = new HWPFDocument(inputStream);
) {
String imagePathStr = srcFile.getParentFile().getAbsolutePath() + imgPath;
File imagePath = new File(imagePathStr);
if (!imagePath.exists()) {
......@@ -85,13 +88,14 @@ public class WordConverterUtils {
}
String srcName = srcFile.getName();
String suffix = srcName.substring(0, srcName.lastIndexOf(".")) + "_";
HWPFDocument wordDocument = new HWPFDocument(new FileInputStream(srcFile));
org.w3c.dom.Document document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
WordToHtmlConverter wordToHtmlConverter = new WordToHtmlConverter(document);
String uri = readUrl + imagePathStr.substring(imagePathStr.indexOf("docs"));
wordToHtmlConverter.setPicturesManager((content, pictureType, name, width, height) -> {
try {
FileOutputStream out = new FileOutputStream(imagePathStr + suffix + name);
try (
FileOutputStream out = new FileOutputStream(imagePathStr + suffix + name);
) {
out.write(content);
return uri + suffix + name;
} catch (Exception e) {
......@@ -122,7 +126,10 @@ public class WordConverterUtils {
* @return
*/
private static String docToHtmlString(File srcFile, String readUrl) {
try {
try (
FileInputStream inputStream = new FileInputStream(srcFile);
HWPFDocument wordDocument = new HWPFDocument(inputStream);
) {
String imagePathStr = srcFile.getParentFile().getAbsolutePath() + imgPath;
File imagePath = new File(imagePathStr);
if (!imagePath.exists()) {
......@@ -130,7 +137,6 @@ public class WordConverterUtils {
}
String srcName = srcFile.getName();
String suffix = srcName.substring(0, srcName.lastIndexOf(".")) + "_";
HWPFDocument wordDocument = new HWPFDocument(new FileInputStream(srcFile));
org.w3c.dom.Document document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
WordToHtmlConverter wordToHtmlConverter = new WordToHtmlConverter(document);
String uri = readUrl + imagePathStr.substring(imagePathStr.indexOf("docs"));
......@@ -156,7 +162,6 @@ public class WordConverterUtils {
serializer.setOutputProperty(OutputKeys.METHOD, "html");
serializer.transform(domSource, streamResult);
return stringWriter.toString();
} catch (Exception e) {
e.printStackTrace();
}
......@@ -180,30 +185,22 @@ public class WordConverterUtils {
}
String temp = srcFile.getName();
String suffix = temp.substring(0, temp.lastIndexOf(".")) + "_";
OutputStreamWriter outputStreamWriter = null;
try {
XWPFDocument document = new XWPFDocument(new FileInputStream(srcFile));
try (
FileInputStream inputStream = new FileInputStream(srcFile);
XWPFDocument document = new XWPFDocument(inputStream);
FileOutputStream fileOutputStream = new FileOutputStream(targetFile);
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(fileOutputStream, "utf-8");
) {
XHTMLOptions options = XHTMLOptions.create();
options.setExtractor(new MyImageExtractor(imagePath, suffix));
String uri = readUrl + imagePathStr.substring(imagePathStr.indexOf("docs"));
System.out.println("uri :" + uri);
options.URIResolver(new MyURIResolver(uri));
outputStreamWriter = new OutputStreamWriter(new FileOutputStream(targetFile), "utf-8");
XHTMLConverter xhtmlConverter = (XHTMLConverter) XHTMLConverter.getInstance();
xhtmlConverter.convert(document, outputStreamWriter, options);
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (outputStreamWriter != null) {
outputStreamWriter.close();
}
} catch (Exception e2) {
e2.printStackTrace();
}
}
}
/**
......@@ -220,9 +217,11 @@ public class WordConverterUtils {
}
String temp = srcFile.getName();
String suffix = temp.substring(0, temp.lastIndexOf(".")) + "_";
OutputStreamWriter outputStreamWriter = null;
try {
XWPFDocument document = new XWPFDocument(new FileInputStream(srcFile));
try (
FileInputStream inputStream = new FileInputStream(srcFile);
XWPFDocument document = new XWPFDocument(inputStream);
)
{
XHTMLOptions options = XHTMLOptions.create();
options.setExtractor(new MyImageExtractor(imagePath, suffix));
String uri = readUrl + imagePathStr.substring(imagePathStr.indexOf("docs"));
......@@ -234,15 +233,6 @@ public class WordConverterUtils {
return stringWriter.toString();
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (outputStreamWriter != null) {
outputStreamWriter.close();
}
} catch (Exception e2) {
e2.printStackTrace();
}
}
return null;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment