Package eu.tneitzel.rmg.utils
Class Security
- java.lang.Object
-
- eu.tneitzel.rmg.utils.Security
-
public abstract class Security extends Object
During sample creation, remote-method-guesser creates sample files with filenames and contents controlled by the remote RMI server. Especially the bound names registered within the registry are dangerous, as they can contain arbitrary characters. To prevent path traversal attacks or injections into the generated Java code, the Security class implements some filtering mechanisms that restrict the allowed characters during sample generation. The filtering is very restrictive and should cause problems with bound names that contain special characters. After reviewing the exposed bound names and their class names carefully, one can run the sample creation with the --trusted flag, which disables the Security filtering.- Author:
- Tobias Neitzel (@qtc_de)
-
-
Constructor Summary
Constructors Constructor Description Security()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidcheckAlphaNumeric(String input)Check the specified string for invalid characters.static voidcheckBoundName(String input)Check the specified string for invalid characters.static voidcheckJarFile(String input)Check the specified string for invalid characters.static voidcheckJavaFile(String input)Check the specified string for invalid characters.static voidcheckPackageName(String input)Check the specified string for invalid characters.static voidcheckShellInjection(String input)Check the specified string for invalid characters.
-
-
-
Method Detail
-
checkBoundName
public static void checkBoundName(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
checkAlphaNumeric
public static void checkAlphaNumeric(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
checkPackageName
public static void checkPackageName(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
checkJavaFile
public static void checkJavaFile(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
checkJarFile
public static void checkJarFile(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
checkShellInjection
public static void checkShellInjection(String input) throws UnexpectedCharacterException
Check the specified string for invalid characters.- Parameters:
input- the input string- Throws:
UnexpectedCharacterException- if invalid characters are found.
-
-