From 9da839023ecc4b2fdcb8b7d8c0a76aba37e2ae4d Mon Sep 17 00:00:00 2001 From: Luciano Ramalho Date: Sun, 19 Oct 2014 15:41:11 -0200 Subject: [PATCH] updated Java/Jython private field examples --- .gitignore | 3 +++ classes/private/Confidential.class | Bin 360 -> 0 bytes classes/private/Confidential.java | 2 +- classes/private/Expose.class | Bin 1250 -> 0 bytes classes/private/Expose.java | 10 +++++----- classes/private/expose.py | 8 ++++---- classes/private/leakprivate.py | 2 +- classes/private/no_respect.py | 19 ++++++++++++------- 8 files changed, 26 insertions(+), 18 deletions(-) delete mode 100644 classes/private/Confidential.class delete mode 100644 classes/private/Expose.class diff --git a/.gitignore b/.gitignore index db4561e..055391f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,9 @@ __pycache__/ # C extensions *.so +# Java +*.class + # Distribution / packaging .Python env/ diff --git a/classes/private/Confidential.class b/classes/private/Confidential.class deleted file mode 100644 index b1d7d185be69c8015542005c130ed6f4e4ca14a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 360 zcmZWk%SyvQ6g`usO&?LyXrk`wu8m;9tX~9l^S=KgFce*Kt^U|y} z5i2c=tLCAP0nP;Aql+F{q_s68xvrEQStWDQ@X>E3{@+u9;Fs+~x>Xq!w8oPaE-22U zZihz1ea3r6K^yRozyYh-eglY;cZei(c4#G`yF)vKctV*rtiQ-i#%KeM30C} Jsq8xlegL9rM7IC{ diff --git a/classes/private/Confidential.java b/classes/private/Confidential.java index 3db3275..99eeefd 100644 --- a/classes/private/Confidential.java +++ b/classes/private/Confidential.java @@ -4,6 +4,6 @@ public class Confidential { private String hidden = "burn after reading"; public Confidential(String text) { - this.secret = text; + this.secret = text.toUpperCase(); } } diff --git a/classes/private/Expose.class b/classes/private/Expose.class deleted file mode 100644 index 4635ace4d7dfd1b3316945f346e510a46f319e29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1250 zcmah}T~pIQ6g}I9Zb<`$mI8`mRfLwWDt=Qyp@1OeLyIuzQ%IK*Op{KNI`E5l#)sm_ zjN`M<{vP!v0cjm(%){>H?m2hQxw)GkzrKD0FoA6uJs9K|3L_;WfOHtcGDa}UG1iK4 zWMtgO1DRG6G9KcQJ3Qui;_f}=cqSu?!7!e?^Q1duUBVQ{G{+3b3x?2?ZtBhqLok)z zVvurHQ7}aFx+&Ib?G)#I}N?Y9CkC ziihWTNuoJsNhck~AQ!A!RTGQ4n=7(#Sg~v|?j};ui)#!@&NBD(qA(p@H5d|(ICPRn zRxN4oTeYG&g_^d%s0*XGaHxrjqgy7&qJmdg z;#gMj8Y>F&SS4)=*08Q%18*2QE>rlX6uiX}L(jkQxteYiMU|nmENojXiE&>|ayqG? zfK3JOu;m^@LX(%|Wy269)tJ>ZV*OP{Ui?xt30U7f5SqgfzoOJlimGDIAY{g~OGQgv z{b{0?GIEA$+jLk-IP*d?)T$_+lgF+iH{@$NE8C>EaAZ58OdTYuRF{NL(yhz}HHSmh z6l$3WaZg2an1NSZkU^c*q~0%q*I1G`)TtO!YT0WuTR46Zb-yiB@7-{a3^5Egdbmi@ z;Nd((aH~e}kXoq-v&is2?|w&|e|fSJb}T={(3MIz9N-2V$ zW=3<%@F~~{Eg1S}40*vIT5-dJxX_;nLZW&541t|k@Dx&>t;P|EwbT(>Jw|lxGs0ta zv`Swfk4kk!Mn~#UzN3vc+RqT(IYmdTvyK>nVs*sp=sHH^f^|a56eLI+M;a@16A~10 z#Z02zlO)rQLXr~n-iru%P>@6$2Iw!6MkoE8V#MnqW*64U?-rr@iP;C~H!Xu4w>XlV UYQZ?}M0Ae3oO})tB!GK=0Fg5!`Tzg` diff --git a/classes/private/Expose.java b/classes/private/Expose.java index 725ad75..8a52bb3 100644 --- a/classes/private/Expose.java +++ b/classes/private/Expose.java @@ -3,18 +3,18 @@ import java.lang.reflect.Field; public class Expose { public static void main(String[] args) { - Confidential message = new Confidential("text you shoudn't see"); - Field privateField = null; + Confidential message = new Confidential("top secret text"); + Field secretField = null; try { - privateField = Confidential.class.getDeclaredField("secret"); + secretField = Confidential.class.getDeclaredField("secret"); } catch (NoSuchFieldException e) { System.err.println(e); System.exit(1); } - privateField.setAccessible(true); // break the lock! + secretField.setAccessible(true); // break the lock! try { - String wasHidden = (String) privateField.get(message); + String wasHidden = (String) secretField.get(message); System.out.println("message.secret = " + wasHidden); } catch (IllegalAccessException e) { diff --git a/classes/private/expose.py b/classes/private/expose.py index 688d10e..1df710c 100644 --- a/classes/private/expose.py +++ b/classes/private/expose.py @@ -1,6 +1,6 @@ import Confidential -message = Confidential("text you shoudn't see") -private_field = Confidential.getDeclaredField('secret') -private_field.setAccessible(True) # break the lock! -print 'message.secret =', private_field.get(message) +message = Confidential('top secret text') +secret_field = Confidential.getDeclaredField('secret') +secret_field.setAccessible(True) # break the lock! +print 'message.secret =', secret_field.get(message) diff --git a/classes/private/leakprivate.py b/classes/private/leakprivate.py index fb221bc..bd20bf0 100644 --- a/classes/private/leakprivate.py +++ b/classes/private/leakprivate.py @@ -1,7 +1,7 @@ from java.lang.reflect import Modifier import Confidential -message = Confidential('never expose this') +message = Confidential('top secret text') fields = Confidential.getDeclaredFields() for field in fields: # list private fields only diff --git a/classes/private/no_respect.py b/classes/private/no_respect.py index 27c6e5f..4eb3476 100644 --- a/classes/private/no_respect.py +++ b/classes/private/no_respect.py @@ -1,12 +1,17 @@ -# In the Jython registry: -# python.security.respectJavaAccessibility = false -# Setting this to false will allow Jython to provide access to -# non-public fields, methods, and constructors of Java objects. + +""" +In the Jython registry file there is this line: + +python.security.respectJavaAccessibility = true + +Set this to false and Jython provides access to non-public +fields, methods, and constructors of Java objects. +""" import Confidential -message = Confidential("text you shoudn't see") +message = Confidential('top secret text') for name in dir(message): attr = getattr(message, name) - if not callable(attr): # ignore methods - print name, '=', attr + if not callable(attr): # non-methods only + print name + '\t=', attr