yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-04 02:09:44 +02:00
Code Issues Releases Wiki Activity

GT-3198 remove usage of java.beans.XMLDecoder/ XMLEncoder #1090.

Browse source 
Java's built-in XMLEncoder / XMLDecoder is too flexible and allows the
XML data being decoded to execute arbitrary commands and other
non-niceness to happen.

Replace FunctionBitPatternExplorerPlugin's usage with manual
serializing.
This commit is contained in:
dev747368 2019-10-01 14:02:18 -04:00
parent 2ce191d865
commit 2c9b771d13
7 changed files with 409 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Ghidra/Features/BytePatterns/ghidra_scripts/DumpFunctionPatternInfoScript.java
View file

@ -16,7 +16,6 @@
//This script dumps information about byte and instructions in neighborhoods around function starts
//and returns to an XML file
//@category FunctionStartPatterns
import java.beans.XMLEncoder;
import java.io.*;
import java.util.List;
@ -118,10 +117,7 @@ public class DumpFunctionPatternInfoScript extends GhidraScript {
File savedFile = new File(saveDir.getAbsolutePath() + File.separator +
currentProgram.getDomainFile().getPathname().replaceAll("/", "_") + "_" +
currentProgram.getExecutableMD5() + "_funcInfo.xml");
try (XMLEncoder xmlEncoder =
new XMLEncoder(new BufferedOutputStream(new FileOutputStream(savedFile)))) {
xmlEncoder.writeObject(funcPatternList);
}
funcPatternList.toXmlFile(savedFile);
Msg.info(this,
"Programs analyzed: " + programsAnalyzed + "; total functions: " + totalFuncs);
}