Skip to content

J
jenkins

LinuxSuRen / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jenkins

体验新版 GitCode,发现更多精彩内容 >>

提交 15032553 编写于 作者: J Jesse Glick
浏览文件
操作

Now operating at chunked transport level.

上级 e01d3c77
隐藏空白更改
内联 并排
Showing with 106 addition and 38 deletion
test/src/test/java/jenkins/security/Security218BlackBoxTest.java
浏览文件 @ 15032553
......@@ -26,16 +26,17 @@ package jenkins.security;
import hudson.cli.CLI;
import hudson.cli.CliPort;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.util.concurrent.atomic.AtomicLong;
import jenkins.util.Timer;
import org.junit.Test;
import static org.junit.Assert.*;
......@@ -64,18 +65,61 @@ public class Security218BlackBoxTest {
final OutputStream realOS = real.getOutputStream();
final InputStream proxyIS = proxy.getInputStream();
final OutputStream proxyOS = proxy.getOutputStream();
final AtomicLong timestamp = new AtomicLong(System.currentTimeMillis());
final ByteArrayOutputStream incoming = new ByteArrayOutputStream();
final ByteArrayOutputStream outgoing = new ByteArrayOutputStream();
Timer.get().submit(new Runnable() {
@Override
public void run() {
try {
// Read up to \x00\x00\x00\x00, end of header.
int nullCount = 0;
ByteArrayOutputStream buf = new ByteArrayOutputStream();
int c;
while ((c = realIS.read()) != -1) {
synchronized (timestamp) {
incoming.write(c);
timestamp.set(System.currentTimeMillis());
proxyOS.write(c);
buf.write(c);
if (c == 0) {
if (++nullCount == 4) {
break;
}
} else {
nullCount = 0;
}
}
System.err.print("← ");
display(buf.toByteArray());
System.err.println();
// Now assume we are in chunked transport.
PACKETS: while (true) {
buf.reset();
//System.err.println("reading one packet");
while (true) { // one packet, ≥1 chunk
//System.err.println("reading one chunk");
int hi = realIS.read();
if (hi == -1) {
break PACKETS;
}
proxyOS.write(hi);
int lo = realIS.read();
proxyOS.write(lo);
boolean hasMore = (hi & 0x80) > 0;
if (hasMore) {
hi &= 0x7F;
}
int len = hi * 0x100 + lo;
//System.err.printf("waiting for %X bytes%n", len);
for (int i = 0; i < len; i++) {
c = realIS.read();
proxyOS.write(c);
buf.write(c);
}
if (hasMore) {
continue;
}
System.err.print("← ");
byte[] data = buf.toByteArray();
//display(data);
showSer(data);
System.err.println();
break;
}
}
} catch (IOException x) {
......@@ -87,11 +131,52 @@ public class Security218BlackBoxTest {
@Override
public void run() {
try {
int nullCount = 0;
ByteArrayOutputStream buf = new ByteArrayOutputStream();
int c;
while ((c = proxyIS.read()) != -1) {
synchronized (timestamp) {
outgoing.write(c);
timestamp.set(System.currentTimeMillis());
realOS.write(c);
buf.write(c);
if (c == 0) {
if (++nullCount == 4) {
break;
}
} else {
nullCount = 0;
}
}
System.err.print("→ ");
display(buf.toByteArray());
System.err.println();
PACKETS: while (true) {
buf.reset();
while (true) {
int hi = proxyIS.read();
if (hi == -1) {
break PACKETS;
}
realOS.write(hi);
int lo = proxyIS.read();
realOS.write(lo);
boolean hasMore = (hi & 0x80) > 0;
if (hasMore) {
hi &= 0x7F;
}
int len = hi * 0x100 + lo;
for (int i = 0; i < len; i++) {
c = proxyIS.read();
realOS.write(c);
buf.write(c);
}
if (hasMore) {
continue;
}
System.err.print("→ ");
byte[] data = buf.toByteArray();
//display(data);
showSer(data);
System.err.println();
break;
}
}
} catch (IOException x) {
......@@ -99,35 +184,8 @@ public class Security218BlackBoxTest {
}
}
});
while (true) {
while (System.currentTimeMillis() - timestamp.get() < /* wait for a complete packet */ 500) {
Thread.sleep(10);
}
synchronized (timestamp) {
if (incoming.size() > 0) {
byte[] data = incoming.toByteArray();
System.err.print("← ");
display(data);
System.err.println();
proxyOS.write(data);
incoming.reset();
timestamp.set(System.currentTimeMillis());
} else if (outgoing.size() > 0) {
byte[] data = outgoing.toByteArray();
System.err.print("→ ");
display(data);
System.err.println();
// TODO try to inject payloads
realOS.write(data);
outgoing.reset();
timestamp.set(System.currentTimeMillis());
}
}
}
} catch (IOException x) {
x.printStackTrace();
} catch (InterruptedException x) {
// OK
}
}
});
......@@ -142,7 +200,7 @@ public class Security218BlackBoxTest {
fail("TODO assert that payloads did not work");
}
private static void display(byte[] data) {
private static synchronized void display(byte[] data) {
for (byte c : data) {
if (c >= ' ' && c <= '~') {
System.err.write(c);
......@@ -152,4 +210,14 @@ public class Security218BlackBoxTest {
}
}
private static synchronized void showSer(byte[] data) {
try {
ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(data));
Object o = ois.readObject();
System.err.print(o);
} catch (Exception x) {
System.err.printf("<%s>", x);
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册