Package jaz

Class Zer

java.lang.Object

jaz.Zer

All Implemented Interfaces:

Closeable, Flushable, Serializable, AutoCloseable, Cloneable, Comparable<Zer>, Iterable, Runnable, Collection, Comparator, Callable, Function, Iterator, List, SequencedCollection

public class Zer
extends Object
implements Serializable, Cloneable, Comparable<Zer>, Comparator, Closeable, Flushable, Iterable, Iterator, Runnable, Callable, Function, Collection, List

A honeypot class that reports a finding on initialization.

Class loading based on externally controlled data could lead to RCE depending on available classes on the classpath. Even if no applicable gadget class is available, allowing input to control class loading is a bad idea and should be prevented. A finding is generated whenever the class is loaded and initialized, regardless of its further use.

This class needs to implement Serializable to be considered in deserialization scenarios. It also implements common constructors, getter and setter and common interfaces to increase chances of passing deserialization checks.

Note: Jackson provides a nice list of "nasty classes" at SubTypeValidator.

Note: This class must not be referenced in any way by the rest of the code, not even statically. When referring to it, always use its hardcoded class name jaz.Zer.

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
Zer()
Zer(byte sanitizer)
Zer(String arg1)
Zer(String arg1, Throwable arg2)

Method Summary

Modifier and Type	Method	Description
void	add(int index, Object element)
boolean	add(Object o)
boolean	addAll(int index, Collection c)
boolean	addAll(Collection c)
Object	apply(Object o)
Object	call()
void	clear()
Object	clone()
void	close()
int	compare(Object o1, Object o2)
int	compareTo(Zer o)
boolean	contains(Object o)
boolean	containsAll(Collection c)
static void	el()
boolean	equals(Object obj)
void	flush()
Object	get(int index)
Object	getJaz()
int	hashCode()
boolean	hasNext()
int	indexOf(Object o)
boolean	isEmpty()
Iterator	iterator()
int	lastIndexOf(Object o)
ListIterator	listIterator()
ListIterator	listIterator(int index)
Object	next()
Object	remove(int index)
boolean	remove(Object o)
boolean	removeAll(Collection c)
boolean	retainAll(Collection c)
Zer	reversed()
void	run()
Object	set(int index, Object element)
void	setJaz(String jaz)
int	size()
List	subList(int fromIndex, int toIndex)
Object[]	toArray()
Object[]	toArray(Object[] a)
String	toString()

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.util.Collection

parallelStream, removeIf, stream, toArray

Methods inherited from interface java.util.Comparator

thenComparing, thenComparing, thenComparing, thenComparingDouble, thenComparingInt, thenComparingLong

Methods inherited from interface java.util.function.Function

andThen, compose

Methods inherited from interface java.lang.Iterable

forEach

Methods inherited from interface java.util.Iterator

forEachRemaining, remove

Methods inherited from interface java.util.List

addFirst, addLast, getFirst, getLast, removeFirst, removeLast, replaceAll, sort, spliterator

Constructor Details

Zer

public Zer()

Zer

public Zer(String arg1)

Zer

public Zer(String arg1,
 Throwable arg2)

Zer

public Zer(byte sanitizer)

Method Details

el

public static void el()

getJaz

public Object getJaz()

setJaz

public void setJaz(String jaz)

hashCode

public int hashCode()

Specified by:

hashCode in interface Collection

Specified by:

hashCode in interface List

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Specified by:

equals in interface Collection

Specified by:

equals in interface Comparator

Specified by:

equals in interface List

Overrides:

equals in class Object

toString

public String toString()

Overrides:

toString in class Object

close

public void close()

Specified by:

close in interface AutoCloseable

Specified by:

close in interface Closeable

flush

public void flush()

Specified by:

flush in interface Flushable

compareTo

public int compareTo(Zer o)

Specified by:

compareTo in interface Comparable<Zer>

compare

public int compare(Object o1,
 Object o2)

Specified by:

compare in interface Comparator

size

public int size()

Specified by:

size in interface Collection

Specified by:

size in interface List

isEmpty

public boolean isEmpty()

Specified by:

isEmpty in interface Collection

Specified by:

isEmpty in interface List

contains

public boolean contains(Object o)

Specified by:

contains in interface Collection

Specified by:

contains in interface List

toArray

public Object[] toArray()

Specified by:

toArray in interface Collection

Specified by:

toArray in interface List

add

public boolean add(Object o)

Specified by:

add in interface Collection

Specified by:

add in interface List

remove

public boolean remove(Object o)

Specified by:

remove in interface Collection

Specified by:

remove in interface List

addAll

public boolean addAll(Collection c)

Specified by:

addAll in interface Collection

Specified by:

addAll in interface List

addAll

public boolean addAll(int index,
 Collection c)

Specified by:

addAll in interface List

clear

public void clear()

Specified by:

clear in interface Collection

Specified by:

clear in interface List

get

public Object get(int index)

Specified by:

get in interface List

set

public Object set(int index,
 Object element)

Specified by:

set in interface List

add

public void add(int index,
 Object element)

Specified by:

add in interface List

remove

public Object remove(int index)

Specified by:

remove in interface List

indexOf

public int indexOf(Object o)

Specified by:

indexOf in interface List

lastIndexOf

public int lastIndexOf(Object o)

Specified by:

lastIndexOf in interface List

listIterator

public ListIterator listIterator()

Specified by:

listIterator in interface List

listIterator

public ListIterator listIterator(int index)

Specified by:

listIterator in interface List

subList

public List subList(int fromIndex,
 int toIndex)

Specified by:

subList in interface List

retainAll

public boolean retainAll(Collection c)

Specified by:

retainAll in interface Collection

Specified by:

retainAll in interface List

removeAll

public boolean removeAll(Collection c)

Specified by:

removeAll in interface Collection

Specified by:

removeAll in interface List

containsAll

public boolean containsAll(Collection c)

Specified by:

containsAll in interface Collection

Specified by:

containsAll in interface List

toArray

public Object[] toArray(Object[] a)

Specified by:

toArray in interface Collection

Specified by:

toArray in interface List

iterator

public Iterator iterator()

Specified by:

iterator in interface Collection

Specified by:

iterator in interface Iterable

Specified by:

iterator in interface List

run

public void run()

Specified by:

run in interface Runnable

hasNext

public boolean hasNext()

Specified by:

hasNext in interface Iterator

next

public Object next()

Specified by:

next in interface Iterator

call

public Object call()
            throws Exception

Specified by:

call in interface Callable

Throws:

Exception

apply

public Object apply(Object o)

Specified by:

apply in interface Function

clone

public Object clone()

Overrides:

clone in class Object

reversed

public Zer reversed()

Specified by:

reversed in interface Comparator

Specified by:

reversed in interface List

Specified by:

reversed in interface SequencedCollection