From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java | 96 ++++++++++++++++++++++++++++++------------------
1 files changed, 60 insertions(+), 36 deletions(-)
diff --git a/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java b/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
index 4807c23..60683dd 100644
--- a/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
+++ b/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
@@ -3,6 +3,7 @@
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.core.common.Cools;
+import com.core.common.DateUtils;
import com.core.exception.CoolException;
import com.zy.asrs.entity.DocType;
import com.zy.asrs.entity.Order;
@@ -23,6 +24,7 @@
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Date;
import java.util.List;
/**
@@ -49,11 +51,11 @@
@Transactional
public ReturnT<String> start(Order order) {
-
- List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇閲囪喘鍏ュ簱鍗�","閾跺骇濮斿鏉愭枡鍑哄簱鍗�","閾跺骇濮斿鍏ュ簱鍗�","閾跺骇鐢熶骇鏉愭枡鍑哄簱鍗�"));
+ //List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇閲囪喘鍏ュ簱鍗�", "閾跺骇濮斿鏉愭枡鍑哄簱鍗�", "閾跺骇濮斿鍏ュ簱鍗�", "閾跺骇鐢熶骇鏉愭枡鍑哄簱鍗�"));
+ List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇濮斿鍏ュ簱鍗�", "閾跺骇鐢熶骇鏉愭枡鍑哄簱鍗�"));
DocType docType = docTypeService.selectById(order.getDocType());
- if(!docNames.contains(docType.getDocName())){
+ if (!docNames.contains(docType.getDocName())) {
order.setSettle(8L);
orderService.updateById(order);
return SUCCESS;
@@ -70,11 +72,11 @@
List<OrderDetl> orderDetlList = orderDetlService.selectByOrderId(order.getId());
ReportErpParam param = new ReportErpParam();
- mappingParam(order,param);
- mappingParamChildren(orderDetlList,param);
+ mappingParam(order, param);
+ mappingParamChildren(orderDetlList, param);
int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
- if(code == 0){
+ if (code == 0) {
order.setSettle(6L);
orderService.updateById(order);
}
@@ -82,32 +84,65 @@
return SUCCESS;
}
- private void mappingParam(Order order, ReportErpParam param){
+
+ @Transactional
+ public void timelyStart(Order order) {
+
+ List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇閲囪喘鍏ュ簱鍗�", "閾跺骇濮斿鏉愭枡鍑哄簱鍗�"));
+
+ DocType docType = docTypeService.selectById(order.getDocType());
+ if (docNames.contains(docType.getDocName())) {
+ List<OrderDetl> orderDetlList = orderDetlService.selectByOrderId(order.getId());
+ List<OrderDetl> report = new ArrayList<>();
+ for (OrderDetl orderDetl : orderDetlList) {
+ if (orderDetl.getQty() > 0 && orderDetl.getQty() > (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty())) {
+ report.add(orderDetl);
+ }
+ }
+ if (!Cools.isEmpty(report)) {
+ ReportErpParam param = new ReportErpParam();
+ mappingParam(order, param);
+ mappingParamChildren(report, param);
+
+ int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
+ if (code == 0) {
+ for (OrderDetl orderDetl : orderDetlList) {
+ orderDetl.setReportQty(orderDetl.getQty());
+ log.info("{}鍗曞瓙涓婃姤浜嗭細{}", order.getOrderNo(),orderDetl.getQty() - (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty()));
+ orderDetlService.updateById(orderDetl);
+ }
+ }
+ }
+
+ }
+ }
+
+ public void mappingParam(Order order, ReportErpParam param) {
param.set鎿嶄綔绯荤粺鍙�(order.getDefNumber());
param.set鎿嶄綔鍗曟嵁(order.getDocType$());
param.set鎿嶄綔绫诲瀷("add");
param.setDdate(order.getOrderTime());
- param.setCWhCode("");
+ param.setCWhCode(Cools.isEmpty(order.getPltType()) ? "" : order.getPltType() + "");
param.setCDepCode("YZ");
param.setCOrderCode(order.getOrderNo());
param.setCMaker("");
param.setCHandler("");
- param.setCDefine14(order.getOrderNo());
+ param.setCDefine14(order.getOrderNo()+"_"+DateUtils.convert(new Date(), DateUtils.yyyyMMddHHmmss));
}
- private void mappingParamChildren(List<OrderDetl> orderDetlList, ReportErpParam param){
+ public void mappingParamChildren(List<OrderDetl> orderDetlList, ReportErpParam param) {
List<ReportErpParam.ChildInfo> paramChild = new ArrayList<>();
param.setChildren(paramChild);
- for (OrderDetl orderDetl : orderDetlList){
+ for (OrderDetl orderDetl : orderDetlList) {
ReportErpParam.ChildInfo childInfo = new ReportErpParam.ChildInfo();
childInfo.setIrowno(orderDetl.getItemNum());
childInfo.setCInvCode(orderDetl.getMatnr());
- childInfo.setIQuantity(orderDetl.getQty() + "");
+ childInfo.setIQuantity(orderDetl.getQty() - (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty()) + "");
childInfo.setCBatch(orderDetl.getBatch());
childInfo.setINum(orderDetl.getLength() + "");
childInfo.setIinvexchrate("");
childInfo.setBFree1(orderDetl.getDeadTime());
- childInfo.setIPOsID(orderDetl.getId() + "");
+ childInfo.setIPOsID(orderDetl.getSku());
childInfo.setCOrderCode(orderDetl.getOrderNo());
childInfo.setIvouchrowno(orderDetl.getItemNum());
childInfo.setDefine22(orderDetl.getThreeCode());
@@ -117,42 +152,31 @@
}
- private int doHttpRequest(Object requestParam, String namespace, String url, String path, String appkey, String ip){
+ private int doHttpRequest(Object requestParam, String namespace, String url, String path, String appkey, String ip) {
String response = "";
boolean success = false;
try {
- response = new HttpHandler.Builder()
- .setUri(url)
- .setPath(path)
- .setJson(JSONObject.toJSONString(requestParam))
- .build()
- .doPost();
+ response = new HttpHandler.Builder().setUri(url).setPath(path).setJson(JSONObject.toJSONString(requestParam)).build().doPost();
JSONObject jsonObject = JSON.parseObject(response);
- if(Cools.isEmpty(jsonObject.get("errCode"))){
- throw new CoolException(jsonObject.get("Message").toString());
+ if (Cools.isEmpty(jsonObject.get("succeed"))) {
+ throw new CoolException(jsonObject.get("dsc").toString());
}
- int code = (int) jsonObject.get("errCode");
- if(code != 0){
- throw new CoolException(jsonObject.get("errMsg").toString());
+ String succeed = jsonObject.get("succeed").toString();
+
+ int code = Cools.eq("0", succeed) ? 0 : 1;
+ if (code != 0) {
+ throw new CoolException(jsonObject.get("dsc").toString());
}
success = true;
return code;
- }catch (Exception e){
+ } catch (Exception e) {
log.error(e.getMessage());
throw new CoolException("璋冪敤鎺ュ彛鍝嶅簲閿欒");
- }finally {
- apiLogService.save(
- namespace,
- url + path,
- appkey,
- ip,
- JSON.toJSONString(JSONObject.toJSONString(requestParam)),
- response,
- success
- );
+ } finally {
+ apiLogService.save(namespace, url + path, appkey, ip, JSON.toJSONString(JSONObject.toJSONString(requestParam)), response, success);
}
}
--
Gitblit v1.9.1