From 1e1dcec5ea1c41c7cfa15c5c7f1e4165903c3e15 Mon Sep 17 00:00:00 2001
From: huangfeng <huangfeng@xinyingpower.com>
Date: Thu, 11 Jan 2024 16:13:11 +0800
Subject: [PATCH] =?UTF-8?q?pert:=20=E5=A2=9E=E5=8A=A0=E6=8F=8F=E8=BF=B0?=
 =?UTF-8?q?=E5=AD=97=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sql/init.sql                                  |  2 +
 .../com/xydl/cac/entity/IcdConfigType.java    |  7 +-
 .../com/xydl/cac/entity/IcdConfigTypeAtt.java |  4 ++
 .../java/com/xydl/cac/util/IcdXmlUtil.java    | 14 ++--
 .../java/com/xydl/cac/util/SqlEscapeUtil.java | 66 +++++++++++++++++++
 5 files changed, 87 insertions(+), 6 deletions(-)
 create mode 100644 src/main/java/com/xydl/cac/util/SqlEscapeUtil.java

diff --git a/sql/init.sql b/sql/init.sql
index 4d9c055..6f644c7 100644
--- a/sql/init.sql
+++ b/sql/init.sql
@@ -3,6 +3,7 @@ CREATE TABLE `icd_config_type` (
   `ied_name` varchar(45) NOT NULL COMMENT 'IED名称',
   `ldevice_inst` varchar(45) NOT NULL COMMENT '设备类型',
   `ln_class` varchar(45) NOT NULL COMMENT 'LN类型',
+  `ln_desc` varchar(200) DEFAULT NULL,
   `table_name` varchar(45) DEFAULT NULL COMMENT '表名',
   PRIMARY KEY (`id`),
   KEY `idxKey` (`ied_name`,`ldevice_inst`,`ln_class`)
@@ -12,6 +13,7 @@ CREATE TABLE `icd_config_type_att` (
   `icd_config_type_id` int(11) NOT NULL COMMENT '配置类型表id',
   `do_name` varchar(45) NOT NULL COMMENT '属性',
   `param` varchar(200) DEFAULT NULL COMMENT '参数',
+  `description` varchar(200) DEFAULT NULL COMMENT '备注',
   `col_name` varchar(45) DEFAULT NULL COMMENT '字段名',
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='ICD配置类型属性表';
diff --git a/src/main/java/com/xydl/cac/entity/IcdConfigType.java b/src/main/java/com/xydl/cac/entity/IcdConfigType.java
index f37cfe9..d8ef1f0 100644
--- a/src/main/java/com/xydl/cac/entity/IcdConfigType.java
+++ b/src/main/java/com/xydl/cac/entity/IcdConfigType.java
@@ -37,6 +37,10 @@ public class IcdConfigType {
     @Column(name = "ln_class")
     private String lnClass;
 
+    @ApiModelProperty(name = "LN类型备注")
+    @Column(name = "ln_desc")
+    private String lnDesc;
+
     @ApiModelProperty(name = "表名")
     @Column(name = "table_name")
     private String tableName;
@@ -51,13 +55,14 @@ public class IcdConfigType {
     @Transient
     private List<IcdConfigTypeInst> instList;
 
-    public void addAtt(String doName, String param) {
+    public void addAtt(String doName, String desc, String param) {
         if (attMap == null) {
             attMap = new LinkedHashMap<>();
         }
         if (!attMap.containsKey(doName)) {
             IcdConfigTypeAtt item = IcdConfigTypeAtt.builder()
                     .doName(doName)
+                    .description(desc)
                     .param(param)
                     .build();
             attMap.put(doName, item);
diff --git a/src/main/java/com/xydl/cac/entity/IcdConfigTypeAtt.java b/src/main/java/com/xydl/cac/entity/IcdConfigTypeAtt.java
index 8de6939..36f79f3 100644
--- a/src/main/java/com/xydl/cac/entity/IcdConfigTypeAtt.java
+++ b/src/main/java/com/xydl/cac/entity/IcdConfigTypeAtt.java
@@ -37,6 +37,10 @@ public class IcdConfigTypeAtt {
     @Column(name = "param")
     private String param;
 
+    @ApiModelProperty(name = "备注")
+    @Column(name = "description")
+    private String description;
+
     @ApiModelProperty(name = "字段名")
     @Column(name = "col_name")
     private String colName;
diff --git a/src/main/java/com/xydl/cac/util/IcdXmlUtil.java b/src/main/java/com/xydl/cac/util/IcdXmlUtil.java
index 25fa5dc..4e71312 100644
--- a/src/main/java/com/xydl/cac/util/IcdXmlUtil.java
+++ b/src/main/java/com/xydl/cac/util/IcdXmlUtil.java
@@ -60,8 +60,11 @@ public class IcdXmlUtil {
 
             JsonNode lnNode = mapLN.get(lnClass + lnInst);
             String lnType = lnNode.get("lnType").asText();
+            String lnDesc = lnNode.get("desc").asText();
             JsonNode nodeLNodeType = mapLNodeType.get(lnType);
-            String doType = findLNodeType_DO_Type(nodeLNodeType, doName);
+            JsonNode nodeDO = findLNodeType_DO_Node(nodeLNodeType, doName);
+            String doType = nodeDO.get("type").asText();
+            String doDesc = nodeDO.get("desc").asText();
             JsonNode nodeDOType = mapDOType.get(doType);
             String lastname = findLastname(nodeDOType, fc, mapDAType);
 
@@ -73,12 +76,13 @@ public class IcdXmlUtil {
                             .iedName(iedName)
                             .ldeviceInst(ldeviceInst)
                             .lnClass(lnClass)
+                            .lnDesc(lnDesc)
                             .build();
                     result.put(key, config);
                 }
                 String param = fc + "$" + doName + "$" + lastname;
                 config.addInst(lnInst);
-                config.addAtt(doName, param);
+                config.addAtt(doName, doDesc, param);
             } else if ("ST".equals(fc)) {
 //                IcdConfigType config = result.get(key);
 //                if (config == null) {
@@ -137,13 +141,13 @@ public class IcdXmlUtil {
         return map;
     }
 
-    private static String findLNodeType_DO_Type(JsonNode lnNode, String doName) {
-        String result = "";
+    private static JsonNode findLNodeType_DO_Node(JsonNode lnNode, String doName) {
+        JsonNode result = null;
         List<JsonNode> doiList = findNodes(lnNode, "DO");
         for (JsonNode doiNode : doiList) {
             String doiName = doiNode.get("name").asText();
             if (doiName.equals(doName)) {
-                result = doiNode.get("type").asText();
+                result = doiNode;
                 break;
             }
         }
diff --git a/src/main/java/com/xydl/cac/util/SqlEscapeUtil.java b/src/main/java/com/xydl/cac/util/SqlEscapeUtil.java
new file mode 100644
index 0000000..8cde45a
--- /dev/null
+++ b/src/main/java/com/xydl/cac/util/SqlEscapeUtil.java
@@ -0,0 +1,66 @@
+package com.xydl.cac.util;
+
+import com.querydsl.core.types.dsl.BooleanExpression;
+import com.querydsl.core.types.dsl.StringPath;
+import org.apache.commons.lang3.StringUtils;
+
+
+public class SqlEscapeUtil {
+    /**
+     * 转义字符
+     **/
+    public static final char ESCAPE = '!';
+
+    /**
+     * 转义方法
+     *
+     * @param param 待转义字符串
+     * @return String
+     */
+    public static String escape(String param) {
+        if (StringUtils.isNotEmpty(param)) {
+            String temp = param.replaceAll("/", ESCAPE + "/");
+            temp = temp.replaceAll("%", ESCAPE + "%");
+            temp = temp.replaceAll("_", ESCAPE + "_");
+            temp = temp.replaceAll("'", "''");
+            return temp.trim();
+        }
+        return "";
+    }
+
+    /**
+     * 转义方法
+     *
+     * @param param 待转义字符串
+     * @return String
+     */
+    public static BooleanExpression escape(StringPath path, String param) {
+        if (StringUtils.isNotEmpty(param)) {
+            String temp = param.replaceAll("!", ESCAPE + "!");
+            temp = temp.replaceAll("%", ESCAPE + "%");
+            temp = temp.replaceAll("_", ESCAPE + "_");
+            temp = temp.replaceAll("'", "\\'");
+            return path.like("%"+ temp.trim() +"%", ESCAPE);
+        }
+        return null;
+    }
+
+
+    public static boolean sqlValidate(String str) {
+        if (StringUtils.isBlank(str)) {
+            return false;
+        }
+        str = str.toLowerCase();// 统一转为小写
+        String badStr = "'|exec|and|or|execute|insert|select|delete|update|drop|%|master|truncate|"
+                + "declare|sitename|net user|xp_cmdshell|like'|exec|execute|insert|create|drop|"
+                + "table|grant|use|group_concat|column_name|information_schema.columns|table_schema|"
+                + "select|delete|update|master|truncate|declare|-- |like|//|%";// 过滤掉的sql关键字，可以手动添加
+        String[] badStrs = badStr.split("\\|");
+        for (String s : badStrs) {
+            if (str.contains(s)) {
+                return true;
+            }
+        }
+        return false;
+    }
+}