Java代码审计5期优秀学员作业选登

admin 2022年11月30日12:44:36代码审计评论9 views30189字阅读100分37秒阅读模式

文章来源 | MS08067 Java代码审计5期作业

本文作者:River

作业1

Java代码审计5期优秀学员作业选登

需求1

增加的代码(BankCustomer.java)(注释中区分了为了解决此需求而增加的代码)

import java.text.SimpleDateFormat;
import java.util.Date;

public class BankCustomer extends BankCard implements PersonInter {
    private String username; //姓名
    private String address; //家庭住址
    private String ID; //身份证号

    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getAddress() {
        return address;
    }
    public void setAddress(String address) {
        this.address = address;
    }
    public String getID() {
        return ID;
    }
    public void setID(String ID) {
        this.ID = ID;
    }
    //存款业务
    @Override
    public void saveMoney(double money) {
        if (money > 0){
            this.balance = this.balance + money;
        }else {
            System.out.println("输入非法");
        }
    }
    //取款业务
    @Override
    public void getMoney(double money) {
        //River修改了此部分从而解决了第二个逻辑漏洞
        if(money > 0){  }
        else{
            System.out.println("输入非法");
            return;
        }

        //River增加了此部分从而解决第三个需求
        //获取当前时间并与上次记录的时间进行对比
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd");
        Date date = new Date();// 获取当前时间
        String nowDate = sdf.format(date);
        if(nowDate.equals(this.getRecordDate())){
            if(this.getTodayMoney() + money > 5000){
                System.out.println("超过今日(" + this.getRecordDate() + ")5000元取款上限");
                return;
            }
        }
        else{
            this.setRecordDate(nowDate);
        }

        //River修改了此部分解决了第一个逻辑漏洞
        /*
        if (money > 0){
            this.balance = this.balance - money;
        }else {
            System.out.println("余额不足");
        }*/

        if (this.balance - money > 0){
            this.balance = this.balance - money;
            this.setTodayMoney(this.getTodayMoney() + money);
        }else {
            System.out.println("余额不足");
        }
    }
    //查询余额业务
    @Override
    public double queryMoney() {
        return this.balance;
    }
    @Override
    public void getOhterInfo() {
    }
    @Override
    public void getYearIncome() {
    }
    @Override
    public String toString() {
        return "BankCustomer{" +
                "username='" + username + ''' +
                ", address='" + address + ''' +
                ", ID='" + ID + ''' +
                ", balance=" + balance +
                '}';
    }
}

Result

Java代码审计5期优秀学员作业选登

需求2

增加的代码(BankCustomer.java)(注释中区分了为了解决此需求而增加的代码)

import java.text.SimpleDateFormat;
import java.util.Date;

public class BankCustomer extends BankCard implements PersonInter {
    private String username; //姓名
    private String address; //家庭住址
    private String ID; //身份证号

    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getAddress() {
        return address;
    }
    public void setAddress(String address) {
        this.address = address;
    }
    public String getID() {
        return ID;
    }
    public void setID(String ID) {
        this.ID = ID;
    }
    //存款业务
    @Override
    public void saveMoney(double money) {
        if (money > 0){
            this.balance = this.balance + money;
        }else {
            System.out.println("输入非法");
        }
    }
    //取款业务
    @Override
    public void getMoney(double money) {
        //River修改了此部分从而解决了第二个逻辑漏洞
        if(money > 0){  }
        else{
            System.out.println("输入非法");
            return;
        }

        //River增加了此部分从而解决第三个需求
        //获取当前时间并与上次记录的时间进行对比
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd");
        Date date = new Date();// 获取当前时间
        String nowDate = sdf.format(date);
        if(nowDate.equals(this.getRecordDate())){
            if(this.getTodayMoney() + money > 5000){
                System.out.println("超过今日(" + this.getRecordDate() + ")5000元取款上限");
                return;
            }
        }
        else{
            this.setRecordDate(nowDate);
        }

        //River修改了此部分解决了第一个逻辑漏洞
        /*
        if (money > 0){
            this.balance = this.balance - money;
        }else {
            System.out.println("余额不足");
        }*/

        if (this.balance - money > 0){
            this.balance = this.balance - money;
            this.setTodayMoney(this.getTodayMoney() + money);
        }else {
            System.out.println("余额不足");
        }
    }
    //查询余额业务
    @Override
    public double queryMoney() {
        return this.balance;
    }
    @Override
    public void getOhterInfo() {
    }
    @Override
    public void getYearIncome() {
    }
    @Override
    public String toString() {
        return "BankCustomer{" +
                "username='" + username + ''' +
                ", address='" + address + ''' +
                ", ID='" + ID + ''' +
                ", balance=" + balance +
                '}';
    }
}

Result

  • 任意金额转账
Java代码审计5期优秀学员作业选登
  • 任意金额取款
Java代码审计5期优秀学员作业选登
Java代码审计5期优秀学员作业选登
  • 任意金额存款
Java代码审计5期优秀学员作业选登

需求3

增加的代码(BankCard.java)(注释中区分了为了解决此需求而增加的代码)

import java.util.Date;

public abstract class BankCard {
    private String cardId; //银行卡号
    private String cardType; //银行类类型(储蓄卡||信用卡)
    private String useDate; //使用起始日期
    double  balance; //余额

    //River增加了以下两个属性以解决第三个需求
    private double todayMoney;

    private String recordDate;

    public abstract void saveMoney(double money);//存款
    public abstract void getMoney(double money);//取款
    public abstract double queryMoney();//查询余额
    public String getCardId() {
        return cardId;
    }
    public void setCardId(String cardId) {
        this.cardId = cardId;
    }
    public String getCardType() {
        return cardType;
    }
    public void setCardType(String cardType) {
        this.cardType = cardType;
    }
    public String getUseDate() {
        return useDate;
    }
    public void setUseDate(String useDate) {
        this.useDate = useDate;
        this.recordDate = useDate;
    }
    public double getBalance() {
        return balance;
    }
    public void setBalance(double balance) {
        this.balance = balance;
    }

    public double getTodayMoney() {
        return todayMoney;
    }

    public void setTodayMoney(double todayMoney) {
        this.todayMoney = todayMoney;
    }

    public String getRecordDate() {
        return recordDate;
    }

    public void setRecordDate(String recordDate) {
        this.recordDate = recordDate;
    }
}
  • 增加的代码(BandServiceImpl.java)(注释中区分了为了解决此需求而增加的代码)
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Random;
import java.util.Scanner;
/**
 * 业务处理类
 */

public class BandServiceImpl implements BankServiceInter{
    //查询
    @Override
    public double queryMoney(BankCustomer bankCustomer) {
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
        System.out.println("操作成功");
        return bankCustomer.queryMoney();
    }
    //存款业务
    @Override
    public void saveMoney(BankCustomer bankCustomer, double money) {
        bankCustomer.saveMoney(money);
        System.out.println("操作成功");
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
    }
    //取款业务
    @Override
    public void getMoney(BankCustomer bankCustomer, double money) {
        bankCustomer.getMoney(money);
        System.out.println("操作成功");
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
    }
    //转账业务
    @Override
    public void transfer(BankCustomer bankCustomer,BankCustomer bankCustomer1,double money){
        if (money > bankCustomer.queryMoney()){
            System.out.println("余额不足");
        }else {
            bankCustomer.getMoney(money);
            bankCustomer1.saveMoney(money);
        }
    }
    //办理银行卡
    @Override
    public BankCustomer initBankInfo(){
        //创建用户和申请银行卡
        BankCustomer bankCustomer = new BankCustomer();
        Scanner scanner = new Scanner(System.in);
        System.out.println("请填写银行卡使用人真实姓名");
        String name = scanner.nextLine();
        bankCustomer.setUsername(name);
        System.out.println("请填写银行卡使用人家庭住址");
        String address = scanner.nextLine();
        bankCustomer.setAddress(address);
        System.out.println("请填写银行卡使用人身份证号");
        String ID = scanner.nextLine();
        bankCustomer.setID(ID);
        bankCustomer.setBalance(0);
        //生成银行卡号
        Random ran= new Random();
        boolean flag=true;
        while(flag) {
            int a = ran.nextInt(99999999);
            int b = ran.nextInt(99999999);
            long c = a * 100000000L + b;
            if (c > 1000000000000000L && c < 9999999999999999L) {
                flag = false;
                String num = String.valueOf(c);
                bankCustomer.setCardId(num);
            }
        }
        //计算银行卡生效日期
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd HH:mm:ss a");// a为am/pm的标记
        Date date = new Date();// 获取当前时间
        String useDate = sdf.format(date);
        //River修改了以下几行解决了第三个需求
        sdf.applyPattern("yyyy-MM-dd");
        String recordDate = sdf.format(date);
        bankCustomer.setUseDate(useDate);
        bankCustomer.setRecordDate(recordDate);
        bankCustomer.setTodayMoney(0);
        return bankCustomer;
    }
}
  • 增加的代码(BankCustomer.java)(注释中区分了为了解决此需求而增加的代码)
import java.text.SimpleDateFormat;
import java.util.Date;

public class BankCustomer extends BankCard implements PersonInter {
    private String username; //姓名
    private String address; //家庭住址
    private String ID; //身份证号

    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getAddress() {
        return address;
    }
    public void setAddress(String address) {
        this.address = address;
    }
    public String getID() {
        return ID;
    }
    public void setID(String ID) {
        this.ID = ID;
    }
    //存款业务
    @Override
    public void saveMoney(double money) {
        if (money > 0){
            this.balance = this.balance + money;
        }else {
            System.out.println("输入非法");
        }
    }
    //取款业务
    @Override
    public void getMoney(double money) {
        //River修改了此部分从而解决了第二个逻辑漏洞
        if(money > 0){  }
        else{
            System.out.println("输入非法");
            return;
        }

        //River增加了此部分从而解决第三个需求
        //获取当前时间并与上次记录的时间进行对比
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd");
        Date date = new Date();// 获取当前时间
        String nowDate = sdf.format(date);
        if(nowDate.equals(this.getRecordDate())){
            if(this.getTodayMoney() + money > 5000){
                System.out.println("超过今日(" + this.getRecordDate() + ")5000元取款上限");
                return;
            }
        }
        else{
            this.setRecordDate(nowDate);
        }

        //River修改了此部分解决了第一个逻辑漏洞
        /*
        if (money > 0){
            this.balance = this.balance - money;
        }else {
            System.out.println("余额不足");
        }*/

        if (this.balance - money > 0){
            this.balance = this.balance - money;
            this.setTodayMoney(this.getTodayMoney() + money);
        }else {
            System.out.println("余额不足");
        }
    }
    //查询余额业务
    @Override
    public double queryMoney() {
        return this.balance;
    }
    @Override
    public void getOhterInfo() {
    }
    @Override
    public void getYearIncome() {
    }
    @Override
    public String toString() {
        return "BankCustomer{" +
                "username='" + username + ''' +
                ", address='" + address + ''' +
                ", ID='" + ID + ''' +
                ", balance=" + balance +
                '}';
    }
}

Result

  • 取款5001元
Java代码审计5期优秀学员作业选登
  • 转账5001元
Java代码审计5期优秀学员作业选登
  • 取款5000元
Java代码审计5期优秀学员作业选登
  • 再取款1元
Java代码审计5期优秀学员作业选登

自己加的需求:修复了选中未创建账户导致程序奔溃的漏洞

  • 增加的代码(Test.java)(注释中区分了为了解决此需求而增加的代码)
import java.util.Scanner;
public class Test {
    static BankCustomer bankCustomers[] = new BankCustomer[2];
    static int count = 0;
    static boolean flag = true;
    public static void main(String[] args) {
        while (flag){
            useSystem(flag);
        }
    }
    public static void useSystem(boolean flag){
        System.out.println("请选择操作选项");
        System.out.println("1:开通银行卡");
        System.out.println("2: 查询");
        System.out.println("3:存款");
        System.out.println("4:取款");
        System.out.println("5:转账");
        System.out.println("6:退出系统");
        Scanner scanner = new Scanner(System.in);
        int result = scanner.nextInt();
        switch (result){
            case 1:  //开通银行卡
                applyBankCard();
                break;
            case 2:  //查询余额
                System.out.println("请选择需要查询余额银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type2 = scanner.nextInt();
                queryMoney(type2);
                break;
            case 3//存款
                System.out.println("请选择需要存款的银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type3 = scanner.nextInt();
                System.out.println("请输入存款金额");
                Double money3 = scanner.nextDouble();
                saveMoney(type3,money3);
                break;
            case 4//取款
                System.out.println("请选择需要取款的银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type4 = scanner.nextInt();
                System.out.println("请输入取款金额");
                Double money4 = scanner.nextDouble();
                getMoney(type4,money4);
                break;
            case 5//转账
                System.out.println("请选择转账来源用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type5 = scanner.nextInt();
                System.out.println("请选择转账目的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type6 = scanner.nextInt();
                System.out.println("请输入账号金额");
                double money6 = scanner.nextDouble();
                transfer(type5,type6,money6);
                break;
            case 6:
                flag = false;
        }
    }
    public static void applyBankCard(){
        BankServiceInter bandService = new BandServiceImpl();
        //1、模拟开通两张银行卡
        System.out.println("请输入A用户信息");
        bankCustomers[0] = bandService.initBankInfo();
        System.out.println("您已成功申请银行卡,详细信息如下:");
        System.out.println("银行卡激活日期:"+bankCustomers[0].getUseDate());
        System.out.println("用户姓名:"+bankCustomers[0].getUsername());
        System.out.println("家庭住址:"+bankCustomers[0].getAddress());
        System.out.println("当前余额:"+bankCustomers[0].getBalance());
        System.out.println("开卡身份证号码:"+bankCustomers[0].getID());
        System.out.println("请输入B用户信息");
        bankCustomers[1] = bandService.initBankInfo();
        System.out.println("您已成功申请银行卡,详细信息如下:");
        System.out.println("银行卡激活日期:"+bankCustomers[1].getUseDate());
        System.out.println("用户姓名:"+bankCustomers[1].getUsername());
        System.out.println("家庭住址:"+bankCustomers[1].getAddress());
        System.out.println("当前余额:"+bankCustomers[1].getBalance());
        System.out.println("开卡身份证号码:"+bankCustomers[1].getID());
    }
    public static void queryMoney(int type){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.queryMoney(bankCustomers[type]);
    }
    public static void getMoney(int type,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.getMoney(bankCustomers[type],money);
    }
    public static void saveMoney(int type,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.saveMoney(bankCustomers[type],money);
    }
    public static void transfer(int type1,int type2,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type1 > bankCustomers.length - 1 || type2 > bankCustomers.length || type1 < 0 || type2 < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.transfer(bankCustomers[type1],bankCustomers[type2],money);
    }
}

Result

  • 选择-1号用户
Java代码审计5期优秀学员作业选登
  • 选择3号用户
Java代码审计5期优秀学员作业选登

最终代码

Test.java

import java.util.Scanner;
public class Test {
    static BankCustomer bankCustomers[] = new BankCustomer[2];
    static int count = 0;
    static boolean flag = true;
    public static void main(String[] args) {
        while (flag){
            useSystem(flag);
        }
    }
    public static void useSystem(boolean flag){
        System.out.println("请选择操作选项");
        System.out.println("1:开通银行卡");
        System.out.println("2: 查询");
        System.out.println("3:存款");
        System.out.println("4:取款");
        System.out.println("5:转账");
        System.out.println("6:退出系统");
        Scanner scanner = new Scanner(System.in);
        int result = scanner.nextInt();
        switch (result){
            case 1:  //开通银行卡
                applyBankCard();
                break;
            case 2:  //查询余额
                System.out.println("请选择需要查询余额银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type2 = scanner.nextInt();
                queryMoney(type2);
                break;
            case 3//存款
                System.out.println("请选择需要存款的银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type3 = scanner.nextInt();
                System.out.println("请输入存款金额");
                Double money3 = scanner.nextDouble();
                saveMoney(type3,money3);
                break;
            case 4//取款
                System.out.println("请选择需要取款的银行卡的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type4 = scanner.nextInt();
                System.out.println("请输入取款金额");
                Double money4 = scanner.nextDouble();
                getMoney(type4,money4);
                break;
            case 5//转账
                System.out.println("请选择转账来源用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type5 = scanner.nextInt();
                System.out.println("请选择转账目的用户");
                for (int i = 0; i < bankCustomers.length; i++) {
                    System.out.println(String.valueOf(i)+":"+"姓名:"+bankCustomers[i].getUsername()+","+"卡号:"+bankCustomers[i].getCardId()+",余额:"+bankCustomers[i].getBalance()+"元");
                }
                int type6 = scanner.nextInt();
                System.out.println("请输入账号金额");
                double money6 = scanner.nextDouble();
                transfer(type5,type6,money6);
                break;
            case 6:
                flag = false;
        }
    }
    public static void applyBankCard(){
        BankServiceInter bandService = new BandServiceImpl();
        //1、模拟开通两张银行卡
        System.out.println("请输入A用户信息");
        bankCustomers[0] = bandService.initBankInfo();
        System.out.println("您已成功申请银行卡,详细信息如下:");
        System.out.println("银行卡激活日期:"+bankCustomers[0].getUseDate());
        System.out.println("用户姓名:"+bankCustomers[0].getUsername());
        System.out.println("家庭住址:"+bankCustomers[0].getAddress());
        System.out.println("当前余额:"+bankCustomers[0].getBalance());
        System.out.println("开卡身份证号码:"+bankCustomers[0].getID());
        System.out.println("请输入B用户信息");
        bankCustomers[1] = bandService.initBankInfo();
        System.out.println("您已成功申请银行卡,详细信息如下:");
        System.out.println("银行卡激活日期:"+bankCustomers[1].getUseDate());
        System.out.println("用户姓名:"+bankCustomers[1].getUsername());
        System.out.println("家庭住址:"+bankCustomers[1].getAddress());
        System.out.println("当前余额:"+bankCustomers[1].getBalance());
        System.out.println("开卡身份证号码:"+bankCustomers[1].getID());
    }
    public static void queryMoney(int type){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.queryMoney(bankCustomers[type]);
    }
    public static void getMoney(int type,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.getMoney(bankCustomers[type],money);
    }
    public static void saveMoney(int type,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type > bankCustomers.length - 1 || type < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.saveMoney(bankCustomers[type],money);
    }
    public static void transfer(int type1,int type2,double money){
        //River增加了此部分从而解决了选择不存在的用户的问题
        if(type1 > bankCustomers.length - 1 || type2 > bankCustomers.length || type1 < 0 || type2 < 0){
            System.out.println("用户不存在");
            return;
        }
        BankServiceInter bandService = new BandServiceImpl();
        bandService.transfer(bankCustomers[type1],bankCustomers[type2],money);
    }
}

BankCustomer.java

import java.text.SimpleDateFormat;
import java.util.Date;

public class BankCustomer extends BankCard implements PersonInter {
    private String username; //姓名
    private String address; //家庭住址
    private String ID; //身份证号

    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getAddress() {
        return address;
    }
    public void setAddress(String address) {
        this.address = address;
    }
    public String getID() {
        return ID;
    }
    public void setID(String ID) {
        this.ID = ID;
    }
    //存款业务
    @Override
    public void saveMoney(double money) {
        if (money > 0){
            this.balance = this.balance + money;
        }else {
            System.out.println("输入非法");
        }
    }
    //取款业务
    @Override
    public void getMoney(double money) {
        //River修改了此部分从而解决了第二个逻辑漏洞
        if(money > 0){  }
        else{
            System.out.println("输入非法");
            return;
        }

        //River增加了此部分从而解决第三个需求
        //获取当前时间并与上次记录的时间进行对比
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd");
        Date date = new Date();// 获取当前时间
        String nowDate = sdf.format(date);
        if(nowDate.equals(this.getRecordDate())){
            if(this.getTodayMoney() + money > 5000){
                System.out.println("超过今日(" + this.getRecordDate() + ")5000元取款上限");
                return;
            }
        }
        else{
            this.setRecordDate(nowDate);
        }

        //River修改了此部分解决了第一个逻辑漏洞
        /*
        if (money > 0){
            this.balance = this.balance - money;
        }else {
            System.out.println("余额不足");
        }*/

        if (this.balance - money > 0){
            this.balance = this.balance - money;
            this.setTodayMoney(this.getTodayMoney() + money);
        }else {
            System.out.println("余额不足");
        }
    }
    //查询余额业务
    @Override
    public double queryMoney() {
        return this.balance;
    }
    @Override
    public void getOhterInfo() {
    }
    @Override
    public void getYearIncome() {
    }
    @Override
    public String toString() {
        return "BankCustomer{" +
                "username='" + username + ''' +
                ", address='" + address + ''' +
                ", ID='" + ID + ''' +
                ", balance=" + balance +
                '}';
    }
}

BankCard.java

import java.util.Date;

public abstract class BankCard {
    private String cardId; //银行卡号
    private String cardType; //银行类类型(储蓄卡||信用卡)
    private String useDate; //使用起始日期
    double  balance; //余额

    //River增加了以下两个属性以解决第三个需求
    private double todayMoney;

    private String recordDate;

    public abstract void saveMoney(double money);//存款
    public abstract void getMoney(double money);//取款
    public abstract double queryMoney();//查询余额
    public String getCardId() {
        return cardId;
    }
    public void setCardId(String cardId) {
        this.cardId = cardId;
    }
    public String getCardType() {
        return cardType;
    }
    public void setCardType(String cardType) {
        this.cardType = cardType;
    }
    public String getUseDate() {
        return useDate;
    }
    public void setUseDate(String useDate) {
        this.useDate = useDate;
        this.recordDate = useDate;
    }
    public double getBalance() {
        return balance;
    }
    public void setBalance(double balance) {
        this.balance = balance;
    }

    public double getTodayMoney() {
        return todayMoney;
    }

    public void setTodayMoney(double todayMoney) {
        this.todayMoney = todayMoney;
    }

    public String getRecordDate() {
        return recordDate;
    }

    public void setRecordDate(String recordDate) {
        this.recordDate = recordDate;
    }
}

BandServiceImpl.java

import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Random;
import java.util.Scanner;
/**
 * 业务处理类
 */

public class BandServiceImpl implements BankServiceInter{
    //查询
    @Override
    public double queryMoney(BankCustomer bankCustomer) {
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
        System.out.println("操作成功");
        return bankCustomer.queryMoney();
    }
    //存款业务
    @Override
    public void saveMoney(BankCustomer bankCustomer, double money) {
        bankCustomer.saveMoney(money);
        System.out.println("操作成功");
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
    }
    //取款业务
    @Override
    public void getMoney(BankCustomer bankCustomer, double money) {
        bankCustomer.getMoney(money);
        System.out.println("操作成功");
        System.out.println(bankCustomer.getUsername()+"的"+"银行卡号:"+bankCustomer.getCardId()+"余额为:"+bankCustomer.getBalance()+"元");
    }
    //转账业务
    @Override
    public void transfer(BankCustomer bankCustomer,BankCustomer bankCustomer1,double money){
        if (money > bankCustomer.queryMoney()){
            System.out.println("余额不足");
        }else {
            bankCustomer.getMoney(money);
            bankCustomer1.saveMoney(money);
        }
    }
    //办理银行卡
    @Override
    public BankCustomer initBankInfo(){
        //创建用户和申请银行卡
        BankCustomer bankCustomer = new BankCustomer();
        Scanner scanner = new Scanner(System.in);
        System.out.println("请填写银行卡使用人真实姓名");
        String name = scanner.nextLine();
        bankCustomer.setUsername(name);
        System.out.println("请填写银行卡使用人家庭住址");
        String address = scanner.nextLine();
        bankCustomer.setAddress(address);
        System.out.println("请填写银行卡使用人身份证号");
        String ID = scanner.nextLine();
        bankCustomer.setID(ID);
        bankCustomer.setBalance(0);
        //生成银行卡号
        Random ran= new Random();
        boolean flag=true;
        while(flag) {
            int a = ran.nextInt(99999999);
            int b = ran.nextInt(99999999);
            long c = a * 100000000L + b;
            if (c > 1000000000000000L && c < 9999999999999999L) {
                flag = false;
                String num = String.valueOf(c);
                bankCustomer.setCardId(num);
            }
        }
        //计算银行卡生效日期
        SimpleDateFormat sdf = new SimpleDateFormat();// 格式化时间
        sdf.applyPattern("yyyy-MM-dd HH:mm:ss a");// a为am/pm的标记
        Date date = new Date();// 获取当前时间
        String useDate = sdf.format(date);
        //River修改了以下几行解决了第三个需求
        sdf.applyPattern("yyyy-MM-dd");
        String recordDate = sdf.format(date);
        bankCustomer.setUseDate(useDate);
        bankCustomer.setRecordDate(recordDate);
        bankCustomer.setTodayMoney(0);
        return bankCustomer;
    }

—  实验室旗下直播培训课程  —



















Java代码审计5期优秀学员作业选登Java代码审计5期优秀学员作业选登

Java代码审计5期优秀学员作业选登

Java代码审计5期优秀学员作业选登

Java代码审计5期优秀学员作业选登

Java代码审计5期优秀学员作业选登

Java代码审计5期优秀学员作业选登


来和20000+位同学加入MS08067一起学习吧!


Java代码审计5期优秀学员作业选登

原文始发于微信公众号(Ms08067安全实验室):Java代码审计5期优秀学员作业选登

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年11月30日12:44:36
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  Java代码审计5期优秀学员作业选登 http://cn-sec.com/archives/1434492.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: