center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

feat: 删除不必要依赖 禁用alibaba-fastjson 重大安全漏洞

Browse Source
This commit is contained in:
fit2cloud-chenyw 2021-02-25 12:28:55 +08:00
parent 9085de668f
commit 38df90d341
5 changed files with 36 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
backend/pom.xml
View File

@ -13,10 +13,8 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<shiro.version>1.6.0</shiro.version>
<shiro.version>1.7.1</shiro.version>
<java.version>1.8</java.version>
<nacos.version>1.1.3</nacos.version>
<dubbo.version>2.7.8</dubbo.version>
<graalvm.version>20.1.0</graalvm.version>
</properties>
@ -80,6 +78,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>
<!-- flyway -->
<dependency>
@ -115,7 +117,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
<version>4.1</version>
<version>4.4</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
@ -127,11 +129,11 @@
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>
<!--<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.72</version>
</dependency>
</dependency>-->
<!-- openapi -->
<dependency>
@ -140,11 +142,7 @@
<version>1.2.32</version>
</dependency>
<dependency>
<groupId>org.python</groupId>
<artifactId>jython-standalone</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
@ -164,17 +162,7 @@
<version>19.7.0.0</version>
</dependency>
<!-- Zookeeper -->
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo</artifactId>
<version>${dubbo.version}</version>
</dependency>
<dependency>
<groupId>org.apache.zookeeper</groupId>
<artifactId>zookeeper</artifactId>
<version>3.4.14</version>
</dependency>
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-framework</artifactId>
@ -186,22 +174,7 @@
<version>4.0.1</version>
</dependency>
<!-- nacos -->
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-registry-nacos</artifactId>
<version>${dubbo.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-api</artifactId>
<version>${nacos.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba.nacos</groupId>
<artifactId>nacos-client</artifactId>
<version>${nacos.version}</version>
</dependency>
<!-- easyexcel -->
<dependency>
<groupId>com.alibaba</groupId>
@ -301,12 +274,7 @@
<artifactId>json</artifactId>
<version>20171018</version>
</dependency>
<!--钉钉sdk-->
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>alibaba-dingtalk-service-sdk</artifactId>
<version>1.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@ -319,7 +287,7 @@
<version>0.11.7</version>
</dependency>
<!-- k8s client -->
<dependency>
<!--<dependency>
<groupId>io.fabric8</groupId>
<artifactId>kubernetes-client</artifactId>
<version>4.13.0</version>
@ -328,7 +296,7 @@
<groupId>com.github.fge</groupId>
<artifactId>json-schema-validator</artifactId>
<version>2.2.6</version>
</dependency>
</dependency>-->
</dependencies>

2
backend/src/main/java/io/dataease/datasource/service/DatasourceService.java
View File

@ -6,7 +6,7 @@ import io.dataease.commons.exception.DEException;
import io.dataease.datasource.provider.DatasourceProvider;
import io.dataease.datasource.provider.ProviderFactory;
import io.dataease.datasource.request.DatasourceRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

6
backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java
View File

@ -1,19 +1,19 @@
package io.dataease.service.dataset;
import com.alibaba.nacos.common.util.UuidUtils;
import io.dataease.base.domain.DatasetGroup;
import io.dataease.base.domain.DatasetGroupExample;
import io.dataease.base.mapper.DatasetGroupMapper;
import io.dataease.commons.utils.BeanUtils;
import io.dataease.controller.request.dataset.DataSetGroupRequest;
import io.dataease.dto.dataset.DataSetGroupDTO;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
/**
@ -27,7 +27,7 @@ public class DataSetGroupService {
public DataSetGroupDTO save(DatasetGroup datasetGroup) {
if (StringUtils.isEmpty(datasetGroup.getId())) {
datasetGroup.setId(UuidUtils.generateUuid());
datasetGroup.setId(UUID.randomUUID().toString());
datasetGroup.setCreateTime(System.currentTimeMillis());
datasetGroupMapper.insert(datasetGroup);
} else {

4
backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java
View File

@ -1,6 +1,5 @@
package io.dataease.service.dataset;
import com.alibaba.nacos.common.util.UuidUtils;
import io.dataease.base.domain.DatasetTableField;
import io.dataease.base.domain.DatasetTableFieldExample;
import io.dataease.base.mapper.DatasetTableFieldMapper;
@ -10,6 +9,7 @@ import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
import java.util.UUID;
/**
* @Author gin
@ -28,7 +28,7 @@ public class DataSetTableFieldsService {
public DatasetTableField save(DatasetTableField datasetTableField) {
if (StringUtils.isEmpty(datasetTableField.getId())) {
datasetTableField.setId(UuidUtils.generateUuid());
datasetTableField.setId(UUID.randomUUID().toString());
datasetTableFieldMapper.insert(datasetTableField);
} else {
datasetTableFieldMapper.updateByPrimaryKey(datasetTableField);

26
backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java
View File

@ -1,8 +1,6 @@
package io.dataease.service.dataset;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.util.UuidUtils;
import com.google.gson.Gson;
import io.dataease.base.domain.DatasetTable;
import io.dataease.base.domain.DatasetTableExample;
@ -11,7 +9,6 @@ import io.dataease.base.domain.Datasource;
import io.dataease.base.mapper.DatasetTableMapper;
import io.dataease.base.mapper.DatasourceMapper;
import io.dataease.commons.utils.BeanUtils;
import io.dataease.commons.utils.SessionUtils;
import io.dataease.controller.request.dataset.DataSetTableRequest;
import io.dataease.datasource.constants.DatasourceTypes;
import io.dataease.datasource.dto.TableFiled;
@ -19,12 +16,9 @@ import io.dataease.datasource.provider.DatasourceProvider;
import io.dataease.datasource.provider.ProviderFactory;
import io.dataease.datasource.request.DatasourceRequest;
import io.dataease.dto.dataset.DataTableInfoDTO;
import jnr.ffi.Struct;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.python.apache.xerces.xs.StringList;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.text.MessageFormat;
import java.util.*;
@ -51,7 +45,7 @@ public class DataSetTableService {
public DatasetTable save(DatasetTable datasetTable) throws Exception {
if (StringUtils.isEmpty(datasetTable.getId())) {
datasetTable.setId(UuidUtils.generateUuid());
datasetTable.setId(UUID.randomUUID().toString());
datasetTable.setCreateTime(System.currentTimeMillis());
DataTableInfoDTO dataTableInfoDTO = new DataTableInfoDTO();
if (StringUtils.equalsIgnoreCase("db", datasetTable.getType())) {
@ -136,7 +130,8 @@ public class DataSetTableService {
} catch (Exception e) {
}
JSONArray jsonArray = new JSONArray();
/*JSONArray jsonArray = new JSONArray();
if (CollectionUtils.isNotEmpty(data)) {
data.forEach(ele -> {
JSONObject jsonObject = new JSONObject();
@ -145,8 +140,19 @@ public class DataSetTableService {
}
jsonArray.add(jsonObject);
});
}*/
List<Map<String, Object>> jsonArray = new ArrayList<>();
if (CollectionUtils.isNotEmpty(data)) {
jsonArray = data.stream().map(ele -> {
Map<String, Object> map = new HashMap<>();
for (int i = 0; i < ele.length; i++) {
map.put(fieldArray[i], ele[i]);
}
return map;
}).collect(Collectors.toList());
}
Map<String, Object> map = new HashMap<>();
map.put("fields", fields);
map.put("data", jsonArray);