feat: 删除不必要依赖 禁用alibaba-fastjson 重大安全漏洞

backend/pom.xml

@@ -13,10 +13,8 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <shiro.version>1.6.0</shiro.version>
+        <shiro.version>1.7.1</shiro.version>
         <java.version>1.8</java.version>
-        <nacos.version>1.1.3</nacos.version>
-        <dubbo.version>2.7.8</dubbo.version>
         <graalvm.version>20.1.0</graalvm.version>
     </properties>
 
@@ -80,6 +78,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-websocket</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+        </dependency>
 
         <!-- flyway -->
         <dependency>
@@ -115,7 +117,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
-            <version>4.1</version>
+            <version>4.4</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -127,11 +129,11 @@
             <artifactId>commons-codec</artifactId>
         </dependency>
 
-        <dependency>
+        <!--<dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
             <version>1.2.72</version>
-        </dependency>
+        </dependency>-->
 
         <!-- openapi -->
         <dependency>
@@ -140,11 +142,7 @@
             <version>1.2.32</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.python</groupId>
-            <artifactId>jython-standalone</artifactId>
-            <version>2.7.0</version>
-        </dependency>
+
 
         <dependency>
             <groupId>com.microsoft.sqlserver</groupId>
@@ -164,17 +162,7 @@
             <version>19.7.0.0</version>
         </dependency>
 
-        <!-- Zookeeper -->
-        <dependency>
-            <groupId>org.apache.dubbo</groupId>
-            <artifactId>dubbo</artifactId>
-            <version>${dubbo.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.zookeeper</groupId>
-            <artifactId>zookeeper</artifactId>
-            <version>3.4.14</version>
-        </dependency>
+
         <dependency>
             <groupId>org.apache.curator</groupId>
             <artifactId>curator-framework</artifactId>
@@ -186,22 +174,7 @@
             <version>4.0.1</version>
         </dependency>
 
-        <!-- nacos -->
-        <dependency>
-            <groupId>org.apache.dubbo</groupId>
-            <artifactId>dubbo-registry-nacos</artifactId>
-            <version>${dubbo.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.alibaba.nacos</groupId>
-            <artifactId>nacos-api</artifactId>
-            <version>${nacos.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.alibaba.nacos</groupId>
-            <artifactId>nacos-client</artifactId>
-            <version>${nacos.version}</version>
-        </dependency>
+
         <!-- easyexcel -->
         <dependency>
             <groupId>com.alibaba</groupId>
@@ -301,12 +274,7 @@
             <artifactId>json</artifactId>
             <version>20171018</version>
         </dependency>
-        <!--钉钉sdk-->
-        <dependency>
-            <groupId>com.aliyun</groupId>
-            <artifactId>alibaba-dingtalk-service-sdk</artifactId>
-            <version>1.0.1</version>
-        </dependency>
+
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
@@ -319,7 +287,7 @@
             <version>0.11.7</version>
         </dependency>
         <!-- k8s client -->
-        <dependency>
+        <!--<dependency>
             <groupId>io.fabric8</groupId>
             <artifactId>kubernetes-client</artifactId>
             <version>4.13.0</version>
@@ -328,7 +296,7 @@
             <groupId>com.github.fge</groupId>
             <artifactId>json-schema-validator</artifactId>
             <version>2.2.6</version>
-        </dependency>
+        </dependency>-->
 
     </dependencies>
 

backend/src/main/java/io/dataease/datasource/service/DatasourceService.java

@@ -6,7 +6,7 @@ import io.dataease.commons.exception.DEException;
 import io.dataease.datasource.provider.DatasourceProvider;
 import io.dataease.datasource.provider.ProviderFactory;
 import io.dataease.datasource.request.DatasourceRequest;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

backend/src/main/java/io/dataease/service/dataset/DataSetGroupService.java

 package io.dataease.service.dataset;
 
-import com.alibaba.nacos.common.util.UuidUtils;
 import io.dataease.base.domain.DatasetGroup;
 import io.dataease.base.domain.DatasetGroupExample;
 import io.dataease.base.mapper.DatasetGroupMapper;
 import io.dataease.commons.utils.BeanUtils;
 import io.dataease.controller.request.dataset.DataSetGroupRequest;
 import io.dataease.dto.dataset.DataSetGroupDTO;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.UUID;
 import java.util.stream.Collectors;
 
 /**
@@ -27,7 +27,7 @@ public class DataSetGroupService {
 
     public DataSetGroupDTO save(DatasetGroup datasetGroup) {
         if (StringUtils.isEmpty(datasetGroup.getId())) {
-            datasetGroup.setId(UuidUtils.generateUuid());
+            datasetGroup.setId(UUID.randomUUID().toString());
             datasetGroup.setCreateTime(System.currentTimeMillis());
             datasetGroupMapper.insert(datasetGroup);
         } else {

backend/src/main/java/io/dataease/service/dataset/DataSetTableFieldsService.java

 package io.dataease.service.dataset;
 
-import com.alibaba.nacos.common.util.UuidUtils;
 import io.dataease.base.domain.DatasetTableField;
 import io.dataease.base.domain.DatasetTableFieldExample;
 import io.dataease.base.mapper.DatasetTableFieldMapper;
@@ -10,6 +9,7 @@ import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
 import java.util.List;
+import java.util.UUID;
 
 /**
  * @Author gin
@@ -28,7 +28,7 @@ public class DataSetTableFieldsService {
 
     public DatasetTableField save(DatasetTableField datasetTableField) {
         if (StringUtils.isEmpty(datasetTableField.getId())) {
-            datasetTableField.setId(UuidUtils.generateUuid());
+            datasetTableField.setId(UUID.randomUUID().toString());
             datasetTableFieldMapper.insert(datasetTableField);
         } else {
             datasetTableFieldMapper.updateByPrimaryKey(datasetTableField);

backend/src/main/java/io/dataease/service/dataset/DataSetTableService.java

 package io.dataease.service.dataset;
 
-import com.alibaba.fastjson.JSONArray;
-import com.alibaba.fastjson.JSONObject;
-import com.alibaba.nacos.common.util.UuidUtils;
+
 import com.google.gson.Gson;
 import io.dataease.base.domain.DatasetTable;
 import io.dataease.base.domain.DatasetTableExample;
@@ -11,7 +9,6 @@ import io.dataease.base.domain.Datasource;
 import io.dataease.base.mapper.DatasetTableMapper;
 import io.dataease.base.mapper.DatasourceMapper;
 import io.dataease.commons.utils.BeanUtils;
-import io.dataease.commons.utils.SessionUtils;
 import io.dataease.controller.request.dataset.DataSetTableRequest;
 import io.dataease.datasource.constants.DatasourceTypes;
 import io.dataease.datasource.dto.TableFiled;
@@ -19,12 +16,9 @@ import io.dataease.datasource.provider.DatasourceProvider;
 import io.dataease.datasource.provider.ProviderFactory;
 import io.dataease.datasource.request.DatasourceRequest;
 import io.dataease.dto.dataset.DataTableInfoDTO;
-import jnr.ffi.Struct;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.python.apache.xerces.xs.StringList;
 import org.springframework.stereotype.Service;
-
 import javax.annotation.Resource;
 import java.text.MessageFormat;
 import java.util.*;
@@ -51,7 +45,7 @@ public class DataSetTableService {
 
     public DatasetTable save(DatasetTable datasetTable) throws Exception {
         if (StringUtils.isEmpty(datasetTable.getId())) {
-            datasetTable.setId(UuidUtils.generateUuid());
+            datasetTable.setId(UUID.randomUUID().toString());
             datasetTable.setCreateTime(System.currentTimeMillis());
             DataTableInfoDTO dataTableInfoDTO = new DataTableInfoDTO();
             if (StringUtils.equalsIgnoreCase("db", datasetTable.getType())) {
@@ -136,7 +130,8 @@ public class DataSetTableService {
         } catch (Exception e) {
         }
 
-        JSONArray jsonArray = new JSONArray();
+
+        /*JSONArray jsonArray = new JSONArray();
         if (CollectionUtils.isNotEmpty(data)) {
             data.forEach(ele -> {
                 JSONObject jsonObject = new JSONObject();
@@ -145,8 +140,19 @@ public class DataSetTableService {
                 }
                 jsonArray.add(jsonObject);
             });
+        }*/
+        List<Map<String, Object>> jsonArray = new ArrayList<>();
+        if (CollectionUtils.isNotEmpty(data)) {
+            jsonArray = data.stream().map(ele -> {
+                Map<String, Object> map = new HashMap<>();
+                for (int i = 0; i < ele.length; i++) {
+                    map.put(fieldArray[i], ele[i]);
+                }
+                return map;
+            }).collect(Collectors.toList());
         }
 
+
         Map<String, Object> map = new HashMap<>();
         map.put("fields", fields);
         map.put("data", jsonArray);