diff --git a/src/the/bytecode/club/bytecodeviewer/gui/MaliciousCodeScannerOptions.java b/src/the/bytecode/club/bytecodeviewer/gui/MaliciousCodeScannerOptions.java index ef2cbc8e..8b90f464 100644 --- a/src/the/bytecode/club/bytecodeviewer/gui/MaliciousCodeScannerOptions.java +++ b/src/the/bytecode/club/bytecodeviewer/gui/MaliciousCodeScannerOptions.java @@ -17,7 +17,7 @@ import java.awt.event.ActionEvent; public class MaliciousCodeScannerOptions extends JFrame { public MaliciousCodeScannerOptions() { this.setIconImages(BytecodeViewer.iconList); - setSize(new Dimension(250, 277)); + setSize(new Dimension(250, 300)); setResizable(false); setTitle("Malicious Code Scanner Options"); getContentPane().setLayout(null); @@ -67,6 +67,12 @@ public class MaliciousCodeScannerOptions extends JFrame { chckbxLdcMatchesIp.setBounds(6, 189, 232, 23); getContentPane().add(chckbxLdcMatchesIp); + final JCheckBox chckbxNullSecMan = new JCheckBox( + "SecurityManager set to null"); + chckbxNullSecMan.setSelected(true); + chckbxNullSecMan.setBounds(6, 215, 232, 23); + getContentPane().add(chckbxNullSecMan); + JButton btnNewButton = new JButton("Start Scanning"); btnNewButton.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent arg0) { @@ -77,11 +83,11 @@ public class MaliciousCodeScannerOptions extends JFrame { chckbxLdcContainswww.isSelected(), chckbxLdcContainshttp.isSelected(), chckbxLdcContainshttps.isSelected(), chckbxLdcMatchesIp - .isSelected())); + .isSelected(), chckbxNullSecMan.isSelected())); dispose(); } }); - btnNewButton.setBounds(6, 219, 232, 23); + btnNewButton.setBounds(6, 245, 232, 23); getContentPane().add(btnNewButton); this.setLocationRelativeTo(null); } diff --git a/src/the/bytecode/club/bytecodeviewer/plugins/MaliciousCodeScanner.java b/src/the/bytecode/club/bytecodeviewer/plugins/MaliciousCodeScanner.java index f85468d9..c01ba6f6 100644 --- a/src/the/bytecode/club/bytecodeviewer/plugins/MaliciousCodeScanner.java +++ b/src/the/bytecode/club/bytecodeviewer/plugins/MaliciousCodeScanner.java @@ -2,10 +2,12 @@ package the.bytecode.club.bytecodeviewer.plugins; import java.util.ArrayList; +import org.objectweb.asm.Opcodes; import org.objectweb.asm.tree.AbstractInsnNode; import org.objectweb.asm.tree.ClassNode; import org.objectweb.asm.tree.FieldNode; import org.objectweb.asm.tree.InsnList; +import org.objectweb.asm.tree.InsnNode; import org.objectweb.asm.tree.LdcInsnNode; import org.objectweb.asm.tree.MethodInsnNode; import org.objectweb.asm.tree.MethodNode; @@ -25,10 +27,11 @@ import the.bytecode.club.bytecodeviewer.api.PluginConsole; public class MaliciousCodeScanner extends Plugin { - public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP; + public boolean ORE, ONE, ORU, OIO, LWW, LHT, LHS, LIP, NSM; public MaliciousCodeScanner(boolean reflect, boolean runtime, boolean net, - boolean io, boolean www, boolean http, boolean https, boolean ip) { + boolean io, boolean www, boolean http, boolean https, boolean ip, + boolean nullSecMan) { ORE = reflect; ONE = net; ORU = runtime; @@ -37,6 +40,7 @@ public class MaliciousCodeScanner extends Plugin { LHT = http; LHS = https; LIP = ip; + NSM = nullSecMan; } @Override @@ -77,6 +81,8 @@ public class MaliciousCodeScanner extends Plugin { } } + boolean prevInsn_aconst_null = false; + for (Object o : classNode.methods.toArray()) { MethodNode m = (MethodNode) o; @@ -111,6 +117,29 @@ public class MaliciousCodeScanner extends Plugin { } } } + + // Check if the security manager is getting set to null + if ((a instanceof InsnNode) + && (a.getOpcode() == Opcodes.ACONST_NULL)) { + prevInsn_aconst_null = true; + } else if ((a instanceof MethodInsnNode) + && (a.getOpcode() == Opcodes.INVOKESTATIC)) { + final String owner = ((MethodInsnNode) a).owner; + final String name = ((MethodInsnNode) a).name; + if ((NSM && prevInsn_aconst_null + && owner.equals("java/lang/System") && name + .equals("setSecurityManager"))) { + sb.append("Found Security Manager set to null at method " + + classNode.name + + "." + + m.name + + "(" + + m.desc + ")" + BytecodeViewer.nl); + prevInsn_aconst_null = false; + } + } else { + prevInsn_aconst_null = false; + } } } }