package fuzion24.device.vulnerability.vulnerabilities.framework.serialization;
import android.content.Context;
import android.util.Log;
import java.io.InvalidClassException;
import java.io.ObjectStreamClass;
import java.io.ObjectStreamField;
import java.io.Serializable;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
public class ObjectSerializationBugTest implements VulnerabilityTest{
/*
https://android.googlesource.com/platform/libcore/+/738c833d38d41f8f76eb7e77ab39add82b1ae1e2
http://seclists.org/fulldisclosure/2014/Nov/51
*/
@Override
public String getCVEorID() {
return "CVE-2014-7911";
}
@Override
public List<CPUArch> getSupportedArchitectures() {
ArrayList<CPUArch> archs = new ArrayList<>();
archs.add(CPUArch.ALL);
return archs;
}
@Override
public boolean isVulnerable(Context context) throws Exception {
return false;
}
/*
// http://b/4471249
public void testSerializeFieldMadeTransient() throws Exception {
// Does ObjectStreamClass have the right idea?
ObjectStreamClass osc = ObjectStreamClass.lookup(FieldMadeTransient.class);
ObjectStreamField[] fields = osc.getFields();
assertEquals(1, fields.length);
assertEquals("nonTransientInt", fields[0].getName());
assertEquals(int.class, fields[0].getType());
// this was created by serializing a FieldMadeTransient with a non-0 transientInt
String s = "aced0005737200346c6962636f72652e6a6176612e696f2e53657269616c697a6174696f6e54657"
+ "374244669656c644d6164655472616e7369656e74000000000000000002000149000c7472616e736"
+ "9656e74496e747870abababab";
FieldMadeTransient deserialized = (FieldMadeTransient) SerializationTester.deserializeHex(s);
assertEquals(0, deserialized.transientInt);
}
static class FieldMadeTransient implements Serializable {
private static final long serialVersionUID = 0L;
private transient int transientInt;
private int nonTransientInt;
}
public void testSerialVersionUidChange() throws Exception {
// this was created by serializing a SerialVersionUidChanged with serialVersionUID = 0L
String s = "aced0005737200396c6962636f72652e6a6176612e696f2e53657269616c697a6174696f6e54657"
+ "3742453657269616c56657273696f6e5569644368616e67656400000000000000000200014900016"
+ "1787000000003";
try {
SerializationTester.deserializeHex(s);
fail();
} catch (InvalidClassException expected) {
}
}
*/
@SuppressWarnings("unused") // Required for deserialization test
static class SerialVersionUidChanged implements Serializable {
private static final long serialVersionUID = 1L; // was 0L
private int a;
}
}