1.处理防止sql注入问题

2.筛选条件value为数组的处理
3.处理了新建用户组描述允许为空

src/main/java/com/model/pojo/RepCode.java

@@ -15,7 +15,8 @@ public enum  RepCode {
     NoUser(-180, "用户名或密码错误"),
     NoAuthority(-503, "无此权限"),
     ToMach(1, "数据过大"),
-    UserIn(-504, "用户已存在");
+    UserIn(-504, "用户已存在"),
+    SqlWarn(-506, "只能使用查询语句");
 
     private int code;
     private String msg;

src/main/java/com/server/ChartsConfigService.java

@@ -216,7 +216,7 @@ public class ChartsConfigService {
     创建图表分组
      */
     public RepEntity setDataConnectorGroup(GroupInfo groupInfo){
-        if (groupInfo == null || "".equals(groupInfo)){
+        if (groupInfo == null){
             return new RepEntity(RepCode.Null);
         }
         chartsConfigMapper.setChartsGroup(groupInfo);

src/main/java/com/server/ImplementSqlService.java

@@ -26,7 +26,11 @@ public class ImplementSqlService {
     执行数据源
      */
     public RepEntity implementSql(ToSql toSql) {
-//        List<String> checkSql = java.util.Arrays.asList(toSql.getStrSql().split(" "));
+        List<String> checkSql = java.util.Arrays.asList(toSql.getStrSql().toLowerCase().split(" "));
+        if (checkSql.contains("update") || checkSql.contains("delete") || checkSql.contains("insert") ||
+                checkSql.contains("drop") || checkSql.contains("create") || checkSql.contains("comment")){
+            return new RepEntity(RepCode.SqlWarn);
+        }
         String sqlStr = "select * from (" + toSql.getStrSql() + ") where rownum <=1";
         System.out.println(sqlStr);
         if ("".equals(sqlStr) || sqlStr == null) {
@@ -54,49 +58,49 @@ public class ImplementSqlService {
      /*
     执行数据源test
      */
-     public RepEntity getColumnTest(ToSql toSql){
-         String sqlStr = toSql.getStrSql();
-         Connection conn = null;
-         try {
-             String url = "jdbc:oracle:thin:@218.17.158.219:1521/orcl";
-             String user = "UAS";
-             String pass = "select!#%*(";
-             conn = DriverManager.getConnection(url,user,pass);
-             String sql="select as_id from accidinsur";
-             PreparedStatement stmt;
-             stmt = conn.prepareStatement(sql);
-             System.out.println("...........");
-             ResultSet rs = stmt.executeQuery(sql);
-             System.out.println("1111111111");
-
-             ResultSetMetaData rsmd = rs.getMetaData();
-             String name = rsmd.getCatalogName(1);
-             int col = rsmd.getColumnCount();   //获得列的个数
-             System.out.println("num"+col);
-             System.out.println("name"+name);
-
-             ResultSetMetaData data = rs.getMetaData();
-             while (rs.next()) {
-                 for (int i = 1; i <= data.getColumnCount(); i++) {
-                     //获得所有列的数目及实际列数
-                     int columnCount = data.getColumnCount();
-                     System.out.println("数:"+columnCount);
-                     // 获得指定列的列名
-                     String columnName = data.getColumnName(i);
-                     System.out.println("ming:"+columnName);
-                     //获得指定列的列值
-                     String columnValue = rs.getString(i);
-                     System.out.println("value"+columnValue);
-                     //获得指定列的数据类型
-                     int columnType = data.getColumnType(i);
-                     System.out.println("type"+columnType);
-                 }
-             }
-         }catch (SQLException e){
-
-         }
-                     return new RepEntity(RepCode.success);
-     }
+//     public RepEntity getColumnTest(ToSql toSql){
+//         String sqlStr = toSql.getStrSql();
+//         Connection conn = null;
+//         try {
+//             String url = "jdbc:oracle:thin:@218.17.158.219:1521/orcl";
+//             String user = "UAS";
+//             String pass = "select!#%*(";
+//             conn = DriverManager.getConnection(url,user,pass);
+//             String sql="select as_id from accidinsur";
+//             PreparedStatement stmt;
+//             stmt = conn.prepareStatement(sql);
+//             System.out.println("...........");
+//             ResultSet rs = stmt.executeQuery(sql);
+//             System.out.println("1111111111");
+//
+//             ResultSetMetaData rsmd = rs.getMetaData();
+//             String name = rsmd.getCatalogName(1);
+//             int col = rsmd.getColumnCount();   //获得列的个数
+//             System.out.println("num"+col);
+//             System.out.println("name"+name);
+//
+//             ResultSetMetaData data = rs.getMetaData();
+//             while (rs.next()) {
+//                 for (int i = 1; i <= data.getColumnCount(); i++) {
+//                     //获得所有列的数目及实际列数
+//                     int columnCount = data.getColumnCount();
+//                     System.out.println("数:"+columnCount);
+//                     // 获得指定列的列名
+//                     String columnName = data.getColumnName(i);
+//                     System.out.println("ming:"+columnName);
+//                     //获得指定列的列值
+//                     String columnValue = rs.getString(i);
+//                     System.out.println("value"+columnValue);
+//                     //获得指定列的数据类型
+//                     int columnType = data.getColumnType(i);
+//                     System.out.println("type"+columnType);
+//                 }
+//             }
+//         }catch (SQLException e){
+//
+//         }
+//                     return new RepEntity(RepCode.success);
+//     }
 
     /*
     判断列类型

src/main/java/com/server/UserService.java

@@ -82,6 +82,9 @@ public class UserService {
     public RepEntity createUserGroup(UserGroupInfo userGroupInfo){
         UserGroup userGroup = new UserGroup();
         BeanUtils.copyProperties(userGroupInfo,userGroup);
+        if (userGroup.getUserGroupNote() == null){
+            userGroup.setUserGroupNote("");
+        }
         userMapper.insUserGroup(userGroup);
         return new RepEntity(RepCode.success, userGroup.getId());
     }

src/main/java/com/util/ScreenUtil.java

@@ -1,9 +1,14 @@
 package com.util;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.type.CollectionType;
 import com.model.bo.Screen;
 import com.model.bo.ScreenStr;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import java.io.IOException;
+import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
@@ -12,6 +17,8 @@ import java.util.List;
  */
 @Component
 public class ScreenUtil {
+    @Autowired
+    ObjectMapper objectMapper;
     public ScreenStr screensUtil(List<Screen> screenList, String xColumn, String xColumnType){
         //返回值
         ScreenStr screenStr = new ScreenStr();
@@ -31,7 +38,7 @@ public class ScreenUtil {
             String value = screen.getValue();
 
             if (columnType != "time" && !("time".equals(columnType))){
-                String symbVal = getSymbAndVal(symbol, value);
+                String symbVal = getSymbAndVal(symbol, value, columnType);
                 if (xColumn.equals(columnName)){
                     withColumnRet = ret + " and " + columnName + " " + symbVal;
                 }else {
@@ -52,13 +59,21 @@ public class ScreenUtil {
         screenStr.setWithColumnRet(withColumnRet);
         return screenStr;
     }
-    public String getSymbAndVal(String symbol, String value){
+    public String getSymbAndVal(String symbol, String value, String columnType){
         String values = "" + value;
         String tar = "";
         if ("contain".equals(symbol)){
-            tar = "like '%" + values + "%'";
+            if ("categorical".equals(columnType)) {
+                tar = "in " + getContainsCate(value);
+            }else {
+                tar = "like '%" + values + "%'";
+            }
         }else if("notContain".equals(symbol)){
-            tar = "not like '%" + values + "%'";
+            if ("categorical".equals(columnType)) {
+                tar = "not in " + getContainsCate(value);
+            }else {
+                tar = "not like '%" + values + "%'";
+            }
         }else if("startsWith".equals(symbol)){
             tar = "like '" + values + "%'";
         }else if("endsWith".equals(symbol)){
@@ -76,6 +91,7 @@ public class ScreenUtil {
         } else {
             tar = symbol + " '" + values + "'";
         }
+        System.out.println("tar:" + tar);
         return tar;
     }
 
@@ -114,4 +130,25 @@ public class ScreenUtil {
         }
         return tar;
     }
+
+    public String getContainsCate(String value){
+        System.out.println("走这里了吗");
+        List<String> val = new ArrayList<>();
+        CollectionType javaType = objectMapper.getTypeFactory().constructCollectionType(ArrayList.class, String.class);
+        try {
+            val =  objectMapper.readValue(value, javaType);   //这里不需要强制转换
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+        String valueString = "";
+        Iterator isList = val.iterator();
+        while (isList.hasNext()){
+            String v = String.valueOf(isList.next());
+            System.out.println("v"+v);
+            valueString = valueString + ", '" + v + "'";
+        }
+        valueString = valueString.replaceFirst(",", "(") + ")";
+        return valueString;
+    }
 }