diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/datasetparam/service/impl/DataSetParamServiceImpl.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/datasetparam/service/impl/DataSetParamServiceImpl.java index e4679b87..ca4303c1 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/datasetparam/service/impl/DataSetParamServiceImpl.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/datasetparam/service/impl/DataSetParamServiceImpl.java @@ -1,4 +1,3 @@ - package com.anjiplus.template.gaea.business.modules.datasetparam.service.impl; import com.anji.plus.gaea.curd.mapper.GaeaBaseMapper; @@ -10,6 +9,8 @@ import com.anjiplus.template.gaea.business.modules.datasetparam.service.DataSetP import com.anjiplus.template.gaea.business.modules.datasetparam.util.ParamsResolverHelper; import com.anjiplus.template.gaea.business.code.ResponseCode; import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.collect.Sets; +import jdk.nashorn.api.scripting.NashornScriptEngineFactory; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -17,10 +18,10 @@ import org.springframework.stereotype.Service; import javax.script.Invocable; import javax.script.ScriptEngine; -import javax.script.ScriptEngineManager; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; /** * @desc DataSetParam 数据集动态参数服务实现 @@ -31,11 +32,12 @@ import java.util.Map; //@RequiredArgsConstructor @Slf4j public class DataSetParamServiceImpl implements DataSetParamService { + static final Set blackList = Sets.newHashSet("java.lang.ProcessBuilder", "java.lang.Runtime", "java.lang.ProcessImpl"); private ScriptEngine engine; { - ScriptEngineManager manager = new ScriptEngineManager(); - engine = manager.getEngineByName("JavaScript"); + NashornScriptEngineFactory factory = new NashornScriptEngineFactory(); + engine = factory.getScriptEngine(clz -> !blackList.contains(clz)); } @Autowired