5.3.1. Basic Concepts

5.3.1.1. JVM

The JVM is the core of the Java platform, implemented in machine code, and provides all the basic functions required for program execution, such as bytecode parsers, JIT compilers, garbage collectors, and more. Since it is implemented in machine code, it is also vulnerable to binary attacks.

JCL is a standard library that comes with the JVM and contains hundreds of system classes. By default, all system classes are trusted and have all privileges.

5.3.1.2. JDK

Java Development Kit (Java Development Kit, JDK) is a Java platform released by Oracle Corporation, and there are Standard Edition (Java SE), Enterprise Edition (Enterprise Edition, Java EE) and other versions.

In the beginning, JDK was released in binary form, then on November 17, 2006, Sun released the source code of Java under the GPL license, and then OpenJDK appeared.

5.3.1.3. JMX

JMX (Java Management Extensions, Java Management Extensions) is a framework that implants management functions for applications, and mainly provides corresponding tools for managing and monitoring applications, system objects, devices and service-oriented networks. JMX can remotely read values ​​in the system and call methods in the system. When JMX is not configured for authentication or the JDK version is too low, there is a deserialization vulnerability, which may lead to remote code execution.

5.3.1.4. JNI

JNI (Java Native Interface) is an interface provided by Java to interact with other languages.

5.3.1.5. JNA

JNA (Java Native Access) is a framework on top of JNI, which is used to automatically implement the mapping of Java interfaces to native functions without the need to write additional JNI code.

5.3.1.6. OGNL

OGNL (Object-Graph Navigation Language, Object Navigation Language) is a powerful expression language. Through simple and consistent expression syntax, it provides access to any properties of objects, methods of calling objects, and traversing the structure diagram of the entire object. , to achieve field type conversion and other functions.

OGNL is used in Struts2, which provides a ValueStack class. ValueStack is divided into two parts: root and context. The root is the current action object, and the context is all the content in the ActionContext.

5.3.1.7. IO Model

Java encapsulates various IO models of the operating system to form different APIs.

5.3.1.7.1. BIO

BIO (Blocking I/O) is a synchronous blocking I/O mode. The reading and writing of data must be blocked in a thread waiting for its completion.

5.3.1.7.2. NIO

NIO (New I/O) is a synchronous non-blocking I/O model, introduced in Java 1.4, corresponding to the java.nio package, which provides abstractions such as Channel, Selector, and Buffer.

5.3.1.7.3. AIO

AIO (Asynchronous I/O) was introduced in Java 7 and is an improved version of NIO. It is an asynchronous non-blocking IO model based on events and callback mechanisms.

5.3.1.8. Reflection

5.3.1.8.1. Introduction

Java reflection mechanism means that in the running state, for any class, you can know all the properties and methods of this class; for any object, you can call any of its methods and properties; this dynamic acquisition of information and dynamic invocation of objects The function of the method is called the reflection mechanism of the language.

5.3.1.8.2. Related classes

class name	use
Class	entity of class
Field	class member variable
Method	class method
Constructor	class constructor

5.3.1.8.3. Class related

• asSubclass(Class<U> clazz)

  • Converts an object of the passed class to an object representing its subclass

• Cast

  • Convert an object to an object representing a class or interface

• getClassLoader()

  • get the class loader

• getClasses()

  • Returns an array containing objects of all public and interface classes in the class

• getDeclaredClasses()

  • Returns an array containing objects of all classes and interface classes in this class

• forName(String className)

  • Returns an object of a class based on the class name

• getName()

  • Get the full path name of the class

• newInstance()

  • Create an instance of the class

• getPackage()

  • get class package

• getSimpleName()

  • get class name

• getSuperclass()

  • Get the name of the parent class that the current class inherits from

• getInterfaces()

  • Get the class or interface implemented by the current class

• getField(String name)

  • Get a public property object

• getFields()

  • Get all public property objects

• getDeclaredField(String name)

  • get a property object

• getDeclaredFields()

  • get all property objects

• getAnnotation(Class<A> annotationClass)

  • Returns the public annotation object in this class that matches the parameter type

• getAnnotations()

  • Returns all public annotation objects of this class

• getDeclaredAnnotation(Class<A> annotationClass)

  • Returns all annotation objects in this class that match the parameter type

• getDeclaredAnnotations()

  • Returns all annotation objects of this class

• getConstructor(Class…<?> parameterTypes)

  • Get the public constructor in this class that matches the parameter type

• getConstructors()

  • Get all public constructors of this class

• getDeclaredConstructor(Class…<?> parameterTypes)

  • Get the constructor in this class that matches the parameter type

• getDeclaredConstructors()

  • Get all constructors of this class

• getMethod(String name, Class…<?> parameterTypes)

  • Get a public method of this class

• getMethods()

  • Get all public methods of this class

• getDeclaredMethod(String name, Class…<?> parameterTypes)

  • get a method of this class

• getDeclaredMethods()

  • Get all methods of this class

• isAnnotation()

  • Returns true if it is an annotation type

• isAnnotationPresent(Class<? extends Annotation> annotationClass)

  • Returns true if it is the specified type annotation type

• isAnonymousClass()

  • Returns true if it is an anonymous class

• isArray()

  • Returns true if it is an array class

• isEnum()

  • Returns true if it is an enum class

• isInstance(Object obj)

  • Returns true if obj is an instance of this class

• isInterface()

  • Returns true if it is an interface class

• isLocalClass()

  • Returns true if it is a local class

• isMemberClass()

  • Returns true if it is an inner class

5.3.1.8.4. Field related

• equals(Object obj)

  • Returns true if the property is equal to obj

• get(Object obj)

  • Get the corresponding property value in obj

• set(Object obj, Object value)

  • Set the corresponding property value in obj

5.3.1.8.5. Method related

• invoke(Object obj, Object… args)

  • Pass the object object and parameters to call the method corresponding to the object

5.3.1.8.6. Constructor

• newInstance(Object… initargs)

  • Create an object of the class based on the passed parameters