public/RuoYi-Cloud-Plus
1
0
Fork 0
mirror of https://gitee.com/dromara/RuoYi-Cloud-Plus.git synced 2026-05-07 20:41:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix 修复 前端输入性CVE漏洞 禁止使用代码生成到本地路径

Browse Source
This commit is contained in:
疯狂的狮子Li
2026-05-06 15:39:11 +08:00
parent 33dde16a67
commit a6165ff2c8
4 changed files with 4 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ruoyi-modules/ruoyi-gen/src/main/java/org/dromara/gen/controller/GenController.java
View File

@@ -157,19 +157,6 @@ public class GenController extends BaseController {
genCode(response, data); genCode(response, data);
} }
/**
* 生成代码(自定义路径)
*
* @param tableId 表ID
*/
@SaCheckPermission("tool:gen:code")
@Log(title = "代码生成", businessType = BusinessType.GENCODE)
@GetMapping("/genCode/{tableId}")
public R<Void> genCode(@PathVariable("tableId") Long tableId) {
genTableService.generatorCode(tableId);
return R.ok();
}
/** /**
* 同步数据库 * 同步数据库
* *

4
ruoyi-modules/ruoyi-gen/src/main/java/org/dromara/gen/domain/GenTable.java
View File

@@ -101,12 +101,12 @@ public class GenTable extends BaseEntity {
private String functionAuthor; private String functionAuthor;
/** /**
* 生成代码方式0zip压缩包 1自定义路径 * 生成代码方式(固定为0zip压缩包
*/ */
private String genType; private String genType;
/** /**
* 生成路径(不填默认项目路径 * 生成路径(兼容历史字段
*/ */
@TableField(updateStrategy = FieldStrategy.NOT_EMPTY) @TableField(updateStrategy = FieldStrategy.NOT_EMPTY)
private String genPath; private String genPath;

52
ruoyi-modules/ruoyi-gen/src/main/java/org/dromara/gen/service/GenTableServiceImpl.java
View File

@@ -23,7 +23,6 @@ import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.core.utils.SpringUtils; import org.dromara.common.core.utils.SpringUtils;
import org.dromara.common.core.utils.StreamUtils; import org.dromara.common.core.utils.StreamUtils;
import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.core.utils.file.FileUtils;
import org.dromara.common.json.utils.JsonUtils; import org.dromara.common.json.utils.JsonUtils;
import org.dromara.common.mybatis.core.page.PageQuery; import org.dromara.common.mybatis.core.page.PageQuery;
import org.dromara.common.mybatis.core.page.TableDataInfo; import org.dromara.common.mybatis.core.page.TableDataInfo;
@@ -40,7 +39,6 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.StringWriter; import java.io.StringWriter;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@@ -222,6 +220,8 @@ public class GenTableServiceImpl implements IGenTableService {
@Transactional(rollbackFor = Exception.class) @Transactional(rollbackFor = Exception.class)
@Override @Override
public void updateGenTable(GenTable genTable) { public void updateGenTable(GenTable genTable) {
genTable.setGenType("0");
genTable.setGenPath("/");
String options = JsonUtils.toJsonString(genTable.getParams()); String options = JsonUtils.toJsonString(genTable.getParams());
genTable.setOptions(options); genTable.setOptions(options);
int row = baseMapper.updateById(genTable); int row = baseMapper.updateById(genTable);
@@ -357,40 +357,6 @@ public class GenTableServiceImpl implements IGenTableService {
return outputStream.toByteArray(); return outputStream.toByteArray();
} }
/**
* 生成代码(自定义路径)
*
* @param tableId 表名称
*/
@Override
public void generatorCode(Long tableId) {
// 查询表信息
GenTable table = baseMapper.selectGenTableById(tableId);
// 设置主键列信息
setPkColumn(table);
VelocityInitializer.initVelocity();
VelocityContext context = VelocityUtils.prepareContext(table);
// 获取模板列表
List<String> templates = VelocityUtils.getTemplateList(table.getTplCategory(), table.getDataName());
for (String template : templates) {
if (!StringUtils.containsAny(template, "sql.vm", "api.ts.vm", "types.ts.vm", "index.vue.vm", "index-tree.vue.vm")) {
// 渲染模板
StringWriter sw = new StringWriter();
Template tpl = Velocity.getTemplate(template, Constants.UTF8);
tpl.merge(context, sw);
try {
String path = getGenPath(table, template);
FileUtils.writeUtf8String(sw.toString(), path);
} catch (Exception e) {
throw new ServiceException("渲染模板失败,表名:" + table.getTableName());
}
}
}
}
/** /**
* 同步数据库 * 同步数据库
* *
@@ -560,19 +526,5 @@ public class GenTableServiceImpl implements IGenTableService {
} }
} }
/**
* 获取代码生成地址
*
* @param table 业务表信息
* @param template 模板文件路径
* @return 生成地址
*/
public static String getGenPath(GenTable table, String template) {
String genPath = table.getGenPath();
if (StringUtils.equals(genPath, "/")) {
return System.getProperty("user.dir") + File.separator + "src" + File.separator + VelocityUtils.getFileName(template, table);
}
return genPath + File.separator + VelocityUtils.getFileName(template, table);
}
} }

7
ruoyi-modules/ruoyi-gen/src/main/java/org/dromara/gen/service/IGenTableService.java
View File

@@ -110,13 +110,6 @@ public interface IGenTableService {
*/ */
byte[] downloadCode(Long tableId); byte[] downloadCode(Long tableId);
/**
* 生成代码(自定义路径)
*
* @param tableId 表名称
*/
void generatorCode(Long tableId);
/** /**
* 同步数据库 * 同步数据库
* *