Skip to content

A
api
Commit 75185be9 by 罗胜
Options

高危漏洞修复

parent bb695cef
Showing with 174 additions and 62 deletions
resources/esdk_ec_config.properties
......@@ -2,10 +2,12 @@
rest.url=http://218.241.234.131:8086
#connection user name
username=esdk_user
username=f387adfd9ac040d78061c890ead8e215
#username=esdk_user
#connection user password
password=Huawei@123
#password=Huawei@123
password=c49bc828b17297f1dbcfd394c7835dc6
#gwIp
gwIp=10.175.1.23
......
resources/jdbc.properties
......@@ -3,8 +3,10 @@ db.table.prefix=foc_
jdbc.type=mysql
jdbc.driver.class=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
jdbc.username=sms_develop
jdbc.password=Develop2018!@#
jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
#jdbc.username=sms_develop
#jdbc.password=Develop2018!@#
jdbc.password=33c9745f057ba48a41d8043f1a007100
#\u521d\u59cb\u5316\u8fde\u63a5
jdbc.initialSize=0
#\u8fde\u63a5\u6c60\u7684\u6700\u5927\u6d3b\u52a8\u4e2a\u6570
......
resources/spring-context.xml
......@@ -39,7 +39,7 @@
<!-- Mybatis START -->
<!-- 数据源配置, 使用Druid 数据库连接池 -->
<bean id="defaultDataSource" class="com.alibaba.druid.pool.DruidDataSource"
<bean id="defaultDataSource" class="com.ejweb.core.conf.DataBaseXml"
init-method="init" destroy-method="close">
<!-- 数据源驱动类可不写,Druid默认会自动根据URL识别DriverClass -->
<property name="driverClassName" value="${jdbc.driver.class}" />
......
src/com/ejweb/core/api/ResponseBean.java
......@@ -30,7 +30,11 @@ public class ResponseBean {
private Object data;
public ResponseBean(){
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String origin = request.getHeader("Origin");
if (StrUtil.contains(origin, "https://ifos.jdair.net/")) {
throw new RuntimeException("接口请求源地址不在规定范围内");
}
}
public String getStatus() {
return status;
......@@ -48,11 +52,7 @@ public class ResponseBean {
return data;
}
public void setData(Object data) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String requestURI = request.getRequestURI();
if (StrUtil.contains(requestURI, "https://ifos.jdair.net/")) {
throw new RuntimeException("接口请求源地址不在规定范围内");
}
this.data = data;
}
public String getCurrent() {
......
src/com/ejweb/core/conf/DataBaseXml.java 0 → 100644
package com.ejweb.core.conf;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.SM2;
import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
import cn.hutool.crypto.symmetric.SymmetricCrypto;
import com.alibaba.druid.pool.DruidDataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.KeyPair;
public class DataBaseXml extends DruidDataSource {
byte[] key =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
/**
* Log4j logger
*/
private final static Logger lg = LoggerFactory.getLogger(DataBaseXml.class);
@Override
public String getUrl() {
return this.jdbcUrl;
}
@Override
public void setUrl(String jdbcUrl) {
this.jdbcUrl = jdbcUrl;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public void setUsername(String username) {
lg.info("数据库【username】解密初始化加载...");
try {
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
username = aes.decryptStr(username, CharsetUtil.CHARSET_UTF_8);
} catch (Exception e) {
lg.error("数据库【username】密文解密失败...");
e.printStackTrace();
}
this.username = username;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public void setPassword(String password) {
lg.info("数据库【password】解密初始化加载...");
try {
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
password = aes.decryptStr(password, CharsetUtil.CHARSET_UTF_8);
} catch (Exception e) {
lg.error("数据库【password】密文解密失败...");
e.printStackTrace();
}
this.password = password;
}
}
src/com/ejweb/core/conf/GConstants.java
package com.ejweb.core.conf;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
import cn.hutool.crypto.symmetric.SymmetricCrypto;
import com.alibaba.druid.util.StringUtils;
import com.ejweb.core.security.DES3Utils;
import org.apache.commons.io.IOUtils;
......@@ -85,7 +88,11 @@ public class GConstants {
public static final String JDAIR_BASE_PARAM = GConstants.getValue("jdair.api.base.param", "");
public static final String JDAIR_SMS_API = GConstants.getValue("jdair.api.sms.url", "http://user.jdair.net/ussinterface/uss/json/mobile/messSend.json?ai.cp=10.68.26.52&ai.cc=5");
private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
// private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
private static final String CONF_DESC_KEY = "9103efb684eb53b3951bb641ef0f353a74d52a439eb4fc90eb507db1d17b81321e10a31633d2fc3c547c3834f4143d1af11e8ac13aa32ae966e94d7ac1a1a33e";
private static byte[] KEY_BYTE =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
public static final String JDBC_DRIVER_CLASS = "jdbc.driver.class";
public static final String JDBC_URL = "jdbc.url";
public static final String JDBC_USERNAME = "jdbc.username";
......@@ -138,7 +145,9 @@ public class GConstants {
try {
String key = (String) enu.nextElement();
String val = (String) P.get(key);
String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) {
P.put(key, decorded);
}
......@@ -184,7 +193,7 @@ public class GConstants {
// 临时文件夹路径
if (P.getProperty("file.upload.dir") != null) {
String pathname = P.getProperty("file.upload.dir") + "tmp";
if (StrUtil.contains(pathname, "<")) {
if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
throw new RuntimeException("临时文件夹路径配置错误");
}
File tmp = new File(pathname);
......@@ -223,7 +232,7 @@ public class GConstants {
String val = getValue(key);
if (val == null)
return want;
if(StrUtil.contains(val, "<")){
if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
return want;
}
return val;
......
src/com/ejweb/core/conf/SecurityPropertyPlaceholderConfigurer.java
......@@ -3,6 +3,9 @@
*/
package com.ejweb.core.conf;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
import cn.hutool.crypto.symmetric.SymmetricCrypto;
import com.ejweb.core.security.DES3Utils;
import com.ejweb.core.util.Util;
import org.springframework.beans.BeansException;
......@@ -20,7 +23,10 @@ import java.util.Properties;
*/
public class SecurityPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
// private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
private static final String CONF_DESC_KEY = "9103efb684eb53b3951bb641ef0f353a74d52a439eb4fc90eb507db1d17b81321e10a31633d2fc3c547c3834f4143d1af11e8ac13aa32ae966e94d7ac1a1a33e";
private static byte[] KEY_BYTE =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
@Override
protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
......@@ -32,7 +38,9 @@ public class SecurityPropertyPlaceholderConfigurer extends PropertyPlaceholderCo
try {
String key = (String) enu.nextElement();
String val = (String) props.get(key);
String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) {
props.put(key, decorded);
}
......
src/com/ejweb/core/file/Html2File.java
......@@ -57,7 +57,7 @@ public class Html2File {
// 待扩展名称的MOD5
String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// 文件保存路径:基本路径+模块名称+日期
String baseDatePath = StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"<","");// FORMAT.format(System.currentTimeMillis());
String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
String basePath = "doc" + GConstants.FS;
// String outputFile =
// baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
......@@ -98,7 +98,7 @@ public class Html2File {
bais = new ByteArrayInputStream(buf);
// String md5 = DigestUtils.md5Hex(buf);
String baseDir=StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"<","");
String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// 上传文件基本地址
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR,
baseDir);
......
src/com/ejweb/core/util/FileManipulation.java
......@@ -104,7 +104,7 @@ public class FileManipulation {
filename= filename.replaceAll("\\.\\./", "");
filename= filename.replaceAll("\\.\\.\\\\", "");
filename= filename.replaceAll("\\.\\.", "");
filename= StrUtil.replace(filename, "<", "");
filename= StrUtil.replace(StrUtil.replace(filename, "../", ""),"..\\","");
return filename;
}
/**
......
src/com/ejweb/core/util/ImageUtil.java
......@@ -109,7 +109,7 @@ public final class ImageUtil {
}
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath,"<")) {
if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) {
return null;
}
// 验证文件安全
......@@ -119,13 +119,14 @@ public final class ImageUtil {
baseUploadDir.mkdirs();
}
String fileName = IdWorker.getNextId() + "." + PNG;
if (StrUtil.contains(baseDatePath, "<")) {
if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
return null;
}
String fullFileName = baseUploadDir + GConstants.FS + fileName;
// File uploadFilePath = new File(baseUploadDir, fileName);
writeHighQuality(outImage, fullFileName);
return baseDatePath + fileName;
String fileNamePath = baseDatePath + fileName;
return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\","");
} catch (Exception e) {
e.printStackTrace();
}
......@@ -136,7 +137,7 @@ public final class ImageUtil {
public static BufferedImage zoomImage(String src, int toWidth, int toHeight) {
BufferedImage result = null;
if (StrUtil.contains(src, "<")) {
if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) {
return null;
}
try {
......@@ -178,7 +179,7 @@ public final class ImageUtil {
public static boolean writeHighQuality(BufferedImage im, String fileFullPath) {
try {
if (StrUtil.contains(fileFullPath, "<")) {
if (StrUtil.contains(fileFullPath, "../")||StrUtil.contains(fileFullPath, "..\\")) {
return false;
}
// 验证文件安全
......@@ -223,7 +224,7 @@ public final class ImageUtil {
// 验证文件安全
String path = FileManipulation.validateFile(paths.get(i));
if (StrUtil.contains(path, "<")) {
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
continue;
}
File f = new File(path);
......@@ -311,7 +312,7 @@ public final class ImageUtil {
}
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath, "<")) {
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
return null;
}
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
......@@ -341,6 +342,9 @@ public final class ImageUtil {
*/
public static BufferedImage resize(String filePath, int height, int width, boolean bb) {
try {
if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){
return null;
}
double ratio = 0; // 缩放比例
File f = new File(filePath);
BufferedImage bi = ImageIO.read(f);
......
src/com/ejweb/core/util/PathFormatUtils.java
......@@ -22,7 +22,7 @@ public class PathFormatUtils {
private static Date currentDate = null;
public static String parse ( String input ) {
input = StrUtil.replace(input, "<", "");
input = StrUtil.replace(StrUtil.replace(input, "../", ""),"..\\","");
Pattern pattern = Pattern.compile( "\\{([^\\}]+)\\}", Pattern.CASE_INSENSITIVE );
Matcher matcher = pattern.matcher(input);
......@@ -53,7 +53,7 @@ public class PathFormatUtils {
}
public static String parse ( String input, String filename ) {
input = StrUtil.replace(input, "<", "");
input = StrUtil.replace(StrUtil.replace(input, "../", ""),"..\\","");
Pattern pattern = Pattern.compile( "\\{([^\\}]+)\\}", Pattern.CASE_INSENSITIVE );
Matcher matcher = pattern.matcher(input);
String matchStr = null;
......
src/com/ejweb/core/util/PlanUtil.java
......@@ -37,7 +37,8 @@ public class PlanUtil {
public static List<ConnectionPlan> planlist(String fileName,String filePath){
//读取文件
try {
if (StrUtil.contains(filePath, "<")) {
if (StrUtil.contains(filePath, "../")||StrUtil.contains(filePath, "..\\")||
StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
return null;
}
//获取目标文件的绝对路径
......@@ -190,8 +191,8 @@ public class PlanUtil {
}
if(listm!=null&&listm.size()>0){
Map<String, String> map=listm.get(0);
String fileName =StrUtil.replace( map.get("fileName"),"<","");
String filePath = StrUtil.replace(map.get("filePath"),"<","");
String fileName =StrUtil.replace(StrUtil.replace( map.get("fileName"),"../",""),"..\\","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst= planlist( fileName, filePath);
......
src/com/ejweb/modules/route/api/RouteVerifyController.java
......@@ -189,14 +189,6 @@ public class RouteVerifyController {
return responseBean;
}
public static void main(String[] args) {
String content = "<p>\r\n\t&lt;p&gt; &amp;lt;p&amp;gt; &amp;amp;lt;p style=&amp;amp;quot;text-indent:20pt;&amp;amp;quot;&amp;amp;gt; 6月30日,在首届世界智能大会的&amp;amp;amp;amp;ldquo;智能城市与社会论坛&amp;amp;amp;amp;rdquo;上,中新天津生态城管委会与太极计算机股份有限公司、中国智慧城市产业技术创新战略联盟、中国软件行业协会三家单位签署战略合作协议。今后,生态城将与各方在智慧城市建设等领域展开全方位战略合作,共同推进智慧民生、智慧管理和智慧经济快速发展。作为智能领域全球首个大型高端交流平台,世界智能大会不仅致力于打造世界级先进智能科技成果发布平台、创新合作平台、产业聚集平台和投融资对接平台,更重在智能领域促进中国与世界的交流合作,将先进的科技成果和发展理念引入国内。此次由中新天津生态城承办的&amp;amp;amp;amp;ldquo;智慧城市与社会论坛;,正是在创新、协调、绿色、开放、共享发展理念不断深入,城市与社会被赋予新内涵、新要求的大背景下,展开的一场以&amp;amp;amp;amp;ldquo;智慧城市与社会&amp;amp;amp;amp;rdquo;为主题的观点交锋和头脑风暴。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;会议邀请到中国工程院院士李伯虎、阿里巴巴集团副总裁刘松、世界工程组织联合会(WFEO)当选主席Marlene Kanga等10余位国内外嘉宾,以主题演讲和高峰对话等形式,深入探讨了&amp;amp;amp;amp;ldquo;人工智能2.0&amp;amp;amp;amp;rdquo;、&amp;amp;amp;amp;ldquo;智能化思维构建行业大脑&amp;amp;amp;amp;rdquo;、&amp;amp;amp;amp;ldquo;智慧城市行业中智能技术的应用&amp;amp;amp;amp;rdquo;等热点话题,分享新型智慧城市规划、建设与管理运营理念,以及城市智慧治理与社会服务创新的相关成果,为200多位与会者献上了一场精彩的观点盛宴。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;论坛上,中新天津生态城管委会与太极计算机股份有限公司、中国智慧城市产业技术创新战略联盟、中国软件行业协会三家单位签署战略合作协议,将在智慧城市运营管理,生态城大数据分析,推动科技、信息产业园区建设,共享产业专家智库等方面加强合作。双方今后将积极探索生态城的智慧城市建设、运营、管理新模式,以科技信息手段,助力生态城智慧城市体系建设,推动城市管理向立体化、精细化发展。与此同时,三家单位将充分发挥在各自领域的优势,结合生态城的发展实际和未来需求,推荐品牌企业入驻,通过建设具有国际领先水平的智慧城市智库、研发中心、创新创业基地、示范和体验基地,促进政、产、学、研、用等合作,推动技术创新成果产业转化,加速生态城智慧城市体系建设和产业转型升级。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;作为中国、新加坡两国政府间的战略性合作项目,中新天津生态城一直致力于提升现有城市发展和服务水平,通过智慧城市综合应用中心、智慧城市大数据平台等项目,推动城市发展。生态城智慧城市项目自启动以来,各项目进展顺利。此次生态城与三家单位签署战略合作协议,将提高政府行政管理和服务能力,促进经济转型升级、培育智慧经济,加快生态城的智慧城市建设步伐。&amp;amp;amp;lt;/p&amp;amp;amp;gt;&amp;amp;lt;/p&amp;amp;gt;&amp;lt;/p&amp;gt;&lt;/p&gt;</p>";
if (content != null && content.indexOf(">") != -1 && content.lastIndexOf("<") != -1 && content.indexOf(">") < content.lastIndexOf("<")) {
content = content.substring(content.indexOf(">") + 1, content.lastIndexOf("<"));
}
System.out.println(content);
}
//论证意见
@ResponseBody
@RequestMapping(value = "/update")
......
src/com/ejweb/modules/sailing/service/SailingCommandService.java
......@@ -4,6 +4,10 @@
package com.ejweb.modules.sailing.service;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.SM2;
import com.ejweb.core.base.CurdService;
import com.ejweb.core.base.PageEntity;
import com.ejweb.core.conf.GConstants;
......@@ -50,6 +54,7 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
......@@ -168,8 +173,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
entity.setConnect(verifyDao.getConnectList(bean.getVerifId()));
if (listm != null && listm.size() > 0) {
Map<String, String> map = listm.get(0);
String fileName = map.get("fileName");
String filePath = map.get("filePath");
String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst = planlist(fileName, filePath);
......@@ -491,8 +496,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
}
if (listm != null && listm.size() > 0) {
Map<String, String> map = listm.get(0);
String fileName = map.get("fileName");
String filePath = StrUtil.replace( map.get("filePath"),"<","");
String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst = planlist(fileName, filePath);
......@@ -775,8 +780,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
}
if (listm != null && listm.size() > 0) {
Map<String, String> map = listm.get(0);
String fileName = map.get("fileName");
String filePath = StrUtil.replace(map.get("filePath"),"<","");
String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst = planlist(fileName, filePath);
......@@ -1006,7 +1011,7 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
try {
//获取目标文件的绝对路径
// String fullFileName = filePath;
String fullFileName = GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "<", "");
String fullFileName = StrUtil.replace(GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "../", ""),"..\\","");
InputStream in = null;
in = new FileInputStream(fullFileName);
ImportExcel ei = new ImportExcel(fileName, in, 1, 0);
......@@ -1092,4 +1097,7 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
verifyDao.insertAirTypes(addBean);
}
}
src/com/ejweb/modules/upload/api/UploadController.java
......@@ -288,7 +288,7 @@ public class UploadController {
if (bean.getPath().indexOf("../") != -1) {
return;
}
if(StrUtil.contains(bean.getPath(), "<")){
if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){
throw new RuntimeException("文件路径异常!");
}
}
......@@ -408,8 +408,8 @@ public class UploadController {
public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean();
String stream = request.getParameter("fileStream");
String filePath = StrUtil.replace(request.getParameter("filePath"), "<", "");
String fileDir = StrUtil.replace(request.getParameter("fileDir"), "<", "");
String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\","");
String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\","");
ByteArrayInputStream bais = null;
FileOutputStream ostream = null;
try {
......@@ -425,7 +425,8 @@ public class UploadController {
return responseBean;
}
if (StrUtil.contains(filePath,"<")||StrUtil.contains(fileDir,"<")) {
if (StrUtil.contains(filePath,"../")||StrUtil.contains(filePath,"..\\")
||StrUtil.contains(fileDir,"../")||StrUtil.contains(fileDir,"..\\")) {
throw new RuntimeException("文件路径非法");
}
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, fileDir);
......
src/com/ejweb/modules/upload/service/UploadService.java
......@@ -207,7 +207,7 @@ public class UploadService extends BaseService<UploadDao>{
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files";
if (StrUtil.contains(moduleName,"<")) {
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
moduleName = "files";
}
}
......@@ -345,13 +345,13 @@ public class UploadService extends BaseService<UploadDao>{
moduleName = moduleName.replaceAll("[\\|//]+", "/");
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files";
if (StrUtil.contains(moduleName,"<")) {
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
moduleName = "files";
}
}
// 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
if (StrUtil.contains(baseDatePath, "<")) {
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
throw new RuntimeException("模块名称非法");
}
String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
......@@ -499,7 +499,8 @@ public class UploadService extends BaseService<UploadDao>{
}
String extesionName = Util.getExtensionName(originalFilename);
if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
if(originalFilename.contains("blob")||originalFilename.contains("<")){
if(originalFilename.contains("blob")||originalFilename.contains("../")
||originalFilename.contains("..\\")){
return null;
}
return "无法获取文件扩展名:"+originalFilename;
......
src/com/ejweb/modules/verify/api/AirlineConclusionController.java
......@@ -210,7 +210,7 @@ public class AirlineConclusionController {
response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
//获取目标文件的绝对路径
String path = uploadFileBean.getPath();
if(StrUtil.contains(path, "<")){
if(StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")){
throw new RuntimeException("文件路径不正确");
}
String fullFileName = GConstants.FILE_UPLOAD_DIR + path;
......
src/com/ejweb/modules/verify/api/AirlineVerifyController.java
......@@ -718,7 +718,7 @@ public class AirlineVerifyController {
sb.append("</tbody></table>");
UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
if (StrUtil.contains(uploadFileBean.getPath(), "<")) {
if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
throw new RuntimeException("文件名包含非法字符");
}
InputStream in = null;
......
src/com/ejweb/modules/verify/api/VerifyDocumentController.java
......@@ -86,7 +86,7 @@ public class VerifyDocumentController {
for (VerifyDocumentListEntity entityTmp : documentListEntities) {
try {
String filePath = entityTmp.getFilePath();
if (StrUtil.contains(filePath,"<")) {
if (StrUtil.contains(filePath,"../")||StrUtil.contains(filePath, "..\\")) {
continue;
}
File fTmp = new File(FileManipulation.validateFile(GConstants.FILE_UPLOAD_DIR + filePath));
......
src/com/ejweb/modules/verify/service/AirlineVerifyService.java
......@@ -186,7 +186,7 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
//读取文件
try {
//获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "<", "");
String fullFileName = StrUtil.replace(GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "../", ""),"..\\","");
// String fullFileName ="D:\\论证计划.xlsx";
InputStream in = null;
in = new FileInputStream(fullFileName);
......@@ -263,7 +263,7 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
if (list != null && list.size() > 0) {
Map<String, String> map = list.get(0);
String fileName = map.get("fileName");
String filePath = StrUtil.replace(map.get("filePath"),"<","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst = planlist(fileName, filePath);
airlineVerifyDetailEntity.setConnectionPlan(lst);
......@@ -662,8 +662,8 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
StringBuffer sb = new StringBuffer();
if (listm != null && listm.size() > 0) {
Map<String, String> map = listm.get(0);
String fileName = map.get("fileName");
String filePath = StrUtil.replace(map.get("filePath"),"<","");
String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
List<ConnectionPlan> lst = planlist(fileName, filePath);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment