fix: SpotBugs扫描分析（四）：修复文件操作结果不可忽略、随机数生成使用SecureRandom类、BasicResultVO潜在反序列化问题

6 months ago · b0e49b89be
parent a486063b7f
commit b0e49b89be
4 changed files with 51 additions and 20 deletions
--- a/austin-common/src/main/java/com/java3y/austin/common/vo/BasicResultVO.java
+++ b/austin-common/src/main/java/com/java3y/austin/common/vo/BasicResultVO.java
@ -6,6 +6,8 @@ import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.ToString;
 import java.io.Serializable;
 /**
 * @author zzb
 * @since 2021.11.17
@ -15,7 +17,7 @@ import lombok.ToString;
@ToString(callSuper = true)
@AllArgsConstructor
@NoArgsConstructor
-public final class BasicResultVO<T> {
+public final class BasicResultVO<T> implements Serializable {
    /**
     * 响应状态
--- a/austin-handler/src/main/java/com/java3y/austin/handler/handler/impl/SmsHandler.java
+++ b/austin-handler/src/main/java/com/java3y/austin/handler/handler/impl/SmsHandler.java
@ -24,10 +24,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Component;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Random;
 /**
 * 短信发送处理
@ -44,6 +44,11 @@ public class SmsHandler extends BaseHandler{
    private static final Integer AUTO_FLOW_RULE = 0;
    private static final String FLOW_KEY = "msgTypeSmsConfig";
    private static final String FLOW_KEY_PREFIX = "message_type_";
    /**
     * 安全随机数，重用性能与随机数质量更高
     */
    private static final SecureRandom secureRandom = new SecureRandom();
    @Autowired
    private SmsRecordDao smsRecordDao;
    @Autowired
@ -99,7 +104,7 @@ public class SmsHandler extends BaseHandler{
        }
        // 生成一个随机数[1,total]，看落到哪个区间
-        int index = new Random().nextInt(total) + 1;
+        int index = secureRandom.nextInt(total) + 1;
        MessageTypeSmsConfig supplier = null;
        MessageTypeSmsConfig supplierBack = null;
--- a/austin-support/src/main/java/com/java3y/austin/support/utils/AustinFileUtils.java
+++ b/austin-support/src/main/java/com/java3y/austin/support/utils/AustinFileUtils.java
@ -33,7 +33,6 @@ public class AustinFileUtils {
     * @return
     */
    public static File getRemoteUrl2File(String path, String remoteUrl) {
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
@ -41,7 +40,11 @@ public class AustinFileUtils {
            File file = new File(path, url.getPath());
            inputStream = url.openStream();
            if (!file.exists()) {
-                file.getParentFile().mkdirs();
+                boolean res = file.getParentFile().mkdirs();
                if (!res) {
                    log.error("AustinFileUtils#getRemoteUrl2File Failed to create folder, path:{}, remoteUrl:{}", path, remoteUrl);
                    return null;
                }
                fileOutputStream = new FileOutputStream(file);
                IoUtil.copy(inputStream, fileOutputStream);
            }
@ -49,20 +52,8 @@ public class AustinFileUtils {
        } catch (Exception e) {
            log.error("AustinFileUtils#getRemoteUrl2File fail:{},remoteUrl:{}", Throwables.getStackTraceAsString(e), remoteUrl);
        } finally {
-            if (Objects.nonNull(inputStream)) {
+            closeQuietly(inputStream);
-                try {
+            closeQuietly(fileOutputStream);
                    inputStream.close();
                } catch (IOException e) {
                    log.error("close#inputStream fail:{}", Throwables.getStackTraceAsString(e));
                }
            }
            if (Objects.nonNull(fileOutputStream)) {
                try {
                    fileOutputStream.close();
                } catch (IOException e) {
                    log.error("close#fileOutputStream fail:{}", Throwables.getStackTraceAsString(e));
                }
            }
        }
        return null;
    }
@ -85,4 +76,33 @@ public class AustinFileUtils {
        return files;
    }
    /**
     * 关闭InputStream流
     *
     * @param inputStream
     */
    private static void closeQuietly(InputStream inputStream) {
        if (Objects.nonNull(inputStream)) {
            try {
                inputStream.close();
            } catch (IOException e) {
                log.error("close#inputStream fail:{}", Throwables.getStackTraceAsString(e));
            }
        }
    }
    /**
     * 关闭FileOutputStream流
     *
     * @param fileOutputStream
     */
    private static void closeQuietly(FileOutputStream fileOutputStream) {
        if (Objects.nonNull(fileOutputStream)) {
            try {
                fileOutputStream.close();
            } catch (IOException e) {
                log.error("close#fileOutputStream fail:{}", Throwables.getStackTraceAsString(e));
            }
        }
    }
 }
--- a/austin-web/src/main/java/com/java3y/austin/web/controller/MessageTemplateController.java
+++ b/austin-web/src/main/java/com/java3y/austin/web/controller/MessageTemplateController.java
@ -201,7 +201,11 @@ public class MessageTemplateController {
        try {
            File localFile = new File(filePath);
            if (!localFile.exists()) {
-                localFile.mkdirs();
+                boolean res = localFile.mkdirs();
                if (!res) {
                    log.error("MessageTemplateController#upload fail! Failed to create folder.");
                    throw new CommonException(RespStatusEnum.SERVICE_ERROR);
                }
            }
            file.transferTo(localFile);
        } catch (Exception e) {