@@ -220,4 +281,15 @@ public class Security218BlackBoxTest {
}
}
/** An attack payload, as a Java serialized object ({@code \xAC\ED…}). */
privatestaticbyte[]payload()throwsIOException{
// TODO from ysoserial; use that library to generate other payloads on demand (would like a variant which uses System.setProperty for more portable tests)