zhongjiajie commented on code in PR #15680:
URL:
https://github.com/apache/dolphinscheduler/pull/15680#discussion_r1515999986
##########
dolphinscheduler-master/src/main/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtils.java:
##########
@@ -50,6 +50,10 @@ public class SwitchTaskUtils {
"eval",
"function",
"import",
+ ".",
+ "()",
+ "[",
+ "]",
Review Comment:
can we get the final exec command in user input? such as we can convert
below code
```js
var a = Java.type("ja" + "va.lang.Runtime");
var b = a.getRuntime();
b.exec(${cmd})
```
to
```js
var a = Java.type("ja" + "va.lang.Runtime");
var b = a.getRuntime();
Java.type("ja" + "va.lang.Runtime").getRuntime().exec(${cmd})
```
If we can do it, I think that would be easier to check
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
