Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
An expanded example of the exception based dataflow laundering example
public class ExpandedExceptionalLaunder {
public static void main(String[] args) {
String sensitive = "SECRET_DATA";
try {
pilfer(sensitive);
} catch (Exception e){
leak(errorReport(e));
}
}
// a method that should never get sensitive data...
private static void leak(String data){
System.out.println(data);
}
// examines call stack retrieve sensitive data
private static String errorReport(Throwable e){
StackTraceElement[] stack = e.getStackTrace();
StringBuilder temp = new StringBuilder("");
int i = 0;
for(StackTraceElement element : stack){
if(i==8){
temp.append(",");
i = 0;
}
if(element.getMethodName().substring(0,1).equals("_")){
temp.append(element.getMethodName().replace("_", ""));
}
i++;
}
String report = "";
String[] format = temp.reverse().toString().replaceFirst(",", "").split(",");
for(String s : format){
StringBuilder s2 = new StringBuilder(s);
byte b = Byte.parseByte(s2.reverse().toString(),2);
report += (char) b;
}
return report;
}
// starts a recursive call chain that represents the data
private static void pilfer(String data) {
if(data.getBytes()[0] % 2 == 0){
_0(data,1);
} else {
_1(data,1);
}
}
// called when the next bit is 0 to build the representative call chain
private static void _0(String s, int i){
byte b;
if(i > 7){
s = s.substring(1,s.length());
i = 0;
b = s.getBytes()[0];
} else {
b = s.getBytes()[0];
}
if((b >> i) % 2 == 0){
_0(s, i+1);
} else {
_1(s, i+1);
}
}
// called when the next bit is 1 to build the representative call chain
private static void _1(String s, int i){
byte b;
if(i > 7){
s = s.substring(1,s.length());
i = 0;
b = s.getBytes()[0];
} else {
b = s.getBytes()[0];
}
if((b >> i) % 2 == 0){
_0(s, i+1);
} else {
_1(s, i+1);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.