From 8909da0a84796d00c895f63d1bac0e0e9c44db07 Mon Sep 17 00:00:00 2001
From: yannaingtun <yannaingtun2007@gmail.com>
Date: Tue, 16 Dec 2025 14:34:58 +0800
Subject: [PATCH] Fix Quartz job whitelist check to prevent prefix bypass

---
 .../tech/qiantong/qknow/quartz/util/ScheduleUtils.java | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/qknow-framework/qknow-quartz/src/main/java/tech/qiantong/qknow/quartz/util/ScheduleUtils.java b/qknow-framework/qknow-quartz/src/main/java/tech/qiantong/qknow/quartz/util/ScheduleUtils.java
index eead3485..561c1f15 100644
--- a/qknow-framework/qknow-quartz/src/main/java/tech/qiantong/qknow/quartz/util/ScheduleUtils.java
+++ b/qknow-framework/qknow-quartz/src/main/java/tech/qiantong/qknow/quartz/util/ScheduleUtils.java
@@ -129,13 +129,17 @@ public static boolean whiteList(String invokeTarget)
     {
         String packageName = StringUtils.substringBefore(invokeTarget, "(");
         int count = StringUtils.countMatches(packageName, ".");
+
         if (count > 1)
         {
-            return StringUtils.containsAnyIgnoreCase(invokeTarget, Constants.JOB_WHITELIST_STR);
+            return StringUtils.startsWithAny(invokeTarget, Constants.JOB_WHITELIST_STR);
         }
+
         Object obj = SpringUtils.getBean(StringUtils.split(invokeTarget, ".")[0]);
         String beanPackageName = obj.getClass().getPackage().getName();
-        return StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_WHITELIST_STR)
-                && !StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_ERROR_STR);
+
+        return StringUtils.startsWithAny(beanPackageName, Constants.JOB_WHITELIST_STR)
+                && !StringUtils.startsWithAny(beanPackageName, Constants.JOB_ERROR_STR);
     }
+
 }