From 3a052b3e982bda52c882b06478007eff4f8226c6 Mon Sep 17 00:00:00 2001
From: x1ongsec <x1ongsec@163.com>
Date: Wed, 5 Mar 2025 11:06:55 +0800
Subject: [PATCH] fix bug

---
 src/main/java/com/best/hello/controller/SSTI.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/com/best/hello/controller/SSTI.java b/src/main/java/com/best/hello/controller/SSTI.java
index ea90456..1122242 100644
--- a/src/main/java/com/best/hello/controller/SSTI.java
+++ b/src/main/java/com/best/hello/controller/SSTI.java
@@ -149,6 +149,11 @@ public String freemarkerVul(@RequestParam String file, @RequestParam String cont
             log.error("关闭流失败", e);
         }
 
+        if (request.getRequestURI().contains("/freemarker/vul")) {
+            // 如果访问的 URI 路径包含 /freemarker/vul 则使用不安全的解析器
+            conf.setNewBuiltinClassResolver(TemplateClassResolver.UNRESTRICTED_RESOLVER);
+        }
+
         // 添加模板到 StringTemplateLoader，并禁用缓存和异常日志
         stringTemplateLoader.putTemplate(file, content);
         conf.setTemplateUpdateDelayMilliseconds(0);