Giter Club home page Giter Club logo

onlineexecutor's Issues

Found a possible security concern

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@achiove) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

关于在CentOS下运行报错

在MacOS下运行正常,但是放到CentOS下会报错,尝试了多个JDK版本,应该不是版本问题,感觉是编译上第一步在生成JavaFileManager出现了问题。

ERROR 19006 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause

java.lang.NullPointerException: null
at org.olexec.compile.StringSourceCompiler.compile(StringSourceCompiler.java:23) ~[classes!/:0.0.1-SNAPSHOT]
at org.olexec.service.ExecuteStringSourceService.execute(ExecuteStringSourceService.java:32) ~[classes!/:0.0.1-SNAPSHOT]
at org.olexec.controller.RunCodeController.runCode(RunCodeController.java:35) ~[classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_222]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_222]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_222]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_222]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189) ~[spring-web-5.1.4.RELEASE.jar!/:5.1.4.RELEASE]
......

看完了doc,说说个人看法

我只能写java,java写得也不咋样,编译原理什么都不懂,所有的基础课程也没学过,会的只有CURD。
感觉想法其实挺好的,调用jdk系统类库进行编译,然后hack一部分调用,里面涉及的java知识只是听过却没写过,所以佩服。
不过有个很麻烦的问题,你只hack了System,同时又没有屏蔽太多的功能,那么用户要是不写System.out.println怎么办呢?jdk里功能太多了。用户可以用jdk发起很多系统调用的,比如shell。
那么用户其实完全可以调用shell,然后尝试找到javac,再编译,再执行。
这只是其中的一小部分,还有很多事情可以做。
不过前面有关字节码的知识,有关jdk vm相关类库的知识让我受益良多,所以还是非常感谢。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.