Package eu.tneitzel.rmg.internal

Class MethodCandidate

  • public class MethodCandidate
extends Object
    A MethodCandidate represents a remote method that may exists on a remote endpoint. The class is mainly used to compute the method hash from a method signature and to make certain meta information easy accessible. Usually, MethodCandidates are created from a user specified wordlist or function signature.
    Author:
    Tobias Neitzel (@qtc_de)

    • Constructor Summary

      Constructors 
      Constructor Description
      MethodCandidate​(String signature)
      Creates a MethodCandidate from a method signature defined as String.
      MethodCandidate​(String signature, String hash, String primitiveSize, String isVoid)
      The advanced wordlist format of rmg allows storing methods right away with their corresponding method hash and the required meta information.
      MethodCandidate​(javassist.CtMethod method)
      This constructor allows creating a MethodCandidate based on an already present CtMethod.

    • Constructor Detail

      • MethodCandidate

        public MethodCandidate​(String signature)
                throws javassist.CannotCompileException,
                       javassist.NotFoundException
        Creates a MethodCandidate from a method signature defined as String. The constructor first of all checks for unknown types within the method signature and creates the dynamically. Afterwards, it compiles the method signature to a CtMethod and initializes meta information containing variables on demand.
        Parameters:
        signature - method signature to create the MethodCandidate from
        Throws:
        javassist.CannotCompileException - is thrown when the method signature is invalid
        javassist.NotFoundException - should not be thrown in practice

      • MethodCandidate

        public MethodCandidate​(String signature,
                       String hash,
                       String primitiveSize,
                       String isVoid)
        The advanced wordlist format of rmg allows storing methods right away with their corresponding method hash and the required meta information. If such information is available within the wordlist file, this constructor is used.
        Parameters:
        signature - method signature to create the MethodCandidate from.
        hash - method hash for the corresponding method.
        primitiveSize - number of bytes before the first non primitive argument
        isVoid - if true, the method does not take any arguments

      • MethodCandidate

        public MethodCandidate​(javassist.CtMethod method)
                throws javassist.NotFoundException
        This constructor allows creating a MethodCandidate based on an already present CtMethod. This is currently only used in the case of already known classes that are encountered during method guessing.
        Parameters:
        method - CtMethod object
        Throws:
        javassist.NotFoundException - indicates an internal error

    • Method Detail

      • sendArguments

        public void sendArguments​(ObjectOutputStream oo)
                   throws IOException
        During guessing operations, we want to invoke methods with confused arguments. This means that: - If the function expects a primitive argument as first parameter, we should write an object - If the function expects a non primitive argument as first parameter, we should write a primitive This function puts the corresponding argument type depending on the corresponding method definition into the specified ObjectOutputStream.
        Parameters:
        oo - ObjectOutputStream to write the confused argument to
        Throws:
        IOException - indicates an error in the RMI communication

      • getParameterTypes

        public javassist.CtClass[] getParameterTypes()
                                      throws javassist.CannotCompileException,
                                             javassist.NotFoundException
        Returns the parameter types of the method as obtained from the CtMethod.
        Returns:
        the parameter types for the method
        Throws:
        javassist.CannotCompileException - should never occur
        javassist.NotFoundException - should never occur

      • getName

        public String getName()
               throws javassist.CannotCompileException,
                      javassist.NotFoundException
        Obtain the name of the corresponding method. If the CtMethod was not created so far, the function returns the placeholder "method".
        Returns:
        the name of the method
        Throws:
        javassist.CannotCompileException - should never occur
        javassist.NotFoundException - should never occur

      • getArgumentCount

        public int getArgumentCount()
        Returns the expected argument count of the method candidate.
        Returns:
        expected argument count as int

      • getPrimitive

        public int getPrimitive​(int selected)
                 throws javassist.NotFoundException,
                        javassist.CannotCompileException
        Searches the current MethodCandidate for non primitive arguments (yes, the name is misleading). Non primitive arguments are required for deserialization attacks. If a non primitive argument is found, the method returns the corresponding argument position. If an error was found or no primitive argument was found, the method returns -1. On invocation, a suggestion for a non primitive argument can be specified. In this case, the function just checks whether the corresponding argument is a primitive and returns the corresponding position if this is the case. Again, -1 is returned on error.
        Parameters:
        selected - suggestion for a primitive argument
        Returns:
        position of a primitive argument within the parameter array
        Throws:
        javassist.NotFoundException - should never occur
        javassist.CannotCompileException - should never occur

      • getSignature

        public String getSignature()
        Returns the current value of the signature attribute.
        Returns:
        The methods signature.

      • getHash

        public long getHash()
        Returns the current value of the hash attribute.
        Returns:
        hash value of the method

      • primitiveSize

        public int primitiveSize()
        Returns the current value of the primitiveSize attribute.
        Returns:
        true if first argument within the method is a primitive

      • isVoid

        public boolean isVoid()
        Returns the current value of the isVoid attribute.
        Returns:
        true if method does not take arguments, false otherwise

      • getMethod

        public javassist.CtMethod getMethod()
                             throws javassist.CannotCompileException,
                                    javassist.NotFoundException
        If not already done, creates a CtMethod from the stored method signature.
        Returns:
        CtMethod
        Throws:
        javassist.CannotCompileException - if method signature was invalid
        javassist.NotFoundException - if method signature was invalid

      • convertToString

        public String convertToString()
        Returns:
        the MethodCandidate as it should be stored in the advanced wordlist format.

      • getArgumentTypeName

        public String getArgumentTypeName​(int position)
        Returns the name of the parameter type in the specified position of the argument array.
        Parameters:
        position - Position in the argument array to obtain the type from
        Returns:
        name of the requested type

      • equals

        public boolean equals​(Object o)
        Two MethodCandidates are equal when their method hash is equal.
        Overrides:
        equals in class Object

      • hashCode

        public int hashCode()
        MethodCandidates are hashed according to their method hash.
        Overrides:
        hashCode in class Object