QLExpress可以执行java代码，但要注意控制可执行的代码范围开启代码黑名单或白名单，否则容易出现被利用。
开启白名单示例代码如下：
举个例子，我要替换掉有mt开头的字符
```
    public static void main(String args[]) throws Exception {
        QLExpressRunStrategy.setForbidInvokeSecurityRiskMethods(true);
        QLExpressRunStrategy.addSecureMethod(CommonUtil.class, "startWith");
        QLExpressRunStrategy.addSecureMethod(CommonUtil.class, "subStrNoStart");
        
        ExpressRunner expressRunner = new ExpressRunner();
        String expressValue = "import com.jary.mytools.server.utils.CommonUtil;if(CommonUtil.startWith(a,'mt_'))then{return CommonUtil.subStrNoStart(a,'mt_');} else if(CommonUtil.startWith(a,'t_'))then{return CommonUtil.subStrNoStart(a,'t_');} else {return a;}";
        DefaultContext<String, Object> context = new DefaultContext<String, Object>();
        context.put("a","mt_user_info");
        Object result = expressRunner.execute(expressValue, context, null, true, false);
        String value = result.toString();
        System.out.println(value);
    }
```
输出：user_info

maven引入：
```xml
		<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>QLExpress</artifactId>
			<version>3.3.0</version>
		</dependency>

```

CommonUtil的代码如下：
```
package com.jary.mytools.server.utils;

import java.util.*;

public class CommonUtil {

public static boolean startWith(String string,String startWith) {
		return string.startsWith(startWith);
	}

public static boolean endWith(String string,String endWith) {
		return string.startsWith(endWith);
	}

public static String subStrNoStart(String string,String startWith) {
		return string.replaceFirst(startWith,"");
	}

public static String subStrNoEnd(String string,String endWith) {
		int index = string.lastIndexOf(endWith);
		return string.substring(0,index);
	}
}
```

ClassInstance

QLExpress在脚本中执行Java代码

相关文章

推荐文章

热门文章

标签列表