[功能] 支持 --decompile 参数反编译指定类 @4ra1n

Author: 4ra1n

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.2.0
+
+更新日志：
+
+- [功能] 支持 `--decompile` 参数反编译指定类 @4ra1n
+
 ## 1.1.0
 
 更新日志：

README.md

@@ -22,7 +22,7 @@
 
 > [English Version](README_EN.md)
 
-[更新日志](CHANGLOG.md)
+[更新日志](CHANGELOG.md)
 
 ## 📖 简介
 
@@ -47,6 +47,7 @@
 - 📦 **Spring Boot / WAR 支持** — 嵌套 JAR 解析、类名修正，完美适配 Fat JAR
 - 🛡️ **安全防护** — 内置 Zip Slip 路径穿越攻击防御，损坏类文件自动容错
 - 🔌 **双模式使用** — 既可作为 CLI 工具独立运行，也可作为 Java 库集成到项目中
+- 🔓 **内置反编译** — 集成 FernFlower 反编译引擎，支持 CLI 直接反编译指定类并输出源码
 
 ## 🚀 快速开始
 
@@ -76,6 +77,11 @@ java -jar jar-analyzer-engine.jar --jar /path/to/app.jar
 # 分析目录下所有 JAR
 java -jar jar-analyzer-engine.jar --jar /path/to/libs/
 
+# 反编译指定类（需先 build 或指定 --jar 自动 build）
+java -jar jar-analyzer-engine.jar --decompile com.example.MyClass
+
+# 首次使用，自动 build + 反编译
+java -jar jar-analyzer-engine.jar --jar /path/to/app.jar --decompile com.example.MyClass
 ```
 
 分析完成后将在当前目录生成 SQLite 数据库文件 `jar-analyzer.db`，可使用任何 SQLite 客户端工具查询。分析过程中的临时文件存放在 `jar-analyzer-temp` 目录中，分析完成后可手动删除。
@@ -101,6 +107,7 @@ java -jar jar-analyzer-engine.jar --jar /path/to/libs/
 | `--white-list <text>` | `-w` | 无 | 类/包白名单（内联文本） |
 | `--black-list-file <file>` | — | 无 | 从文件读取黑名单 |
 | `--white-list-file <file>` | — | 无 | 从文件读取白名单 |
+| `--decompile <class>` | `-d` | 无 | 反编译指定类并输出源码到控制台（如 `com.example.MyClass`） |
 | `--help` | `-h` | — | 显示帮助信息 |
 
 ## 📚 参数详解
@@ -198,6 +205,28 @@ java -jar jar-analyzer-engine.jar --jar springboot-app.jar --inner-jars --fix-cl
 java -jar jar-analyzer-engine.jar --jar app.jar --no-fix-impl
 ```
 
+### `--decompile` / `-d`（反编译模式）
+
+指定一个类的全限定名，引擎会从 `jar-analyzer-temp` 临时目录中查找对应的 class 文件，使用内置的 FernFlower 反编译引擎将其反编译为 Java 源码，并输出到控制台。
+
+支持的类名格式：
+- 点分隔：`com.example.service.UserService`
+- 斜杠分隔：`com/example/service/UserService`
+
+引擎会自动处理以下情况：
+- **Spring Boot Fat JAR**：自动搜索 `BOOT-INF/classes/` 前缀
+- **WAR 文件**：自动搜索 `WEB-INF/classes/` 前缀
+- **内部类**：自动包含 `$` 内部类文件一起反编译
+- **模糊匹配**：找不到类时会搜索 temp 目录给出 "Did you mean?" 候选建议
+
+```bash
+# 已 build 过（temp 目录存在），直接反编译
+java -jar jar-analyzer-engine.jar --decompile com.example.MyClass
+
+# 首次使用，自动 build + 反编译
+java -jar jar-analyzer-engine.jar --jar app.jar --decompile com.example.MyClass
+```
+
 ### 黑白名单过滤
 
 通过黑白名单可以控制哪些类参与分析，减少不必要的分析范围，加速分析过程。
@@ -472,6 +501,19 @@ java -jar jar-analyzer-engine.jar \
   --rt /usr/lib/jvm/java-8-openjdk/jre/lib/rt.jar
 ```
 
+### 6. 反编译指定类查看源码
+
+```bash
+# 分析 + 反编译一步完成
+java -jar jar-analyzer-engine.jar \
+  --jar app.jar \
+  --decompile com.example.service.UserService
+
+# 已 build 过，直接反编译
+java -jar jar-analyzer-engine.jar \
+  --decompile com.example.service.UserService
+```
+
 ## 🤖 与 AI 集成进行代码审计
 
 生成的 SQLite 数据库天然适合与 AI 工具结合使用，以下是推荐的工作流：
@@ -578,6 +620,9 @@ jar-analyzer-engine/
 │   │   ├── mapper/                  #   MyBatis Mapper 接口 (15个)
 │   │   └── reference/               #   核心数据模型
 │   ├── entity/                      # 数据库实体类 (18个)
+│   ├── decompile/                   # 反编译模块
+│   │   ├── DecompileEngine.java     #   FernFlower 反编译封装
+│   │   └── LRUCache.java            #   反编译结果 LRU 缓存
 │   └── analyze/spring/              # Spring 框架分析
 │       ├── SpringService.java       #   Spring 分析入口
 │       └── asm/                     #   Spring 注解 ASM 访问器

README_EN.md

@@ -45,6 +45,7 @@ The engine is built on the **ASM bytecode analysis framework** and uses a **mult
 - 📦 **Spring Boot / WAR Support** — Nested JAR parsing and class name correction, perfectly adapted for Fat JARs
 - 🛡️ **Security Protection** — Built-in Zip Slip path traversal attack defense with automatic error tolerance for corrupted class files
 - 🔌 **Dual-Mode Usage** — Works as both a standalone CLI tool and an embeddable Java library
+- 🔓 **Built-in Decompilation** — Integrated FernFlower decompiler engine, supports CLI decompilation of specific classes with source code output
 
 ## 🚀 Quick Start
 
@@ -74,6 +75,11 @@ java -jar jar-analyzer-engine.jar --jar /path/to/app.jar
 # Analyze all JARs in a directory
 java -jar jar-analyzer-engine.jar --jar /path/to/libs/
 
+# Decompile a specific class (requires prior build or --jar for auto build)
+java -jar jar-analyzer-engine.jar --decompile com.example.MyClass
+
+# First time use: auto build + decompile
+java -jar jar-analyzer-engine.jar --jar /path/to/app.jar --decompile com.example.MyClass
 ```
 
 After analysis, a SQLite database file `jar-analyzer.db` will be generated in the current directory and can be queried with any SQLite client tool. Temporary files during analysis are stored in the `jar-analyzer-temp` directory, which can be manually deleted after analysis completes.
@@ -99,6 +105,7 @@ After analysis, a SQLite database file `jar-analyzer.db` will be generated in th
 | `--white-list <text>` | `-w` | None | Class/package whitelist (inline text) |
 | `--black-list-file <file>` | — | None | Read blacklist from file |
 | `--white-list-file <file>` | — | None | Read whitelist from file |
+| `--decompile <class>` | `-d` | None | Decompile a specific class and print source to console (e.g. `com.example.MyClass`) |
 | `--help` | `-h` | — | Display help information |
 
 ## 📚 Argument Details
@@ -196,6 +203,28 @@ Enabling `--no-fix-impl` disables this behavior, keeping only the **literal dire
 java -jar jar-analyzer-engine.jar --jar app.jar --no-fix-impl
 ```
 
+### `--decompile` / `-d` (Decompile Mode)
+
+Specify a fully-qualified class name, and the engine will locate the corresponding class file in the `jar-analyzer-temp` directory, decompile it to Java source code using the built-in FernFlower decompiler, and output the result to the console.
+
+Supported class name formats:
+- Dot-separated: `com.example.service.UserService`
+- Slash-separated: `com/example/service/UserService`
+
+The engine automatically handles:
+- **Spring Boot Fat JAR**: Searches under `BOOT-INF/classes/` prefix
+- **WAR files**: Searches under `WEB-INF/classes/` prefix
+- **Inner classes**: Automatically includes `$` inner class files for decompilation
+- **Fuzzy matching**: When the class is not found, searches the temp directory and provides "Did you mean?" suggestions
+
+```bash
+# Already built (temp directory exists), decompile directly
+java -jar jar-analyzer-engine.jar --decompile com.example.MyClass
+
+# First time use: auto build + decompile
+java -jar jar-analyzer-engine.jar --jar app.jar --decompile com.example.MyClass
+```
+
 ### Blacklist & Whitelist Filtering
 
 Blacklists and whitelists allow you to control which classes participate in analysis, reducing unnecessary analysis scope and speeding up the process.
@@ -473,6 +502,19 @@ java -jar jar-analyzer-engine.jar \
   --rt /usr/lib/jvm/java-8-openjdk/jre/lib/rt.jar
 ```
 
+### 6. Decompile a Specific Class
+
+```bash
+# Analyze + decompile in one step
+java -jar jar-analyzer-engine.jar \
+  --jar app.jar \
+  --decompile com.example.service.UserService
+
+# Already built, decompile directly
+java -jar jar-analyzer-engine.jar \
+  --decompile com.example.service.UserService
+```
+
 ## 🤖 AI Integration for Code Auditing
 
 The generated SQLite database is naturally suited for use with AI tools. Here is the recommended workflow:
@@ -579,6 +621,9 @@ jar-analyzer-engine/
 │   │   ├── mapper/                  #   MyBatis Mapper interfaces (15)
 │   │   └── reference/               #   Core data models
 │   ├── entity/                      # Database entity classes (18)
+│   ├── decompile/                   # Decompilation module
+│   │   ├── DecompileEngine.java     #   FernFlower decompiler wrapper
+│   │   └── LRUCache.java            #   Decompilation result LRU cache
 │   └── analyze/spring/              # Spring framework analysis
 │       ├── SpringService.java       #   Spring analysis entry point
 │       └── asm/                     #   Spring annotation ASM visitors