From 0653e5887b34f4995ba6f5916d2cc0edb3aeed4c Mon Sep 17 00:00:00 2001
From: "review512jwy@163.com" <“review512jwy@163.com”>
Date: Mon, 17 Nov 2025 11:53:04 +0800
Subject: [PATCH] =?UTF-8?q?SQL=20injection=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../business/configurator/CrosXssFilter.java  |  4 +--
 .../business/entity/RedisAlarmDTO.java        |  2 ++
 .../service/impl/CommonServiceImpl.java       | 36 +++++++++++--------
 .../service/impl/DeviceServiceImpl.java       | 12 ++++---
 4 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
index de03fc9..7dbba2f 100644
--- a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
+++ b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
@@ -61,8 +61,8 @@ public class CrosXssFilter implements Filter {
                     httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
                     httpServletResponse.setHeader("Pragma", "no-cache");
                     httpServletResponse.setDateHeader("Expires", 0);
-                    
-                    httpServletResponse.setHeader("X-Frame-Options", "deny");
+
+                    httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
                     
                     String nonce = UUID.randomUUID().toString().replace("-", "").substring(0, 16); // 生成随机 nonce
                     httpServletResponse.setHeader("Content-Security-Policy",
diff --git a/data-center-business-model/src/main/java/com/techsor/datacenter/business/entity/RedisAlarmDTO.java b/data-center-business-model/src/main/java/com/techsor/datacenter/business/entity/RedisAlarmDTO.java
index 4055f69..f704358 100644
--- a/data-center-business-model/src/main/java/com/techsor/datacenter/business/entity/RedisAlarmDTO.java
+++ b/data-center-business-model/src/main/java/com/techsor/datacenter/business/entity/RedisAlarmDTO.java
@@ -13,6 +13,8 @@ import lombok.NoArgsConstructor;
 @AllArgsConstructor
 @NoArgsConstructor
 public class RedisAlarmDTO{
+
+	private String deviceId;
 	
 	@Schema(description ="roid接口返回的id",example = "1")
 	private Long problemReportId;
diff --git a/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/CommonServiceImpl.java b/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/CommonServiceImpl.java
index 89e58f5..34301e9 100644
--- a/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/CommonServiceImpl.java
+++ b/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/CommonServiceImpl.java
@@ -439,11 +439,13 @@ public class CommonServiceImpl implements CommonService {
 								DESUtil.decrypt(apikeyInfo.getAuroraPassword(), Constants.DES_SALT))) {
 
 							for (ApiDeviceInfoVO apiDeviceInfoVO : deviceInfos) {
-								String sql = " select rawData, receive_ts from rawData_realtime where deviceId = '" + apiDeviceInfoVO.getDeviceId() + "' limit 1" ;
-			                    logger.info("queryAssetInfo aurora sql:" + sql);
-			                    
-			                    try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-			                    	ResultSet retult = preparedStatement.executeQuery(sql);
+								String sql = "select rawData, receive_ts from rawData_realtime where deviceId = ? limit 1";
+								logger.info("queryAssetInfo aurora sql:" + sql);
+
+								try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
+									preparedStatement.setString(1, apiDeviceInfoVO.getDeviceId());
+
+									ResultSet retult = preparedStatement.executeQuery();
 			                    	
 			                    	while (retult.next()) {
 				                    	String rawData = retult.getString("rawData");
@@ -970,11 +972,13 @@ public class CommonServiceImpl implements CommonService {
 						for (ApiAlarmDeviceInfoVO apiAlarmDeviceInfoVO : deviceInfoVOs) {							
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName,alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel, alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
-							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName, alertTypeName from alertData where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
-		                    logger.info("queryAlarmDevice aurora sql:" + sql);
-		                    
-		                    try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		                    	ResultSet retult = preparedStatement.executeQuery(sql);
+							String sql = "select rawData, receive_ts, alertTitle, alertLevel, alertLevelName, alertTypeName from alertData where deviceId = ? order by receive_ts desc limit 1";
+							logger.info("queryAlarmDevice aurora sql:" + sql);
+
+							try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
+								preparedStatement.setString(1, apiAlarmDeviceInfoVO.getDeviceId());
+
+								ResultSet retult = preparedStatement.executeQuery();
 		                    	
 		                    	while (retult.next()) {
 			                    	String rawData = retult.getString("rawData");
@@ -2069,11 +2073,13 @@ public class CommonServiceImpl implements CommonService {
 						for (ApiCancelAlarmDeviceInfoVO apiCancelAlarmDeviceInfoVO : deviceInfoVOs) {							
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel,alertLevelName,alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
 //							String sql = " select rawData, receive_ts, alertTitle, alertLevel, alertTypeName from "+formatRawDataWithDate()+" where deviceId = '" + apiAlarmDeviceInfoVO.getDeviceId() + "' order by receive_ts desc limit 1" ;
-							String sql = " select rawData, receive_ts, alertCancelTitle, alertLevel,alertLevelName, alertTypeName from rawData_realtime where deviceId = '" + apiCancelAlarmDeviceInfoVO.getDeviceId() + "' limit 1" ;
-		                    logger.info("queryAlarmDevice aurora sql:" + sql);
-		                    
-		                    try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		                    	ResultSet retult = preparedStatement.executeQuery(sql);
+							String sql = "select rawData, receive_ts, alertCancelTitle, alertLevel, alertLevelName, alertTypeName from rawData_realtime where deviceId = ? limit 1";
+							logger.info("queryAlarmDevice aurora sql: " + sql);
+
+							try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
+								preparedStatement.setString(1, apiCancelAlarmDeviceInfoVO.getDeviceId());
+
+								ResultSet retult = preparedStatement.executeQuery();
 		                    	
 		                    	while (retult.next()) {
 			                    	String rawData = retult.getString("rawData");
diff --git a/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/DeviceServiceImpl.java b/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/DeviceServiceImpl.java
index db300af..75a4842 100644
--- a/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/DeviceServiceImpl.java
+++ b/data-center-business-service/src/main/java/com/techsor/datacenter/business/service/impl/DeviceServiceImpl.java
@@ -2434,11 +2434,13 @@ public class DeviceServiceImpl implements IDeviceService {
 				Class.forName("com.mysql.cj.jdbc.Driver");
 		        try (Connection conn = DriverManager.getConnection(MessageFormat.format(Constants.AURORA_URL_FORMAT, apikeyInfo.getAuroraUrl()), 
 		        		apikeyInfo.getAuroraUsername(), apikeyInfo.getAuroraPassword())) {
-		        	String sql = "select * from " + table + " where deviceId = '" + auroraDataParam.getDeviceId() +"' and " +
-							auroraDataParam.getStartTime() + " <= receive_ts and receive_ts <= " + auroraDataParam.getEndTime() + " order by receive_ts desc, hashId desc ";
-			        logger.info("getAuroraData sql:{}", sql);
-		            try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
-		            	ResultSet retult = preparedStatement.executeQuery(sql);
+                    String sql = "select * from " + table + " where deviceId = ? and ? <= receive_ts and receive_ts <= ? order by receive_ts desc, hashId desc ";
+                    logger.info("getAuroraData sql:{}", sql);
+                    try (PreparedStatement preparedStatement = conn.prepareStatement(sql)) {
+                        preparedStatement.setString(1, auroraDataParam.getDeviceId());  // 绑定 deviceId 参数
+                        preparedStatement.setLong(2, auroraDataParam.getStartTime());  // 绑定 startTime 参数
+                        preparedStatement.setLong(3, auroraDataParam.getEndTime());  // 绑定 endTime 参数
+                        ResultSet retult = preparedStatement.executeQuery();
 		            	
 		            	// 遍历结果集
 		                while (retult.next()) {