恢复文件上传方式并修正带后缀
This commit is contained in:
wangwei
@@ -6,16 +6,12 @@ import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.FileCopyUtils;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
@@ -73,19 +69,19 @@ public class FileHijackController extends CommonController{
|
||||
File file = null;
|
||||
try{
|
||||
if(cfgFile != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(cfgFile.getBytes(), file);
|
||||
String filename = cfgFile.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
cfgFile.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", cfgFile.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("proxy 劫持文件 上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String path = null;
|
||||
|
||||
@@ -6,16 +6,12 @@ import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.FileCopyUtils;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
@@ -72,19 +68,19 @@ public class FileInsertScriptController extends CommonController{
|
||||
File file = null;
|
||||
try{
|
||||
if(cfgFile != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(cfgFile.getBytes(), file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", cfgFile.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes()));
|
||||
String filename = cfgFile.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_"+ prefix, FileUtils.getSuffix(filename, true));
|
||||
cfgFile.transferTo(file);//复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String,Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
|
||||
srcMap.put("createTime",new Date());
|
||||
srcMap.put("key",prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("注入脚本文件上传响应信息:"+JsonMapper.toJsonString(result));
|
||||
String srcAccessUrl = null;
|
||||
|
||||
@@ -11,17 +11,14 @@ package com.nis.web.controller.configuration.proxy;
|
||||
import java.io.File;
|
||||
import java.util.Date;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.FileCopyUtils;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
@@ -97,19 +94,19 @@ public class FileResponsePageController extends CommonController {
|
||||
File file = null;
|
||||
try{
|
||||
if(cfgFile != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(cfgFile.getBytes(), file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", cfgFile.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes()));
|
||||
String filename = cfgFile.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_"+ prefix, FileUtils.getSuffix(filename, true));
|
||||
cfgFile.transferTo(file);//复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String,Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
|
||||
srcMap.put("createTime",new Date());
|
||||
srcMap.put("key",prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("http 重定向阻断文件上传响应信息:"+JsonMapper.toJsonString(result));
|
||||
String srcAccessUrl = null;
|
||||
@@ -118,7 +115,7 @@ public class FileResponsePageController extends CommonController {
|
||||
srcAccessUrl=data.getAccessUrl();
|
||||
cfg.setUrl(srcAccessUrl);;
|
||||
}
|
||||
cfg.setMd5(DigestUtils.md5Hex(cfgFile.getBytes()));//文件md5值
|
||||
cfg.setMd5(md5);//文件md5值
|
||||
cfg.setContentLength(file.length());//文件长度
|
||||
}
|
||||
proxyFileResponsePageService.saveOrUpdate(cfg);
|
||||
|
||||
@@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.mock.web.MockMultipartFile;
|
||||
import org.springframework.stereotype.Controller;
|
||||
@@ -210,19 +209,19 @@ public class PxyObjKeyringController extends BaseController {
|
||||
try {
|
||||
if (validFlag) {
|
||||
if (publicKeyFileI != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(publicKeyFileI.getBytes(), file);
|
||||
String filename = publicKeyFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
publicKeyFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(publicKeyFileI.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", publicKeyFileI.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(publicKeyFileI.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("proxy 证书文件策略公钥 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String publicKeyFileAccessUrl = null;
|
||||
@@ -234,19 +233,19 @@ public class PxyObjKeyringController extends BaseController {
|
||||
}
|
||||
}
|
||||
if (privateKeyFileI != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(privateKeyFileI.getBytes(), file);
|
||||
String filename = privateKeyFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
privateKeyFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(privateKeyFileI.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", privateKeyFileI.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(privateKeyFileI.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("proxy 证书文件策略私钥 上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String privateKeyFileAccessUrl = null;
|
||||
@@ -695,19 +694,19 @@ public class PxyObjKeyringController extends BaseController {
|
||||
try {
|
||||
if (validFlag) {
|
||||
if (certFileI != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(certFileI.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(certFileI.getBytes(), file);
|
||||
String filename = certFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
certFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(certFileI.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(certFileI.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", certFileI.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(certFileI.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("proxy 可信证书 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String certFileAccessUrl = null;
|
||||
@@ -816,19 +815,19 @@ public class PxyObjKeyringController extends BaseController {
|
||||
try {
|
||||
if (validFlag) {
|
||||
if (crlFileI != null) {
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(crlFileI.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(crlFileI.getBytes(), file);
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
crlFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(crlFileI.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(crlFileI.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", crlFileI.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(crlFileI.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
@@ -979,19 +978,19 @@ public class PxyObjKeyringController extends BaseController {
|
||||
PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
|
||||
cfg.setBuiltIn(1);
|
||||
BeanUtils.copyProperties(cfg, cacertBuitIn);
|
||||
String sep = System.getProperty("file.separator");
|
||||
String digestFilePath = request.getRealPath("/") + "digestFile";
|
||||
FileUtils.createDirectory(digestFilePath);
|
||||
String fileName = UUID.randomUUID() + FileUtils.getSuffix(multipartFile.getOriginalFilename(), true);
|
||||
file = new File(digestFilePath + sep + fileName);
|
||||
FileCopyUtils.copy(multipartFile.getBytes(), file);
|
||||
filename = file.getName();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
newFile = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true));
|
||||
multipartFile.transferTo(newFile);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", FileUtils.getSuffix(multipartFile.getOriginalFilename(), false));
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", FileUtils.getPrefix(multipartFile.getOriginalFilename(), false));
|
||||
srcMap.put("fileName", multipartFile.getOriginalFilename());
|
||||
srcMap.put("checksum", DigestUtils.md5Hex(multipartFile.getBytes()));
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书内置证书 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
|
||||
Reference in New Issue
Block a user