Spring Cloud Function 漏洞复现

function = this.functionFromExpression((String)message.getHeaders().get("spring.cloud.function.routing-expression"), message);

private FunctionInvocationWrapper functionFromExpression(String routingExpression, Object input) {        Expression expression = this.spelParser.parseExpression(routingExpression);        String functionName = (String)expression.getValue(this.evalContext, input, String.class);        Assert.hasText(functionName, "Failed to resolve function name based on routing expression '" + this.functionProperties.getRoutingExpression() + "'");        FunctionInvocationWrapper function = (FunctionInvocationWrapper)this.functionCatalog.lookup(functionName);        Assert.notNull(function, "Failed to lookup function to route to based on the expression '" + this.functionProperties.getRoutingExpression() + "' whcih resolved to '" + functionName + "' function name.");        if (logger.isInfoEnabled()) {            logger.info("Resolved function from provided [routing-expression]  " + routingExpression);        }
        return function;    }