Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

更新 xstream dependency version #44

Open
NEUZhangy opened this issue Jul 5, 2023 · 0 comments
Open

更新 xstream dependency version #44

NEUZhangy opened this issue Jul 5, 2023 · 0 comments

Comments

@NEUZhangy
Copy link

PLMCodeTemplate/source/src/common/plm/common/utils/XMLConfig.java

Line 28 in 85b7d74

T obj = (T) xstream.fromXML(xml);
influenced by old version of xstream and may caused remote code execution. see test below:

package plm.common.utils;

import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.core.JVM;
import org.junit.Before;
import org.junit.Test;

import java.util.Iterator;

import static org.junit.Assert.assertEquals;

public class XMLConfigTest {

    private static final StringBuilder BUFFER = new StringBuilder();

    private XMLConfig xmlConfig;

    @Before
    public void setUp() {
        xmlConfig = new XMLConfig();
    }

    @Test
    public void testToBeanVulnerableToCVE_2017_7957() {
        if (JVM.isVersion(7)) {
            final String xml = ""
                + "<string class='javax.imageio.spi.FilterIterator'>\n"
                + " <iter class='java.util.ArrayList$Itr'>\n"
                + "   <cursor>0</cursor>\n"
                + "   <lastRet>1</lastRet>\n"
                + "   <expectedModCount>1</expectedModCount>\n"
                + "   <outer-class>\n"
                + "     <com.thoughtworks.acceptance.SecurityVulnerabilityTest_-Exec/>\n"
                + "   </outer-class>\n"
                + " </iter>\n"
                + " <filter class='javax.imageio.ImageIO$ContainsFilter'>\n"
                + "   <method>\n"
                + "     <class>com.thoughtworks.acceptance.SecurityVulnerabilityTest$Exec</class>\n"
                + "     <name>exec</name>\n"
                + "     <parameter-types/>\n"
                + "   </method>\n"
                + "   <name>exec</name>\n"
                + " </filter>\n"
                + " <next/>\n"
                + "</string>";

            XStream xstream = new XStream();
            xstream.allowTypes(new String[]{"javax.imageio.ImageIO$ContainsFilter"});

            final Iterator iterator = (Iterator) xmlConfig.toBean(xml, Iterator.class);
            assertEquals(0, BUFFER.length());
            iterator.next();
            assertEquals("Executed!", BUFFER.toString());
        }
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NEUZhangy