GTsoft/gtsoft-snail-job-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sj_1.4.0-beta2):修复spel类型注入,会导致RCE的安全问题

Browse Source
This commit is contained in:
srzou 2025-03-14 00:12:23 +08:00
parent 4444a508e1
commit d8d78afe0d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/SpELExpressionEngine.java
View File

@ -5,7 +5,7 @@ import com.aizuda.snailjob.common.core.util.JsonUtil;
import org.springframework.expression.EvaluationContext; import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ExpressionParser; import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.expression.spel.support.SimpleEvaluationContext;
import java.util.Map; import java.util.Map;
@ -24,7 +24,7 @@ public class SpELExpressionEngine extends AbstractExpressionEngine {
protected Object doEval(String expression, Map<String, Object> context) { protected Object doEval(String expression, Map<String, Object> context) {
try { try {
final EvaluationContext evaluationContext = new StandardEvaluationContext(); final EvaluationContext evaluationContext = SimpleEvaluationContext.forReadOnlyDataBinding().build();
context.forEach(evaluationContext::setVariable); context.forEach(evaluationContext::setVariable);
return ENGINE.parseExpression(expression).getValue(evaluationContext, Object.class); return ENGINE.parseExpression(expression).getValue(evaluationContext, Object.class);
} catch (Exception e) { } catch (Exception e) {