Jan Ouwens
April 4, 2018
Jan Ouwens
EqualsVerifier.forClass(Foo.class)
.verify();
Happy accidents
Evil consequences
Demo
Demo
Rating: β οΈπ£
Show me the code
Demo
Was this hack evil? β
Are Calendars and arrays evil? β
Are JPA entities evil? πΉ
Rating: β οΈπ£π₯
Demo
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by demos.reflection.Reflector (file:/Users/jqno/w/personal/dont-hack-the-platform-talk/target/classes/) to field java.lang.String.value
WARNING: Please consider reporting this to the maintainers of demos.reflection.Reflector
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
--add-opens java.base/java.lang=ALL-UNNAMED
Demo
close()
on URLClassLoader
CompilationTask
Β―\_(γ)_/Β―
@Test
public void equalsverifierSucceeds_whenOneOfTheFieldsIsSynthetic() {
if (!isJava8Available()) {
return;
}
Class<?> java8ClassWithSyntheticField = compile(JAVA_8_CLASS_WITH_SYNTHETIC_FIELD_NAME, JAVA_8_CLASS_WITH_SYNTHETIC_FIELD);
EqualsVerifier.forClass(java8ClassWithSyntheticField)
.verify();
}
private static final String JAVA_8_CLASS_WITH_SYNTHETIC_FIELD_NAME = "Java8ClassWithSyntheticField";
private static final String JAVA_8_CLASS_WITH_SYNTHETIC_FIELD =
"\nimport java.util.Comparator;" +
"\nimport java.util.Objects;" +
"\n" +
"\npublic final class Java8ClassWithSyntheticField {" +
"\n private static final Comparator<Java8ClassWithSyntheticField> COMPARATOR =" +
"\n (c1, c2) -> 0; // A lambda is a synthetic class" +
"\n" +
"\n private final String s;" +
"\n " +
"\n public Java8ClassWithSyntheticField(String s) {" +
"\n this.s = s;" +
"\n }" +
"\n " +
"\n @Override" +
"\n public boolean equals(Object obj) {" +
"\n if (!(obj instanceof Java8ClassWithSyntheticField)) {" +
"\n return false;" +
"\n }" +
"\n return Objects.equals(s, ((Java8ClassWithSyntheticField)obj).s);" +
"\n }" +
"\n " +
"\n @Override" +
"\n public int hashCode() {" +
"\n return Objects.hash(s);" +
"\n }" +
"\n}";
Rating: β οΈπ£π₯
use annotations
to trick the Java compiler
into generating bytecode
that does something else
use annotations
to trick the Java runtime
into generating bytecode
that does something else
Rating: β οΈ
Objenesis
Demo
Rating: β οΈ
β[An enum] provides an ironclad guarantee against multiple instantiation, even in the face of sophisticated serialization or reflection attacks.β
β Joshua Bloch, Effective Java 3rd Edition
π
Demo
Rating: β οΈπ£π₯
ByteBuddy
&
ByteBuddy Agent
Use cases for agents
Demo
Idea shamelessly stolen from
/TOPdesk/time-transformer-agent
Thereβs more
Demo
mvn clean package
mvn exec:java -DmainClass=demos.libraries.remote.Attack -Darg0=target/dont-hack-the-platform-0.1-SNAPSHOT.jar -Darg1=???
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by demos.reflection.CallOfTheVoid (file:/Users/jqno/w/personal/dont-hack-the-platform-talk/target/classes/) to constructor java.lang.Void()
WARNING: Please consider reporting this to the maintainers of demos.reflection.CallOfTheVoid
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
--illegal-access=deny
Maybe not at work though?
slides & code at
/jqno/dont-hack-the-platform-talk
Iβm at
jqno