diff --git a/.gitignore b/.gitignore index db4561e..055391f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,9 @@ __pycache__/ # C extensions *.so +# Java +*.class + # Distribution / packaging .Python env/ diff --git a/classes/private/Confidential.class b/classes/private/Confidential.class deleted file mode 100644 index b1d7d18..0000000 Binary files a/classes/private/Confidential.class and /dev/null differ diff --git a/classes/private/Confidential.java b/classes/private/Confidential.java index 3db3275..99eeefd 100644 --- a/classes/private/Confidential.java +++ b/classes/private/Confidential.java @@ -4,6 +4,6 @@ public class Confidential { private String hidden = "burn after reading"; public Confidential(String text) { - this.secret = text; + this.secret = text.toUpperCase(); } } diff --git a/classes/private/Expose.class b/classes/private/Expose.class deleted file mode 100644 index 4635ace..0000000 Binary files a/classes/private/Expose.class and /dev/null differ diff --git a/classes/private/Expose.java b/classes/private/Expose.java index 725ad75..8a52bb3 100644 --- a/classes/private/Expose.java +++ b/classes/private/Expose.java @@ -3,18 +3,18 @@ import java.lang.reflect.Field; public class Expose { public static void main(String[] args) { - Confidential message = new Confidential("text you shoudn't see"); - Field privateField = null; + Confidential message = new Confidential("top secret text"); + Field secretField = null; try { - privateField = Confidential.class.getDeclaredField("secret"); + secretField = Confidential.class.getDeclaredField("secret"); } catch (NoSuchFieldException e) { System.err.println(e); System.exit(1); } - privateField.setAccessible(true); // break the lock! + secretField.setAccessible(true); // break the lock! try { - String wasHidden = (String) privateField.get(message); + String wasHidden = (String) secretField.get(message); System.out.println("message.secret = " + wasHidden); } catch (IllegalAccessException e) { diff --git a/classes/private/expose.py b/classes/private/expose.py index 688d10e..1df710c 100644 --- a/classes/private/expose.py +++ b/classes/private/expose.py @@ -1,6 +1,6 @@ import Confidential -message = Confidential("text you shoudn't see") -private_field = Confidential.getDeclaredField('secret') -private_field.setAccessible(True) # break the lock! -print 'message.secret =', private_field.get(message) +message = Confidential('top secret text') +secret_field = Confidential.getDeclaredField('secret') +secret_field.setAccessible(True) # break the lock! +print 'message.secret =', secret_field.get(message) diff --git a/classes/private/leakprivate.py b/classes/private/leakprivate.py index fb221bc..bd20bf0 100644 --- a/classes/private/leakprivate.py +++ b/classes/private/leakprivate.py @@ -1,7 +1,7 @@ from java.lang.reflect import Modifier import Confidential -message = Confidential('never expose this') +message = Confidential('top secret text') fields = Confidential.getDeclaredFields() for field in fields: # list private fields only diff --git a/classes/private/no_respect.py b/classes/private/no_respect.py index 27c6e5f..4eb3476 100644 --- a/classes/private/no_respect.py +++ b/classes/private/no_respect.py @@ -1,12 +1,17 @@ -# In the Jython registry: -# python.security.respectJavaAccessibility = false -# Setting this to false will allow Jython to provide access to -# non-public fields, methods, and constructors of Java objects. + +""" +In the Jython registry file there is this line: + +python.security.respectJavaAccessibility = true + +Set this to false and Jython provides access to non-public +fields, methods, and constructors of Java objects. +""" import Confidential -message = Confidential("text you shoudn't see") +message = Confidential('top secret text') for name in dir(message): attr = getattr(message, name) - if not callable(attr): # ignore methods - print name, '=', attr + if not callable(attr): # non-methods only + print name + '\t=', attr