Jan Ouwens
Jan Ouwens
EqualsVerifier.forClass(Foo.class)
.verify();
Demo
Java 10!
Demo
Demo
Scala demo
Kotlin demo
Rating: β οΈπ£
Demo
Demo
Demo
Howeverβ¦
Demo
Was this hack evil? β
Are Calendars and arrays evil? β
Are JPA entities evil? πΉ
Rating: β οΈπ£π₯
Demo
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by demos.reflection.Reflector (file:/Users/jqno/w/personal/dont-hack-the-platform-talk/target/classes/) to field java.lang.String.value
WARNING: Please consider reporting this to the maintainers of demos.reflection.Reflector
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
--add-opens java.base/java.lang=ALL-UNNAMED
Demo
close()
on URLClassLoader
CompilationTask
Β―\_(γ)_/Β―
@Test
public void equalsverifierSucceeds_whenOneOfTheFieldsIsSynthetic() {
if (!isJava8Available()) {
return;
}
Class<?> java8ClassWithSyntheticField = compile(JAVA_8_CLASS_WITH_SYNTHETIC_FIELD_NAME, JAVA_8_CLASS_WITH_SYNTHETIC_FIELD);
EqualsVerifier.forClass(java8ClassWithSyntheticField)
.verify();
}
private static final String JAVA_8_CLASS_WITH_SYNTHETIC_FIELD_NAME = "Java8ClassWithSyntheticField";
private static final String JAVA_8_CLASS_WITH_SYNTHETIC_FIELD =
"\nimport java.util.Comparator;" +
"\nimport java.util.Objects;" +
"\n" +
"\npublic final class Java8ClassWithSyntheticField {" +
"\n private static final Comparator<Java8ClassWithSyntheticField> COMPARATOR =" +
"\n (c1, c2) -> 0; // A lambda is a synthetic class" +
"\n" +
"\n private final String s;" +
"\n " +
"\n public Java8ClassWithSyntheticField(String s) {" +
"\n this.s = s;" +
"\n }" +
"\n " +
"\n @Override" +
"\n public boolean equals(Object obj) {" +
"\n if (!(obj instanceof Java8ClassWithSyntheticField)) {" +
"\n return false;" +
"\n }" +
"\n return Objects.equals(s, ((Java8ClassWithSyntheticField)obj).s);" +
"\n }" +
"\n " +
"\n @Override" +
"\n public int hashCode() {" +
"\n return Objects.hash(s);" +
"\n }" +
"\n}";
Rating: β οΈπ£π₯
use annotations
to trick the Java compiler
into generating bytecode
that does something else
use annotations
to trick the Java runtime
into generating bytecode
that does something else
Objenesis
Demo
Rating: β οΈ
β[An enum] provides an ironclad guarantee against multiple instantiation, even in the face of sophisticated serialization or reflection attacks. [β¦] A single-element enum type is often the best way to implement a singleton.β
β Joshua Bloch, Effective Java 3rd Edition
π
Demo
Rating: β οΈπ£
Demo
Rating: β οΈπ£π₯
ByteBuddy
&
ByteBuddy Agent
Use cases for agents
Demo
Idea shamelessly stolen from
/TOPdesk/time-transformer-agent
Thereβs more
Demo
mvn clean package
mvn exec:java -DmainClass=demos.libraries.remote.Attack -Darg0=target/dont-hack-the-platform-0.1-SNAPSHOT.jar -Darg1=???
Demo
System.setSecurityManager(new SecurityManager());
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by demos.reflection.CallOfTheVoid (file:/Users/jqno/w/personal/dont-hack-the-platform-talk/target/classes/) to constructor java.lang.Void()
WARNING: Please consider reporting this to the maintainers of demos.reflection.CallOfTheVoid
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
--illegal-access=deny
Maybe not at work though?
slides & code at
/jqno/dont-hack-the-platform-talk
Iβm at
jqno