ognl

ognl在线教程

执行ognl表达式

从3.0.5版本增加

参数说明

参数名称参数说明
express执行的表达式
[c:]执行表达式的 ClassLoader 的 hashcode,默认值是SystemClassLoader
[classLoaderClass:]指定执行表达式的 ClassLoader 的 class name
[x]结果对象的展开层次,默认值1

使用参考

调用静态函数:

  1. $ ognl '@java.lang.System@out.println("hello")'
  2. null

获取静态类的静态字段:

  1. $ ognl '@demo.MathGame@random'
  2. @Random[
  3. serialVersionUID=@Long[3905348978240129619],
  4. seed=@AtomicLong[125451474443703],
  5. multiplier=@Long[25214903917],
  6. addend=@Long[11],
  7. mask=@Long[281474976710655],
  8. DOUBLE_UNIT=@Double[1.1102230246251565E-16],
  9. BadBound=@String[bound must be positive],
  10. BadRange=@String[bound must be greater than origin],
  11. BadSize=@String[size must be non-negative],
  12. seedUniquifier=@AtomicLong[-3282039941672302964],
  13. nextNextGaussian=@Double[0.0],
  14. haveNextNextGaussian=@Boolean[false],
  15. serialPersistentFields=@ObjectStreamField[][isEmpty=false;size=3],
  16. unsafe=@Unsafe[sun.misc.Unsafe@28ea5898],
  17. seedOffset=@Long[24],
  18. ]

通过hashcode指定ClassLoader:

  1. $ classloader -t
  2. +-BootstrapClassLoader
  3. +-jdk.internal.loader.ClassLoaders$PlatformClassLoader@301ec38b
  4. +-com.taobao.arthas.agent.ArthasClassloader@472067c7
  5. +-jdk.internal.loader.ClassLoaders$AppClassLoader@4b85612c
  6. +-org.springframework.boot.loader.LaunchedURLClassLoader@7f9a81e8
  7. $ ognl -c 7f9a81e8 @org.springframework.boot.SpringApplication@logger
  8. @Slf4jLocationAwareLog[
  9. FQCN=@String[org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog],
  10. name=@String[org.springframework.boot.SpringApplication],
  11. logger=@Logger[Logger[org.springframework.boot.SpringApplication]],
  12. ]
  13. $

注意hashcode是变化的,需要先查看当前的ClassLoader信息,提取对应ClassLoader的hashcode。

对于只有唯一实例的ClassLoader可以通过class name指定,使用起来更加方便:

  1. $ ognl --classLoaderClass org.springframework.boot.loader.LaunchedURLClassLoader @org.springframework.boot.SpringApplication@logger
  2. @Slf4jLocationAwareLog[
  3. FQCN=@String[org.apache.commons.logging.LogAdapter$Slf4jLocationAwareLog],
  4. name=@String[org.springframework.boot.SpringApplication],
  5. logger=@Logger[Logger[org.springframework.boot.SpringApplication]],
  6. ]

执行多行表达式,赋值给临时变量,返回一个List:

  1. $ ognl '#value1=@System@getProperty("java.home"), #value2=@System@getProperty("java.runtime.name"), {#value1, #value2}'
  2. @ArrayList[
  3. @String[/opt/java/8.0.181-zulu/jre],
  4. @String[OpenJDK Runtime Environment],
  5. ]