SQL注入漏洞修复

yiming
1 parent 0dcb03d2
Showing 8 changed files with 88 additions and 28 deletions
src/main/java/com/bsth/repository/calc/CalcIntervalRepository.java
src/main/java/com/bsth/repository/oil/DlbRepository.java
src/main/java/com/bsth/repository/oil/YlbRepository.java
src/main/java/com/bsth/repository/realcontrol/ScheduleRealInfoRepository.java
src/main/java/com/bsth/repository/sys/IntervalRepository.java
src/main/java/com/bsth/service/calc/impl/CalcIntervalServiceImpl.java
src/main/java/com/bsth/service/report/impl/CulateMileageServiceImpl.java
src/main/java/com/bsth/service/report/impl/ReportServiceImpl.java
 package com.bsth.repository.calc;
  
 import java.util.List;
+import java.util.Map;
  
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
@@ -54,4 +55,12 @@ public interface CalcIntervalRepository extends BaseRepository&lt;CalcInterval, Int
 	// 按日期查询
 	@Query(value="select c from CalcInterval c where c.date in (:dates)")
 	List<CalcInterval> selectByDates(@Param("dates")List<String> dates);
+
+	@Query(value = "select gsbm,fgsbm,xl_bm as xlBm,xl_name as xlName,level,djg_all as djgAll,bcs,sfyy as sfyyB from bsth_c_calc_interval where date >= ?1  and date <= ?2 and level is not null and level <> '' " +
+			"and if ( ?3 > 0 and ?4 > 0 , gsbm = ?5 and fgsbm = ?6 , 1=1 ) " +
+			"and if ( ?3 > 0 and ?4 = 0 , gsbm = ?5, 1=1) " +
+			"and if ( ?7 > 0 and ?9 = '1' , date not in ( ?8 ) , 1=1) " +
+			"and if ( ?7 > 0 and ?9 = '2' , date  in ( ?8 ) , 1=1) " +
+			"order by gsbm,fgsbm,level", nativeQuery = true)
+	List<Map<String, Object>> sumInterval(String sDate,String eDate,int gsl,int fgsl,String gs,String fgs,int weekendl,List<String> weekend,String week);
 }
@@ -116,5 +116,8 @@ public interface DlbRepository extends BaseRepository&lt;Dlb, Integer&gt;{
  
 	@Query(value="SELECT * FROM bsth_c_dlb  where rq=?1 and xlbm=?2",nativeQuery=true)
 	List<Dlb> queryDlbByRqXlbm(String rq, String xlbm);
+
+	@Query(value="select * from bsth_c_dlb where rq BETWEEN ?1 and ?2 and if( ?3 is not null , xlbm = ?3 , fgsdm = ?4 and xlbm =?5)",nativeQuery=true)
+	List<Dlb> dlbList(String date ,String date2 ,String line ,String gsdm ,String fgsdm);
  
 }
@@ -189,6 +189,9 @@ public interface YlbRepository extends BaseRepository&lt;Ylb, Integer&gt;{
 				" yhlx = ?9"+
 				" WHERE id = ?1", nativeQuery=true)
 	public void ylbUpdate(Integer id,double czyl,double jzyl,double yh, double sh,String shyy,double ns,String rylx,int yhlx);
+
+	@Query(value="select * from bsth_c_ylb where rq BETWEEN ?1 and ?2 and if( ?3 is not null , xlbm = ?3 , fgsdm = ?4 and xlbm =?5)",nativeQuery=true)
+	List<Ylb> ylbList(String date ,String date2 ,String line ,String gsdm ,String fgsdm);
  
  
 }
@@ -244,4 +244,12 @@ public interface ScheduleRealInfoRepository extends BaseRepository&lt;ScheduleRealI
     		"and adjust_exps = ?3 " +
     		"group by schedule_date_str, xl_bm, j_gh, s_gh ", nativeQuery = true)
     List<Object[]> findCancelSchedule(String date1, String date2, String lbType);
+
+	@Query(value = "select r.xl_bm as line,r.cl_zbh as nbbm from bsth_c_s_sp_info_real r where r.schedule_date_str BETWEEN ?1 and ?2 " +
+			"and if( ?3 is not null , r.xl_bm = ?3 , r.gs_bm = ?4 and r.fgs_bm =?5) group  by  r.xl_bm,r.cl_zbh", nativeQuery = true)
+	List<Map<String, Object>> querySchedule(String date1, String date2,String line ,String gsdm ,String fgsdm);
+
+	@Query(value = "select r.xl_bm as line,r.cl_zbh as nbbm,r.j_gh as jGh,r.s_gh as sGh from bsth_c_s_sp_info_real r where r.schedule_date_str BETWEEN ?1 and ?2 " +
+			"and if( ?3 is not null , r.xl_bm = ?3 , r.gs_bm = ?4 and r.fgs_bm =?5) group  by  r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh", nativeQuery = true)
+	List<Map<String, Object>> querySchedule2(String date1, String date2,String line ,String gsdm ,String fgsdm);
 }
 package com.bsth.repository.sys;
  
  
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 import com.bsth.entity.sys.Interval;
 import com.bsth.repository.BaseRepository;
  
+import java.util.List;
+
 @Repository
 public interface IntervalRepository extends BaseRepository<Interval, Integer> {
  
+    @Query(value = "select i from Interval i")
+    List<Interval> intervalAll();
+
 }
@@ -6,18 +6,7 @@ import java.sql.SQLException;
 import java.text.DecimalFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.GregorianCalendar;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
  
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -944,7 +933,7 @@ public class CalcIntervalServiceImpl extends BaseServiceImpl&lt;CalcInterval,Intege
  
         List<Map<String, Object>> listAll=new ArrayList<Map<String, Object>>();
  
-        String sql="select gsbm,fgsbm,xl_bm,xl_name,level,djg_all,bcs,sfyy"
+        /*String sql="select gsbm,fgsbm,xl_bm,xl_name,level,djg_all,bcs,sfyy"
     			+ " from bsth_c_calc_interval where date>= '"+sDate+"' and date<='"+eDate+"'"
     			+ " and level is not null and level <> '' ";
 		if(gs.length() > 0){
@@ -962,7 +951,7 @@ public class CalcIntervalServiceImpl extends BaseServiceImpl&lt;CalcInterval,Intege
 		sql += " order by gsbm,fgsbm,level";
  
 		List<Map<String, Object>> countList = new ArrayList<Map<String, Object>>();
-		List<Map<String, Object>> list=jdbcTemplate.query(sql, 
+		List<Map<String, Object>> list=jdbcTemplate.query(sql,
 				 new RowMapper<Map<String,Object>>(){
 			 @Override 
 			 public Map<String, Object>  mapRow(ResultSet rs, int rowNum) throws SQLException { 
@@ -977,8 +966,18 @@ public class CalcIntervalServiceImpl extends BaseServiceImpl&lt;CalcInterval,Intege
 				 m.put("sfyy", rs.getInt("sfyy"));
 				 return m;
 			 }
-		});
-		
+		});*/
+		List<Map<String, Object>> countList = new ArrayList<Map<String, Object>>();
+		List<String> weekendL=Arrays.asList(weekend.replace("'","").split(","));
+		List<Map<String, Object>> list2=calcIntervalRepository.sumInterval(sDate,eDate,gs.length(),fgs.length(),gs,fgs,weekendL.size(),weekendL,week);
+		List<Map<String, Object>> list=new ArrayList<>();
+		for (Map<String, Object> m : list2) {
+			Map<String, Object> m2=new HashMap<>(m);
+			m2.put("gs", BasicData.businessCodeNameMap.get(m2.get("gsbm")));
+			m2.put("fgs", BasicData.businessFgsCodeNameMap.get(m2.get("fgsbm")+"_"+m.get("gsbm")));
+			m2.put("sfyy",!(boolean)m2.get("sfyyB")?0:1);
+			list.add(m2);
+		}
 		//根据线路类型确定是否营运
 	    for (int i = 0; i < list.size(); i++) {
 			Map<String, Object> m=list.get(i);
 package com.bsth.service.report.impl;
  
+import com.bsth.entity.Line;
 import com.bsth.entity.realcontrol.ChildTaskPlan;
 import com.bsth.entity.realcontrol.ScheduleRealInfo;
 import com.bsth.entity.sys.Interval;
+import com.bsth.repository.LineRepository;
+import com.bsth.repository.sys.IntervalRepository;
 import com.bsth.service.report.CulateMileageService;
 import com.bsth.util.Arith;
 import com.bsth.util.ComparableChild;
@@ -24,6 +27,13 @@ import java.util.*;
 public class CulateMileageServiceImpl  implements CulateMileageService{
 	@Autowired
 	JdbcTemplate jdbcTemplate;
+
+	@Autowired
+	LineRepository lineRepository;
+
+	@Autowired
+	IntervalRepository intervalRepository;
+
 	private static long zgf1 = 6 * 60 + 31,
 			zgf2 = 8 * 60 + 30,
 			wgf1 = 16 * 60 + 1, 
@@ -1360,7 +1370,7 @@ public class CulateMileageServiceImpl  implements CulateMileageService{
 		SimpleDateFormat sdf=new SimpleDateFormat("yyyy-MM-dd HH:mm");
 //			 Collections.sort(listInfo,new ComparableAcuals());
 			 //查询所有线路
-			 String xlSql="select line_code,spac_grade from bsth_c_line"
+/*			 String xlSql="select line_code,spac_grade from bsth_c_line"
 			 		+ "  where line_code ='"+line+"'";
  
 			List<Map<String, Object>> xlList=jdbcTemplate.query(xlSql, new RowMapper<Map<String, Object>>() {
@@ -1371,9 +1381,17 @@ public class CulateMileageServiceImpl  implements CulateMileageService{
 				map.put("grade", arg0.getString("spac_grade"));
 				return map;
 			}
-		});
+		});*/
+		List<Line> lines=lineRepository.findLineByCode(line);
+		List<Map<String, Object>> xlList = new ArrayList<>();
+		for (Line l : lines) {
+			Map<String, Object> map=new HashMap<String,Object>();
+			map.put("line",l.getLineCode());
+			map.put("grade",l.getSpacGrade());
+			xlList.add(map);
+		}
 			//查询大间隔时间
-			String djgSql="select * from bsth_c_interval";
+/*			String djgSql="select * from bsth_c_interval";
 			List<Interval> djgList=jdbcTemplate.query(djgSql, new RowMapper<Interval>() {
 			@Override
 			public Interval mapRow(ResultSet arg0, int arg1) throws SQLException {
@@ -1383,7 +1401,8 @@ public class CulateMileageServiceImpl  implements CulateMileageService{
 				m.setTrough(arg0.getInt("trough"));
 				return m;
 			}
-		});
+		});*/
+		List<Interval> djgList=intervalRepository.intervalAll();
  
 			 for (int i = 0; i < xlList.size(); i++) {
 				 String lineCode=xlList.get(i).get("line").toString();
@@ -15,6 +15,8 @@ import com.bsth.entity.sys.Interval;
 import com.bsth.repository.LineRepository;
 import com.bsth.repository.LsStationRouteRepository;
 import com.bsth.repository.StationRouteRepository;
+import com.bsth.repository.oil.DlbRepository;
+import com.bsth.repository.oil.YlbRepository;
 import com.bsth.repository.realcontrol.ScheduleRealInfoRepository;
 import com.bsth.service.LineService;
 import com.bsth.service.calc.CalcWaybillService;
@@ -82,6 +84,12 @@ public class ReportServiceImpl implements ReportService{
 	@Autowired
 	CalcWaybillService calcWaybillService;
  
+	@Autowired
+	YlbRepository ylbRepository;
+
+	@Autowired
+	DlbRepository dlbRepository;
+
 	@Override
 	public List<ScheduleRealInfo> queryListBczx(String line, String date,String clzbh) {
 		// TODO Auto-generated method stub
@@ -3098,26 +3106,29 @@ public class ReportServiceImpl implements ReportService{
 			//查询单条线路
 			list = scheduleRealInfoRepository.scheduleByDateAndLineTj2(line, date,date2);
 		}
-		String ylbSql=" select * from bsth_c_ylb where rq BETWEEN '"+date+"' and '"+date2+"'";
+/*		String ylbSql=" select * from bsth_c_ylb where rq BETWEEN '"+date+"' and '"+date2+"'";
 		if(line.equals("")){
 			ylbSql +="and ssgsdm='"+gsdm+"' "
 					+ " and fgsdm='"+fgsdm+"'";
 		}else{
 			ylbSql += " and xlbm = '"+line+"'";
 		}
-		List<Ylb> ylbList=ylbList(ylbSql);
-		String dlbSql=" select * from bsth_c_dlb where rq BETWEEN '"+date+"' and '"+date2+"'";
+		List<Ylb> ylbList=ylbList(ylbSql);*/
+		List<Ylb> ylbList=ylbRepository.ylbList(date,date2,line,gsdm,fgsdm);
+		/*String dlbSql=" select * from bsth_c_dlb where rq BETWEEN '"+date+"' and '"+date2+"'";
 		if(line.equals("")){
 			dlbSql +="and ssgsdm='"+gsdm+"' "
 					+ " and fgsdm='"+fgsdm+"'";
 		}else{
 			dlbSql += " and xlbm = '"+line+"'";
 		}
-		List<Dlb> dlbList=dlbList(dlbSql);
+		List<Dlb> dlbList=dlbList(dlbSql);*/
+		List<Dlb> dlbList=dlbRepository.dlbList(date,date2,line,gsdm,fgsdm);
+
 		List<Map<String, Object>> listGroupBy =null;
 		String sql="";
 		if(zt.equals("zbh")){
-			sql+="select r.xl_bm,r.cl_zbh"
+			/*sql+="select r.xl_bm,r.cl_zbh"
 					+ " from bsth_c_s_sp_info_real r where"
 					+ " r.schedule_date_str BETWEEN  '"+date+"' and '"+date2+"'";
 			if(line.equals("")){
@@ -3135,9 +3146,10 @@ public class ReportServiceImpl implements ReportService{
 					map.put("nbbm", arg0.getString("cl_zbh"));
 					return map;
 				}
-			});
+			});*/
+			listGroupBy =scheduleRealInfoRepository.querySchedule(date,date2,line,gsdm,fgsdm);
 		}else{
-			sql+="select r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh"
+			/*sql+="select r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh"
 					+ " from bsth_c_s_sp_info_real r where"
 					+ " r.schedule_date_str BETWEEN  '"+date+"' and '"+date2+"'";
 			if(line.equals("")){
@@ -3159,7 +3171,8 @@ public class ReportServiceImpl implements ReportService{
 //					map.put("sName", arg0.getString("s_name"));
 					return map;
 				}
-			});
+			});*/
+			listGroupBy =scheduleRealInfoRepository.querySchedule2(date,date2,line,gsdm,fgsdm);
 		}