Skip to content

Y
YeeAmosFireAutoSysRoot
Commit f2e7f330 authored by zhangsen's avatar zhangsen
Browse files
Options

漏洞文件bug修改

parent dcef3c7c
Hide whitespace changes
Inline Side-by-side
Showing with 183 additions and 91 deletions
YeeAmosFireAutoSysCommon/src/main/java/com/yeejoin/amos/fas/core/common/request/DateUtil.java
View file @ f2e7f330
package com.yeejoin.amos.fas.core.common.request;
import java.security.SecureRandom;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.ParsePosition;
......@@ -1071,8 +1072,10 @@ public class DateUtil {
{
;
}
long day = (date.getTime() - mydate.getTime()) / (24 * 60 * 60 * 1000);
return day;
if (null != date && null != mydate) {
return (date.getTime() - mydate.getTime()) / (24 * 60 * 60 * 1000);
}
return 0;
}
/**
......@@ -1115,7 +1118,7 @@ public class DateUtil {
*/
private static String getRandom(int i)
{
Random jjj = new Random();
SecureRandom jjj = new SecureRandom();
// int suiJiShu = jjj.nextInt(9);
if (i == 0) return "";
String jj = "";
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/controller/FileController.java
View file @ f2e7f330
......@@ -117,9 +117,17 @@ public class FileController extends BaseController {
ResponseUtils.renderText(response, "File not exists!");
return;
}
FileInputStream fis = new FileInputStream(file);
ResponseUtils.downFileByInputStream(file.getName(), fis, response, open);
IOUtils.closeQuietly(fis);
FileInputStream fis = null;
try {
fis = new FileInputStream(file);
ResponseUtils.downFileByInputStream(file.getName(), fis, response, open);
} catch (IOException e) {
} finally {
if (null != fis) {
fis.close();
}
}
}
@Permission
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/controller/PlanVisual3dController.java
View file @ f2e7f330
......@@ -69,6 +69,8 @@ public class PlanVisual3dController extends BaseController {
if (testPlan != null) {
String path = testPlan.getFilePath();
if (path != null && !"".equals(path)) {
FileInputStream inputStream = null;
InputStream fis = null;
try {
// path是指欲下载的文件的路径。
File file = new File(fileUploadDir + path);
......@@ -79,26 +81,40 @@ public class PlanVisual3dController extends BaseController {
String ext = filename.substring(filename.lastIndexOf(".") + 1).toUpperCase();
// 以流的形式下载文件。
InputStream fis = new BufferedInputStream(new FileInputStream(fileUploadDir + path));
byte[] buffer = new byte[fis.available()];
fis.read(buffer);
fis.close();
// 清空response
inputStream = new FileInputStream(fileUploadDir + path);
if (null != inputStream) {
fis = new BufferedInputStream(inputStream);
byte[] buffer = new byte[fis.available()];
fis.read(buffer);
// 清空response
// response.reset();
// 设置response的Header
response.addHeader("Content-Disposition", "attachment;filename=" + new String(filename.getBytes()));
response.addHeader("Content-Length", "" + file.length());
response.setContentType("application/x-download");
OutputStream toClient = new BufferedOutputStream(response.getOutputStream());
response.setContentType("application/octet-stream");
toClient.write(buffer);
toClient.flush();
toClient.close();
// 设置response的Header
response.addHeader("Content-Disposition", "attachment;filename=" + new String(filename.getBytes()));
response.addHeader("Content-Length", "" + file.length());
response.setContentType("application/x-download");
OutputStream toClient = new BufferedOutputStream(response.getOutputStream());
response.setContentType("application/octet-stream");
toClient.write(buffer);
toClient.flush();
toClient.close();
}
} else {
response.setStatus(404);
}
} catch (IOException ex) {
ex.printStackTrace();
} finally {
try {
if (null != inputStream) {
inputStream.close();
}
if (null != fis) {
fis.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
} else {
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/controller/WeatherController.java
View file @ f2e7f330
......@@ -35,6 +35,8 @@ public class WeatherController extends BaseController {
String result = "";
BufferedReader in = null;
BufferedReader responseReader = null;
InputStreamReader res = null;
try {
String urlNameString = weatherUrl + address;
URL realUrl = new URL(urlNameString);
......@@ -55,12 +57,13 @@ public class WeatherController extends BaseController {
StringBuffer sb = new StringBuffer();
String readLine = new String();
GZIPInputStream gZipS=new GZIPInputStream(connection.getInputStream());
InputStreamReader res = new InputStreamReader(gZipS,"UTF-8");
BufferedReader responseReader = new BufferedReader(res);
res = new InputStreamReader(gZipS,"UTF-8");
responseReader = new BufferedReader(res);
while ((readLine = responseReader.readLine()) != null) {
sb.append(readLine);
}
responseReader.close();
result = sb.toString();
System.out.println(result);
......@@ -75,6 +78,12 @@ public class WeatherController extends BaseController {
if (in != null) {
in.close();
}
if (null != responseReader) {
responseReader.close();
}
if (null != res) {
res.close();
}
} catch (Exception e2) {
e2.printStackTrace();
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/service/impl/EquipmentFireEquipmentServiceImpl.java
View file @ f2e7f330
......@@ -161,9 +161,9 @@ public class EquipmentFireEquipmentServiceImpl implements IEquipmentFireEquipmen
}
}
}
if (!CollectionUtils.isEmpty(map)) {
Integer total = Integer.parseInt(map.get("total").toString());
Integer count = Integer.parseInt(map.get("count").toString());
if (null != map &&!CollectionUtils.isEmpty(map)) {
Integer total = Integer.parseInt(map.getOrDefault("total", 0).toString());
Integer count = Integer.parseInt(map.getOrDefault("count", 0).toString());
if (SqlKeyWordEnum.AND.getKey().equalsIgnoreCase(type)) {
return total.equals(count);
} else if (SqlKeyWordEnum.OR.getKey().equalsIgnoreCase(type)) {
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/service/impl/EquipmentServiceImpl.java
View file @ f2e7f330
......@@ -325,7 +325,7 @@ public class EquipmentServiceImpl implements IEquipmentService {
if(date.isPresent()){
equipment2=date.get();
}
equipment.setCreateDate(equipment2.getCreateDate());
equipment.setCreateDate(null != equipment2 ? equipment2.getCreateDate() : new Date());
}
preplanPictureDao.saveAndFlush(pp);
......@@ -369,8 +369,7 @@ public class EquipmentServiceImpl implements IEquipmentService {
if(date.isPresent()){
equipment2=date.get();
}
equipment.setCreateDate(equipment2.getCreateDate() == null ? new Date() : equipment2.getCreateDate());
equipment.setCreateDate(null != equipment2 && null != equipment2.getCreateDate() ? equipment2.getCreateDate() : new Date());
}
} else {
equipment = save(equipment);
......@@ -382,7 +381,7 @@ public class EquipmentServiceImpl implements IEquipmentService {
equipment2=date.get();
}
equipment.setCreateDate(equipment2.getCreateDate() == null ? new Date() : equipment2.getCreateDate());
equipment.setCreateDate(null != equipment2 && null != equipment2.getCreateDate() ? equipment2.getCreateDate() : new Date());
}
Long equipmentId = Long.valueOf(equipment.getId());
for (int i = 0; i < imgs.length; i++) {
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/service/impl/RiskSourceServiceImpl.java
View file @ f2e7f330
......@@ -210,13 +210,15 @@ public class RiskSourceServiceImpl implements IRiskSourceService {
riskSource.setStatus(FasConstant.RISK_SOURCE_STATUS_NORMAL);
riskSource.setCreateDate(new Date());
} else {// 更新
riskSource.setCreateDate(oldRiskSource.getCreateDate());
riskSource.setFmeaList(oldRiskSource.getFmeaList());
riskSource.setIncrement(oldRiskSource.getIncrement());
riskSource.setRpn(oldRiskSource.getRpn());
riskSource.setRpnChangeLogList(oldRiskSource.getRpnChangeLogList());
riskSource.setRpni(oldRiskSource.getRpni());
riskSource.setStatus(oldRiskSource.getStatus());
if (null != oldRiskSource) {
riskSource.setCreateDate(oldRiskSource.getCreateDate());
riskSource.setFmeaList(oldRiskSource.getFmeaList());
riskSource.setIncrement(oldRiskSource.getIncrement());
riskSource.setRpn(oldRiskSource.getRpn());
riskSource.setRpnChangeLogList(oldRiskSource.getRpnChangeLogList());
riskSource.setRpni(oldRiskSource.getRpni());
riskSource.setStatus(oldRiskSource.getStatus());
}
}
iRiskSourceDao.saveAndFlush(riskSource);
return riskSource;
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/util/DesUtil.java
View file @ f2e7f330
......@@ -97,14 +97,20 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
if (null != thirdKeyBt) {
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
}
}
encByte = tempBt;
} else {
......@@ -112,11 +118,15 @@ public class DesUtil {
int[] tempBt;
int x, y;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
encByte = tempBt;
} else {
......@@ -124,8 +134,10 @@ public class DesUtil {
int[] tempBt;
int x = 0;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
encByte = tempBt;
}
......@@ -144,14 +156,20 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
if (null != thirdKeyBt) {
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
}
}
encByte = tempBt;
} else {
......@@ -159,11 +177,15 @@ public class DesUtil {
int[] tempBt;
int x, y;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
encByte = tempBt;
} else {
......@@ -171,8 +193,10 @@ public class DesUtil {
int[] tempBt;
int x;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
encByte = tempBt;
}
......@@ -188,14 +212,20 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
if (null != thirdKeyBt) {
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, (int[]) thirdKeyBt.get(z));
}
}
encByte = tempBt;
} else {
......@@ -203,11 +233,15 @@ public class DesUtil {
int[] tempBt;
int x, y;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, (int[]) secondKeyBt.get(y));
}
}
encByte = tempBt;
} else {
......@@ -215,8 +249,10 @@ public class DesUtil {
int[] tempBt;
int x;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, (int[]) firstKeyBt.get(x));
}
}
encByte = tempBt;
}
......@@ -267,14 +303,20 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = intByte;
for (x = thirdLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) thirdKeyBt.get(x));
if (null != thirdKeyBt) {
for (x = thirdLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) thirdKeyBt.get(x));
}
}
for (y = secondLength - 1; y >= 0; y--) {
tempBt = dec(tempBt, (int[]) secondKeyBt.get(y));
if (null != secondKeyBt) {
for (y = secondLength - 1; y >= 0; y--) {
tempBt = dec(tempBt, (int[]) secondKeyBt.get(y));
}
}
for (z = firstLength - 1; z >= 0; z--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(z));
if (null != firstKeyBt) {
for (z = firstLength - 1; z >= 0; z--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(z));
}
}
decByte = tempBt;
} else {
......@@ -282,11 +324,15 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = intByte;
for (x = secondLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) secondKeyBt.get(x));
if (null != secondKeyBt) {
for (x = secondLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) secondKeyBt.get(x));
}
}
for (y = firstLength - 1; y >= 0; y--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(y));
if (null != firstKeyBt) {
for (y = firstLength - 1; y >= 0; y--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(y));
}
}
decByte = tempBt;
} else {
......@@ -294,8 +340,10 @@ public class DesUtil {
int[] tempBt;
int x, y, z;
tempBt = intByte;
for (x = firstLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(x));
if (null != firstKeyBt) {
for (x = firstLength - 1; x >= 0; x--) {
tempBt = dec(tempBt, (int[]) firstKeyBt.get(x));
}
}
decByte = tempBt;
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/util/FileUtils.java
View file @ f2e7f330
......@@ -62,8 +62,12 @@ public class FileUtils {
} catch (Exception ex) {
ex.printStackTrace();
} finally {
br.close();
out.close();
if (null != br) {
br.close();
}
if (null != out) {
out.close();
}
}
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/business/util/RandomUtil.java
View file @ f2e7f330
package com.yeejoin.amos.fas.business.util;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
......@@ -12,7 +13,7 @@ public class RandomUtil {
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
String newDate = sdf.format(new Date());
String result = "";
Random random = new Random();
SecureRandom random = new SecureRandom();
for (int i = 0; i < 3; i++) {
result += random.nextInt(10);
}
......
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/core/util/DateUtil.java
View file @ f2e7f330
......@@ -401,9 +401,11 @@ public static Time formatStrToTime(String strDate){
d = format.parse(str);
} catch (Exception e) {
e.printStackTrace();
}
Time date = new Time(d.getTime());
return date;
}
if (null != d) {
return new Time(d.getTime());
}
return null;
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment