背景
应对代码安全检查,有时候需要升级jar包安全版本比如spring-web-5.3.41.jar但是该版本是 spring 面向企业漏洞修复版,无法直接获取所以做了一个动态替换jar包版本的功能
编写 mutate.bat 脚本
放项目 scripts文件夹下@echo off
REM chcp 65001
setlocal enabledelayedexpansionREM --------------------------------------------
REM 步骤 1: 进入 target 目录
REM --------------------------------------------
cd /d "%~dp0" 2>nul
if %errorlevel% neq 0 (echo [错误] 无法切换到脚本所在目录!exit /b 1
)cd.. 2>nul
if %errorlevel% neq 0 (echo [错误] 无法返回上级目录!exit /b 1
)cd /d "target" 2>nul
if %errorlevel% neq 0 (echo [错误] target 目录不存在或无法进入!exit /b 1
)
REM echo 当前工作目录是:%cd%REM --------------------------------------------
REM 步骤 2: 备份原始 example-system-0.0.1-SNAPSHOT.jar
REM --------------------------------------------
if not exist "example-system-0.0.1-SNAPSHOT.jar" (echo [错误] example-system-0.0.1-SNAPSHOT.jar 不存在!exit /b 1
)
REM copy "example-system-0.0.1-SNAPSHOT.jar" "example-system-0.0.1-SNAPSHOT.jar.bak" >nul
REM echo [信息] 已备份原文件: example-system-0.0.1-SNAPSHOT.jar.bakREM --------------------------------------------
REM 步骤 3: 创建临时目录并解压 JAR
REM --------------------------------------------
set "current_dir=%CD%"
set "temp_dir=%current_dir%\temp_%random%"
mkdir "%temp_dir%" 2>nul || (echo [错误] 无法创建临时目录 "%temp_dir%"exit /b 1
)REM echo [信息] 正在解压 example-system-0.0.1-SNAPSHOT.jar...if not exist "example-system-0.0.1-SNAPSHOT.jar" (echo [错误] 文件 example-system-0.0.1-SNAPSHOT.jar 不存在!exit /b 1
)cd %temp_dir%
set "error_log=%temp%\jar_error.log"jar xf %current_dir%\example-system-0.0.1-SNAPSHOT.jar 2>"%error_log%"
if %errorlevel% neq 0 (echo [错误] 解压 example-system-0.0.1-SNAPSHOT.jar 失败!type "%error_log%"rd /s /q "%temp_dir%" 2>nulexit /b 1
)
REM echo 解压完毕
REM --------------------------------------------
REM 步骤 4: 重命名内部 JAR 文件
REM --------------------------------------------
set "old_jar=%temp_dir%\BOOT-INF\lib\spring-web-5.3.29.jar"
set "new_jar=%temp_dir%\BOOT-INF\lib\spring-web-5.3.41.jar"if not exist "%old_jar%" (REM echo [错误] 未找到文件:%old_jar% 使用存在文件:%new_jar%set "old_jar=%new_jar%"
)if not exist "%old_jar%" (echo [错误] 未找到文件:%old_jar%rd /s /q "%temp_dir%" 2>nulexit /b 1
)ren "%old_jar%" "spring-web-5.3.41.jar" 2>nul
if %errorlevel% neq 0 (echo [错误] 重命名失败!rd /s /q "%temp_dir%" 2>nulexit /b 1
)
REM echo [信息] 已重命名: BOOT-INF\lib\spring-web-5.3.41.jarREM --------------------------------------------
REM 步骤 5: 重新打包 JAR 文件
REM --------------------------------------------
REM echo [信息] 正在重新打包 example-system-0.0.1-SNAPSHOT.jar...
cd "%temp_dir%"
jar cfm0 "../example-system-0.0.1-SNAPSHOT.jar" META-INF/MANIFEST.MF * 2>nul
if %errorlevel% neq 0 (echo [错误] 重新打包失败!cd ..rd /s /q "%temp_dir%" 2>nulexit /b 1
)
cd ..REM --------------------------------------------
REM 步骤 6: 清理临时文件
REM --------------------------------------------
rd /s /q "%temp_dir%" 2>nul
REM echo [信息] 临时文件已清理REM --------------------------------------------
REM echo [成功] 操作完成!example-system-0.0.1-SNAPSHOT.jar 已更新。
endlocal
REM pause
配置 pom.xml
执行打包命令会执行该脚本,把依赖版本号替换<build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId><configuration><fork>true</fork> <includeSystemScope>true</includeSystemScope></configuration><executions><execution><goals><goal>repackage</goal></goals></execution></executions></plugin><plugin><artifactId>exec-maven-plugin</artifactId><groupId>org.codehaus.mojo</groupId><version>3.5.0</version><executions><execution><id>shell</id><phase>package</phase><goals><goal>exec</goal></goals><configuration><executable>${project.basedir}/scripts/mutate.bat</executable></configuration></execution></executions></plugin></plugins></build>
