lywsvip/wvp-GB28181-pro
1
0
Fork 0
mirror of https://github.com/648540858/wvp-GB28181-pro.git synced 2026-05-06 15:22:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复sql注入漏洞 #2137

Browse Source
This commit is contained in:
lin
2026-05-06 10:44:34 +08:00
parent a86b144893
commit 0caf5a86e7
6 changed files with 60 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/genersoft/iot/vmp/gb28181/dao/DeviceChannelMapper.java
View File

@@ -145,7 +145,7 @@ public interface DeviceChannelMapper {
" LEFT JOIN wvp_device de ON dc.data_device_id = de.id " +
" WHERE dc.data_type = 1 " +
" <if test='deviceId != null'> AND de.device_id = #{deviceId} </if> " +
" <if test='query != null'> AND (dc.device_id LIKE '%${query}%' OR dc.name LIKE '%${query}%' OR dc.name LIKE '%${query}%')</if> " +
" <if test='query != null'> AND (dc.device_id LIKE concat('%',#{query},'%') OR dc.name LIKE concat('%',#{query},'%') OR dc.name LIKE concat('%',#{query},'%'))</if> " +
" <if test='parentChannelId != null'> AND dc.parent_id=#{parentChannelId} </if> " +
" <if test='online == true' > AND dc.status='ON'</if>" +
" <if test='online == false' > AND dc.status='OFF'</if>" +

4
src/main/java/com/genersoft/iot/vmp/gb28181/dao/DeviceMapper.java
View File

@@ -173,7 +173,7 @@ public interface DeviceMapper {
"media_server_id,"+
"(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " +
"FROM wvp_device de" +
"<if test='online != null'> where de.on_line=${online}</if>"+
"<if test='online != null'> where de.on_line=#{online}</if>"+
" order by de.create_time desc "+
" </script>"
)
@@ -366,7 +366,7 @@ public interface DeviceMapper {
",(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " +
" FROM wvp_device de" +
" where 1 = 1 "+
" <if test='status != null'> AND de.on_line=${status}</if>"+
" <if test='status != null'> AND de.on_line=#{status}</if>"+
" <if test='query != null'> AND (" +
" coalesce(custom_name, name) LIKE concat('%',#{query},'%') escape '/' " +
" OR device_id LIKE concat('%',#{query},'%') escape '/' " +

118
src/main/java/com/genersoft/iot/vmp/gb28181/dao/provider/ChannelProvider.java
View File

@@ -360,16 +360,15 @@ public class ChannelProvider {
sqlBuild.append("where channel_type = 0 and coalesce(gb_device_id, device_id) in ( ");
Collection<String> ids = (Collection<String>)params.get("deviceIds");
boolean first = true;
for (String id : ids) {
if (!first) {
int index = 0;
for (String ignored : ids) {
if (index > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'");
sqlBuild.append(id);
sqlBuild.append("'");
first = false;
sqlBuild.append("#{deviceIds[").append(index).append("]}");
index++;
}
sqlBuild.append(" )");
return sqlBuild.toString() ;
}
@@ -445,13 +444,13 @@ public class ChannelProvider {
sqlBuild.append(" where channel_type = 0 and gb_parent_id in ( ");
Collection<Group> ids = (Collection<Group>)params.get("groupList");
boolean first = true;
int index = 0;
for (Group group : ids) {
if (!first) {
if (index > 0) {
sqlBuild.append(",");
}
sqlBuild.append(group.getDeviceId());
first = false;
sqlBuild.append("#{groupList[").append(index).append("].deviceId}");
index++;
}
sqlBuild.append(" )");
@@ -610,13 +609,11 @@ public class ChannelProvider {
List<Device> deviceList = (List<Device>)params.get("deviceList");
if (deviceList != null && !deviceList.isEmpty()) {
sqlBuild.append(" AND data_device_id in (");
boolean first = true;
for (Device device : deviceList) {
if (!first) {
for (int i = 0; i < deviceList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + device.getId() + "'");
first = false;
sqlBuild.append("#{deviceList[").append(i).append("].id}");
}
sqlBuild.append(" )");
}
@@ -648,13 +645,11 @@ public class ChannelProvider {
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
if (groupList != null && !groupList.isEmpty()) {
sqlBuild.append(" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
}
@@ -719,15 +714,12 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
@@ -747,21 +739,16 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
String geomTextBuilder = "point(" + params.get("centerLongitude") + " " + params.get("centerLatitude") + ")";
sqlBuild.append("AND ST_Distance_Sphere(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("')) < #{radius}");
sqlBuild.append("AND ST_Distance_Sphere(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(CONCAT('point(', #{centerLongitude}, ' ', #{centerLatitude}, ')'))) < #{radius}");
if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@@ -776,21 +763,16 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
String geomTextBuilder = "point(" + params.get("centerLongitude") + " " + params.get("centerLatitude") + ")";
sqlBuild.append("AND ST_DistanceSphere(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("')) < #{radius}");
sqlBuild.append("AND ST_DistanceSphere(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(CONCAT('point(', #{centerLongitude}, ' ', #{centerLatitude}, ')'))) < #{radius}");
if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@@ -805,30 +787,25 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
StringBuilder geomTextBuilder = new StringBuilder();
geomTextBuilder.append("POLYGON((");
StringBuilder geomSql = new StringBuilder("CONCAT('POLYGON(('");
List<Point> pointList = (List<Point>)params.get("pointList");
for (int i = 0; i < pointList.size(); i++) {
if (i > 0) {
geomTextBuilder.append(", ");
geomSql.append(", #{pointList[").append(i).append("].lng}, ' ', #{pointList[").append(i).append("].lat}");
if (i < pointList.size() - 1) {
geomSql.append(", ', '");
}
Point point = pointList.get(i);
geomTextBuilder.append(point.getLng()).append(" ").append(point.getLat());
}
geomTextBuilder.append("))");
sqlBuild.append("AND ST_Within(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("'))");
geomSql.append(", '))')");
sqlBuild.append("AND ST_Within(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(").append(geomSql).append("))");
if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@@ -843,30 +820,25 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true;
for (CameraGroup group : groupList) {
if (!first) {
for (int i = 0; i < groupList.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append("'" + group.getDeviceId() + "'");
first = false;
sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
}
sqlBuild.append(" )");
StringBuilder geomTextBuilder = new StringBuilder();
geomTextBuilder.append("POLYGON((");
StringBuilder geomSql = new StringBuilder("CONCAT('POLYGON(('");
List<Point> pointList = (List<Point>)params.get("pointList");
for (int i = 0; i < pointList.size(); i++) {
if (i > 0) {
geomTextBuilder.append(", ");
geomSql.append(", #{pointList[").append(i).append("].lng}, ' ', #{pointList[").append(i).append("].lat}");
if (i < pointList.size() - 1) {
geomSql.append(", ', '");
}
Point point = pointList.get(i);
geomTextBuilder.append(point.getLng()).append(" ").append(point.getLat());
}
geomTextBuilder.append("))");
sqlBuild.append("AND ST_Within(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("'))");
geomSql.append(", '))')");
sqlBuild.append("AND ST_Within(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(").append(geomSql).append("))");
if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");

8
src/main/java/com/genersoft/iot/vmp/gb28181/dao/provider/DeviceChannelProvider.java
View File

@@ -104,13 +104,11 @@ public class DeviceChannelProvider {
List<String> channelIds = (List<String>)params.get("channelIds");
if (channelIds != null && !channelIds.isEmpty()) {
sqlBuild.append(" AND dc.device_id in (");
boolean first = true;
for (String id : channelIds) {
if (!first) {
for (int i = 0; i < channelIds.size(); i++) {
if (i > 0) {
sqlBuild.append(",");
}
sqlBuild.append(id);
first = false;
sqlBuild.append("#{channelIds[").append(i).append("]}");
}
sqlBuild.append(" )");
}

4
src/main/java/com/genersoft/iot/vmp/jt1078/dao/provider/JTChannelProvider.java
View File

@@ -27,9 +27,7 @@ public class JTChannelProvider {
sqlBuild.append(BASE_SQL);
sqlBuild.append(" WHERE jc.terminal_db_id = #{terminalDbId} ");
if (params.get("query") != null) {
sqlBuild.append(" AND ")
.append(" jc.name LIKE ").append("'%").append(params.get("query")).append("%'")
;
sqlBuild.append(" AND jc.name LIKE concat('%',#{query},'%')");
}
sqlBuild.append(" ORDER BY jc.channel_id ");
return sqlBuild.toString();

21
src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java
View File

@@ -19,7 +19,7 @@ public class StreamProxyProvider {
}
public String select(Map<String, Object> params ){
return getBaseSelectSql() + " WHERE st.id = " + params.get("id");
return getBaseSelectSql() + " WHERE st.id = #{id}";
}
public String selectForPushingInMediaServer(Map<String, Object> params ){
@@ -27,8 +27,7 @@ public class StreamProxyProvider {
}
public String selectOneByAppAndStream(Map<String, Object> params ){
return getBaseSelectSql() + String.format(" WHERE st.app='%s' AND st.stream='%s' order by st.create_time desc",
params.get("app"), params.get("stream"));
return getBaseSelectSql() + " WHERE st.app=#{app} AND st.stream=#{stream} order by st.create_time desc";
}
public String selectAll(Map<String, Object> params ){
@@ -36,15 +35,11 @@ public class StreamProxyProvider {
sqlBuild.append(getBaseSelectSql());
sqlBuild.append(" WHERE 1=1 ");
if (params.get("query") != null) {
sqlBuild.append(" AND ")
.append(" (")
.append(" st.app LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
.append(" OR")
.append(" st.stream LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
.append(" OR")
.append(" wdc.gb_device_id LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
.append(" OR")
.append(" wdc.gb_name LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
sqlBuild.append(" AND (")
.append(" st.app LIKE concat('%',#{query},'%') escape '/'")
.append(" OR st.stream LIKE concat('%',#{query},'%') escape '/'")
.append(" OR wdc.gb_device_id LIKE concat('%',#{query},'%') escape '/'")
.append(" OR wdc.gb_name LIKE concat('%',#{query},'%') escape '/'")
.append(" )")
;
}
@@ -57,7 +52,7 @@ public class StreamProxyProvider {
}
}
if (params.get("mediaServerId") != null) {
sqlBuild.append(" AND st.media_server_id='").append(params.get("mediaServerId")).append("'");
sqlBuild.append(" AND st.media_server_id=#{mediaServerId}");
}
sqlBuild.append(" order by st.create_time desc");
return sqlBuild.toString();