From f59681e9cf7faedb6c28e23920c58ecb919be547 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:14:29 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/system/controller/SaasLogController.java | 140 ++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 133 insertions(+), 7 deletions(-)
diff --git a/src/main/java/com/zy/system/controller/SaasLogController.java b/src/main/java/com/zy/system/controller/SaasLogController.java
index 538364d..c3ab13e 100644
--- a/src/main/java/com/zy/system/controller/SaasLogController.java
+++ b/src/main/java/com/zy/system/controller/SaasLogController.java
@@ -1,18 +1,15 @@
package com.zy.system.controller;
-import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.baomidou.mybatisplus.mapper.Wrapper;
import com.baomidou.mybatisplus.plugins.Page;
-import com.core.common.DateUtils;
-import com.zy.system.entity.SaasLog;
-import com.zy.system.service.SaasLogService;
import com.core.annotations.ManagerAuth;
-import com.core.common.BaseRes;
-import com.core.common.Cools;
-import com.core.common.R;
+import com.core.common.*;
import com.zy.common.web.BaseController;
+import com.zy.system.entity.SaasLog;
+import com.zy.system.mapper.SaasLogMapper;
+import com.zy.system.service.SaasLogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@@ -23,6 +20,9 @@
@Autowired
private SaasLogService saasLogService;
+
+ @Autowired
+ private SaasLogMapper saasLogMapper;
@RequestMapping(value = "/saasLog/{id}/auth")
@ManagerAuth
@@ -45,6 +45,132 @@
return R.ok(saasLogService.selectPage(new Page<>(curr, limit), wrapper));
}
+ @RequestMapping(value = "/saasLogSummary/list/auth")
+ @ManagerAuth
+ public R saasLogSummarylist(@RequestParam Map<String, Object> param){
+ String io_time = (String) param.get("io_time");
+ Date sDate = null;
+ Date eDate = null;
+ if(!Cools.isEmpty(io_time) && io_time.contains(RANGE_TIME_LINK)) {
+ String[] dates = io_time.split(RANGE_TIME_LINK);
+ sDate = DateUtils.convert(dates[0]);
+ eDate = DateUtils.convert(dates[1]);
+ }
+ String type = (String) param.get("type");
+ String owner = (String) param.get("owner");
+
+ ArrayList<SaasLog> list = saasLogMapper.selectListSummary(sDate,eDate,type,owner);
+ double sum = list.stream().mapToDouble(SaasLog::getAnfme).sum();
+ ListIterator<SaasLog> saasLogListIterator = list.listIterator();
+ String a = null;
+ while (saasLogListIterator.hasNext()){
+ SaasLog next = saasLogListIterator.next();
+
+ if (!next.getOwner().equals(a)){
+ if (a != null) {
+
+ ArrayList<SaasLog> list1 = saasLogMapper.selectListSummaryBySubtotal(a,sDate,eDate,type);
+ for (SaasLog saasLog : list1) {
+ saasLogListIterator.previous();
+ saasLog.setMatnr("灏忚");
+ saasLogListIterator.add(saasLog);
+ saasLogListIterator.next();
+ }
+ saasLogListIterator.previous();
+ SaasLog saasLog1 = new SaasLog();
+ saasLog1.setOwner(a);
+ saasLog1.setMatnr("鍚堣");
+ saasLog1.setAnfme(list1.stream().mapToDouble(SaasLog::getAnfme).sum());
+ saasLogListIterator.add(saasLog1);
+ saasLogListIterator.next();
+ }
+
+ a = next.getOwner();
+ }
+ }
+ ArrayList<SaasLog> list1 = saasLogMapper.selectListSummaryBySubtotal(a,sDate,eDate,type);
+ for (SaasLog saasLog : list1) {
+ saasLog.setMatnr("灏忚");
+ saasLogListIterator.add(saasLog);
+ }
+ SaasLog saasLog1 = new SaasLog();
+ saasLog1.setOwner(a);
+ saasLog1.setMatnr("鍚堣");
+ saasLog1.setAnfme(list1.stream().mapToDouble(SaasLog::getAnfme).sum());
+ saasLogListIterator.add(saasLog1);
+
+ SaasLog saasLog = new SaasLog();
+ saasLog.setOwner("鎬昏");
+ saasLog.setAnfme(sum);
+ list.add(saasLog);
+
+ return R.ok(list);
+ }
+
+ @RequestMapping(value = "/saasLogSummary/export/auth")
+ @ManagerAuth
+ public R summaryExport(@RequestBody JSONObject param){
+ List<String> fields = JSONObject.parseArray(param.getJSONArray("fields").toJSONString(), String.class);
+ Map<String, Object> map = excludeTrash(param.getJSONObject("saasLog"));
+ String io_time = (String) map.get("io_time");
+ Date sDate = null;
+ Date eDate = null;
+ if(!Cools.isEmpty(io_time) && io_time.contains(RANGE_TIME_LINK)) {
+ String[] dates = io_time.split(RANGE_TIME_LINK);
+ sDate = DateUtils.convert(dates[0]);
+ eDate = DateUtils.convert(dates[1]);
+ }
+ String type = (String) map.get("type");
+ String owner = (String) map.get("owner");
+
+ ArrayList<SaasLog> list = saasLogMapper.selectListSummary(sDate,eDate,type,owner);
+ double sum = list.stream().mapToDouble(SaasLog::getAnfme).sum();
+ ListIterator<SaasLog> saasLogListIterator = list.listIterator();
+ String a = null;
+ while (saasLogListIterator.hasNext()){
+ SaasLog next = saasLogListIterator.next();
+
+ if (!next.getOwner().equals(a)){
+ if (a != null) {
+
+ ArrayList<SaasLog> list1 = saasLogMapper.selectListSummaryBySubtotal(a,sDate,eDate,type);
+ for (SaasLog saasLog : list1) {
+ saasLogListIterator.previous();
+ saasLog.setMatnr("灏忚");
+ saasLogListIterator.add(saasLog);
+ saasLogListIterator.next();
+ }
+ saasLogListIterator.previous();
+ SaasLog saasLog1 = new SaasLog();
+ saasLog1.setOwner(a);
+ saasLog1.setMatnr("鍚堣");
+ saasLog1.setAnfme(list1.stream().mapToDouble(SaasLog::getAnfme).sum());
+ saasLogListIterator.add(saasLog1);
+ saasLogListIterator.next();
+ }
+
+ a = next.getOwner();
+ }
+ }
+ ArrayList<SaasLog> list1 = saasLogMapper.selectListSummaryBySubtotal(a,sDate,eDate,type);
+ for (SaasLog saasLog : list1) {
+ saasLog.setMatnr("灏忚");
+ saasLogListIterator.add(saasLog);
+ }
+ SaasLog saasLog1 = new SaasLog();
+ saasLog1.setOwner(a);
+ saasLog1.setMatnr("鍚堣");
+ saasLog1.setAnfme(list1.stream().mapToDouble(SaasLog::getAnfme).sum());
+ saasLogListIterator.add(saasLog1);
+
+ SaasLog saasLog = new SaasLog();
+ saasLog.setOwner("鎬昏");
+ saasLog.setAnfme(sum);
+ list.add(saasLog);
+
+ return R.ok(exportSupport(list, fields));
+ }
+
private <T> void convert(Map<String, Object> map, EntityWrapper<T> wrapper){
for (Map.Entry<String, Object> entry : map.entrySet()){
String val = String.valueOf(entry.getValue());
--
Gitblit v1.9.1