aunix/wvp-GB28181-pro
1
0
Fork 0
mirror of https://gitee.com/pan648540858/wvp-GB28181-pro.git synced 2026-05-25 14:37:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复sql注入漏洞 #2137

Browse Source
This commit is contained in:
lin 2026-05-06 10:44:34 +08:00
parent a86b144893
commit 0caf5a86e7
6 changed files with 60 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/genersoft/iot/vmp/gb28181/dao/DeviceChannelMapper.java
View File

@ -145,7 +145,7 @@ public interface DeviceChannelMapper {
" LEFT JOIN wvp_device de ON dc.data_device_id = de.id " + " LEFT JOIN wvp_device de ON dc.data_device_id = de.id " +
" WHERE dc.data_type = 1 " + " WHERE dc.data_type = 1 " +
" <if test='deviceId != null'> AND de.device_id = #{deviceId} </if> " + " <if test='deviceId != null'> AND de.device_id = #{deviceId} </if> " +
" <if test='query != null'> AND (dc.device_id LIKE '%${query}%' OR dc.name LIKE '%${query}%' OR dc.name LIKE '%${query}%')</if> " + " <if test='query != null'> AND (dc.device_id LIKE concat('%',#{query},'%') OR dc.name LIKE concat('%',#{query},'%') OR dc.name LIKE concat('%',#{query},'%'))</if> " +
" <if test='parentChannelId != null'> AND dc.parent_id=#{parentChannelId} </if> " + " <if test='parentChannelId != null'> AND dc.parent_id=#{parentChannelId} </if> " +
" <if test='online == true' > AND dc.status='ON'</if>" + " <if test='online == true' > AND dc.status='ON'</if>" +
" <if test='online == false' > AND dc.status='OFF'</if>" + " <if test='online == false' > AND dc.status='OFF'</if>" +

4
src/main/java/com/genersoft/iot/vmp/gb28181/dao/DeviceMapper.java
View File

@ -173,7 +173,7 @@ public interface DeviceMapper {
"media_server_id,"+ "media_server_id,"+
"(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " + "(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " +
"FROM wvp_device de" + "FROM wvp_device de" +
"<if test='online != null'> where de.on_line=${online}</if>"+ "<if test='online != null'> where de.on_line=#{online}</if>"+
" order by de.create_time desc "+ " order by de.create_time desc "+
" </script>" " </script>"
) )
@ -366,7 +366,7 @@ public interface DeviceMapper {
",(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " + ",(SELECT count(0) FROM wvp_device_channel dc WHERE dc.data_type = #{dataType} and dc.data_device_id= de.id) as channel_count " +
" FROM wvp_device de" + " FROM wvp_device de" +
" where 1 = 1 "+ " where 1 = 1 "+
" <if test='status != null'> AND de.on_line=${status}</if>"+ " <if test='status != null'> AND de.on_line=#{status}</if>"+
" <if test='query != null'> AND (" + " <if test='query != null'> AND (" +
" coalesce(custom_name, name) LIKE concat('%',#{query},'%') escape '/' " + " coalesce(custom_name, name) LIKE concat('%',#{query},'%') escape '/' " +
" OR device_id LIKE concat('%',#{query},'%') escape '/' " + " OR device_id LIKE concat('%',#{query},'%') escape '/' " +

118
src/main/java/com/genersoft/iot/vmp/gb28181/dao/provider/ChannelProvider.java
View File

@ -360,16 +360,15 @@ public class ChannelProvider {
sqlBuild.append("where channel_type = 0 and coalesce(gb_device_id, device_id) in ( "); sqlBuild.append("where channel_type = 0 and coalesce(gb_device_id, device_id) in ( ");
Collection<String> ids = (Collection<String>)params.get("deviceIds"); Collection<String> ids = (Collection<String>)params.get("deviceIds");
boolean first = true; int index = 0;
for (String id : ids) { for (String ignored : ids) {
if (!first) { if (index > 0) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'"); sqlBuild.append("#{deviceIds[").append(index).append("]}");
sqlBuild.append(id); index++;
sqlBuild.append("'");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
return sqlBuild.toString() ; return sqlBuild.toString() ;
} }
@ -445,13 +444,13 @@ public class ChannelProvider {
sqlBuild.append(" where channel_type = 0 and gb_parent_id in ( "); sqlBuild.append(" where channel_type = 0 and gb_parent_id in ( ");
Collection<Group> ids = (Collection<Group>)params.get("groupList"); Collection<Group> ids = (Collection<Group>)params.get("groupList");
boolean first = true; int index = 0;
for (Group group : ids) { for (Group group : ids) {
if (!first) { if (index > 0) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append(group.getDeviceId()); sqlBuild.append("#{groupList[").append(index).append("].deviceId}");
first = false; index++;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
@ -610,13 +609,11 @@ public class ChannelProvider {
List<Device> deviceList = (List<Device>)params.get("deviceList"); List<Device> deviceList = (List<Device>)params.get("deviceList");
if (deviceList != null && !deviceList.isEmpty()) { if (deviceList != null && !deviceList.isEmpty()) {
sqlBuild.append(" AND data_device_id in ("); sqlBuild.append(" AND data_device_id in (");
boolean first = true; for (int i = 0; i < deviceList.size(); i++) {
for (Device device : deviceList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + device.getId() + "'"); sqlBuild.append("#{deviceList[").append(i).append("].id}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
} }
@ -648,13 +645,11 @@ public class ChannelProvider {
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
if (groupList != null && !groupList.isEmpty()) { if (groupList != null && !groupList.isEmpty()) {
sqlBuild.append(" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); sqlBuild.append(" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
} }
@ -719,15 +714,12 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " + sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); " AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
@ -747,21 +739,16 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " + sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); " AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
String geomTextBuilder = "point(" + params.get("centerLongitude") + " " + params.get("centerLatitude") + ")"; sqlBuild.append("AND ST_Distance_Sphere(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(CONCAT('point(', #{centerLongitude}, ' ', #{centerLatitude}, ')'))) < #{radius}");
sqlBuild.append("AND ST_Distance_Sphere(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("')) < #{radius}");
if (params.get("level") != null) { if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )"); sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@ -776,21 +763,16 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " + sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); " AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
String geomTextBuilder = "point(" + params.get("centerLongitude") + " " + params.get("centerLatitude") + ")"; sqlBuild.append("AND ST_DistanceSphere(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(CONCAT('point(', #{centerLongitude}, ' ', #{centerLatitude}, ')'))) < #{radius}");
sqlBuild.append("AND ST_DistanceSphere(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("')) < #{radius}");
if (params.get("level") != null) { if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )"); sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@ -805,30 +787,25 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " + sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); " AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
StringBuilder geomTextBuilder = new StringBuilder(); StringBuilder geomSql = new StringBuilder("CONCAT('POLYGON(('");
geomTextBuilder.append("POLYGON((");
List<Point> pointList = (List<Point>)params.get("pointList"); List<Point> pointList = (List<Point>)params.get("pointList");
for (int i = 0; i < pointList.size(); i++) { for (int i = 0; i < pointList.size(); i++) {
if (i > 0) { geomSql.append(", #{pointList[").append(i).append("].lng}, ' ', #{pointList[").append(i).append("].lat}");
geomTextBuilder.append(", "); if (i < pointList.size() - 1) {
geomSql.append(", ', '");
} }
Point point = pointList.get(i);
geomTextBuilder.append(point.getLng()).append(" ").append(point.getLat());
} }
geomTextBuilder.append("))"); geomSql.append(", '))')");
sqlBuild.append("AND ST_Within(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("'))"); sqlBuild.append("AND ST_Within(point(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(").append(geomSql).append("))");
if (params.get("level") != null) { if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )"); sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");
@ -843,30 +820,25 @@ public class ChannelProvider {
sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " + sqlBuild.append(" where wdc.channel_type = 0 AND wdc.data_type != 2 AND (wdc.gb_ptz_type is null or ( wdc.gb_ptz_type != 98 AND wdc.gb_ptz_type != 99)) " +
" AND coalesce(wdc.gb_parent_id, wdc.parent_id) in ("); " AND coalesce(wdc.gb_parent_id, wdc.parent_id) in (");
sqlBuild.append(" ");
List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList"); List<CameraGroup> groupList = (List<CameraGroup>)params.get("groupList");
boolean first = true; for (int i = 0; i < groupList.size(); i++) {
for (CameraGroup group : groupList) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append("'" + group.getDeviceId() + "'"); sqlBuild.append("#{groupList[").append(i).append("].deviceId}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
StringBuilder geomTextBuilder = new StringBuilder(); StringBuilder geomSql = new StringBuilder("CONCAT('POLYGON(('");
geomTextBuilder.append("POLYGON((");
List<Point> pointList = (List<Point>)params.get("pointList"); List<Point> pointList = (List<Point>)params.get("pointList");
for (int i = 0; i < pointList.size(); i++) { for (int i = 0; i < pointList.size(); i++) {
if (i > 0) { geomSql.append(", #{pointList[").append(i).append("].lng}, ' ', #{pointList[").append(i).append("].lat}");
geomTextBuilder.append(", "); if (i < pointList.size() - 1) {
geomSql.append(", ', '");
} }
Point point = pointList.get(i);
geomTextBuilder.append(point.getLng()).append(" ").append(point.getLat());
} }
geomTextBuilder.append("))"); geomSql.append(", '))')");
sqlBuild.append("AND ST_Within(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText('").append(geomTextBuilder).append("'))"); sqlBuild.append("AND ST_Within(ST_MakePoint(coalesce(wdc.gb_longitude, wdc.longitude), coalesce(wdc.gb_latitude, wdc.latitude)), ST_GeomFromText(").append(geomSql).append("))");
if (params.get("level") != null) { if (params.get("level") != null) {
sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )"); sqlBuild.append(" AND ( map_level <= #{level} or map_level is null )");

8
src/main/java/com/genersoft/iot/vmp/gb28181/dao/provider/DeviceChannelProvider.java
View File

@ -104,13 +104,11 @@ public class DeviceChannelProvider {
List<String> channelIds = (List<String>)params.get("channelIds"); List<String> channelIds = (List<String>)params.get("channelIds");
if (channelIds != null && !channelIds.isEmpty()) { if (channelIds != null && !channelIds.isEmpty()) {
sqlBuild.append(" AND dc.device_id in ("); sqlBuild.append(" AND dc.device_id in (");
boolean first = true; for (int i = 0; i < channelIds.size(); i++) {
for (String id : channelIds) { if (i > 0) {
if (!first) {
sqlBuild.append(","); sqlBuild.append(",");
} }
sqlBuild.append(id); sqlBuild.append("#{channelIds[").append(i).append("]}");
first = false;
} }
sqlBuild.append(" )"); sqlBuild.append(" )");
} }

4
src/main/java/com/genersoft/iot/vmp/jt1078/dao/provider/JTChannelProvider.java
View File

@ -27,9 +27,7 @@ public class JTChannelProvider {
sqlBuild.append(BASE_SQL); sqlBuild.append(BASE_SQL);
sqlBuild.append(" WHERE jc.terminal_db_id = #{terminalDbId} "); sqlBuild.append(" WHERE jc.terminal_db_id = #{terminalDbId} ");
if (params.get("query") != null) { if (params.get("query") != null) {
sqlBuild.append(" AND ") sqlBuild.append(" AND jc.name LIKE concat('%',#{query},'%')");
.append(" jc.name LIKE ").append("'%").append(params.get("query")).append("%'")
;
} }
sqlBuild.append(" ORDER BY jc.channel_id "); sqlBuild.append(" ORDER BY jc.channel_id ");
return sqlBuild.toString(); return sqlBuild.toString();

21
src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java
View File

@ -19,7 +19,7 @@ public class StreamProxyProvider {
} }
public String select(Map<String, Object> params ){ public String select(Map<String, Object> params ){
return getBaseSelectSql() + " WHERE st.id = " + params.get("id"); return getBaseSelectSql() + " WHERE st.id = #{id}";
} }
public String selectForPushingInMediaServer(Map<String, Object> params ){ public String selectForPushingInMediaServer(Map<String, Object> params ){
@ -27,8 +27,7 @@ public class StreamProxyProvider {
} }
public String selectOneByAppAndStream(Map<String, Object> params ){ public String selectOneByAppAndStream(Map<String, Object> params ){
return getBaseSelectSql() + String.format(" WHERE st.app='%s' AND st.stream='%s' order by st.create_time desc", return getBaseSelectSql() + " WHERE st.app=#{app} AND st.stream=#{stream} order by st.create_time desc";
params.get("app"), params.get("stream"));
} }
public String selectAll(Map<String, Object> params ){ public String selectAll(Map<String, Object> params ){
@ -36,15 +35,11 @@ public class StreamProxyProvider {
sqlBuild.append(getBaseSelectSql()); sqlBuild.append(getBaseSelectSql());
sqlBuild.append(" WHERE 1=1 "); sqlBuild.append(" WHERE 1=1 ");
if (params.get("query") != null) { if (params.get("query") != null) {
sqlBuild.append(" AND ") sqlBuild.append(" AND (")
.append(" (") .append(" st.app LIKE concat('%',#{query},'%') escape '/'")
.append(" st.app LIKE ").append("'%").append(params.get("query")).append("%' escape '/'") .append(" OR st.stream LIKE concat('%',#{query},'%') escape '/'")
.append(" OR") .append(" OR wdc.gb_device_id LIKE concat('%',#{query},'%') escape '/'")
.append(" st.stream LIKE ").append("'%").append(params.get("query")).append("%' escape '/'") .append(" OR wdc.gb_name LIKE concat('%',#{query},'%') escape '/'")
.append(" OR")
.append(" wdc.gb_device_id LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
.append(" OR")
.append(" wdc.gb_name LIKE ").append("'%").append(params.get("query")).append("%' escape '/'")
.append(" )") .append(" )")
; ;
} }
@ -57,7 +52,7 @@ public class StreamProxyProvider {
} }
} }
if (params.get("mediaServerId") != null) { if (params.get("mediaServerId") != null) {
sqlBuild.append(" AND st.media_server_id='").append(params.get("mediaServerId")).append("'"); sqlBuild.append(" AND st.media_server_id=#{mediaServerId}");
} }
sqlBuild.append(" order by st.create_time desc"); sqlBuild.append(" order by st.create_time desc");
return sqlBuild.toString(); return sqlBuild.toString();