Merge pull request #53 from qtc-de/develop

Prepare v5.0.0 Release
qtc-de · Dec 19, 2023 · 8d0fd45 · 8d0fd45
2 parents 86f4ca6 + f6ea9b0
commit 8d0fd45
Show file tree

Hide file tree

Showing 160 changed files with 4,178 additions and 1,627 deletions.
diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,5 @@ buildNumber.properties
 .project
 .settings/
 .internal/
+*.swp
+*.bak
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [5.0.0] - MMM DD, 2023
+
+### Added
+
+* Add support for dynamically created socket factory classes ([docs](/docs/rmg/dynamic-socket-factories.md))
+* Add support for method guessing on spring-remoting endpoints ([docs](/docs/rmg/spring-remoting.md))
+* Add a *Spring Remoting* example server ([src](docker/spring-remoting/), [package](https://github.com/qtc-de/remote-method-guesser/pkgs/container/remote-method-guesser%2Fspring-remoting-server))
+
+### Changed
+
+* Changed the namespace of the project from `de.qtc` to `eu.tneitzel`
+* Fix leak of local ysoserial path (e30f52c)
+* The GenericPrint plugin is now included in *rmg* per default (b09e9a5)
+* Stream corruption errors during method guessing are only displayed if `--verbose` is used
+
+
 ## [4.4.1] - Jun 22, 2023
 
 ### Added

diff --git a/README.md b/README.md
@@ -140,13 +140,13 @@ bind operations. When using the ``bind`` or ``rebind`` action *remote-method-gue
 [+] RMI registry bound names:
 [+]
 [+] 	- plain-server2
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ff7, 9040809218460289711]
 [+] 	- legacy-service
-[+] 		--> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ffc, 4854919471498518309]
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ff8, 6721714394791464813]
 
 [qtc@devbox ~]$ rmg bind 172.17.0.2 9010 127.0.0.1:4444 my-object --localhost-bypass 
@@ -159,16 +159,16 @@ bind operations. When using the ``bind`` or ``rebind`` action *remote-method-gue
 [+] RMI registry bound names:
 [+]
 [+] 	- plain-server2
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ff7, 9040809218460289711]
 [+] 	- my-object
 [+] 		--> javax.management.remote.rmi.RMIServerImpl_Stub (known class: JMX Server)
 [+] 		    Endpoint: 127.0.0.1:4444 ObjID: [6633018:17cb5d1bb57:-7ff8, -8114172517417646722]
 [+] 	- legacy-service
-[+] 		--> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ffc, 4854919471498518309]
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:39153 ObjID: [-af587e6:17d6f7bb318:-7ff8, 6721714394791464813]
 ```
 
@@ -302,20 +302,20 @@ page](./docs/rmg/actions.md#enum).
 [+] RMI registry bound names:
 [+]
 [+]   - plain-server2
-[+]     --> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+]     --> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+]         Endpoint: iinsecure.example:42273 ObjID: [-49c48e31:17d6f8692ae:-7ff7, -3079588349672331489]
 [+]   - legacy-service
-[+]     --> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
+[+]     --> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
 [+]         Endpoint: iinsecure.example:42273 ObjID: [-49c48e31:17d6f8692ae:-7ffc, -2969569395601583761]
 [+]   - plain-server
-[+]     --> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+]     --> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+]         Endpoint: iinsecure.example:42273 ObjID: [-49c48e31:17d6f8692ae:-7ff8, 1319708214331962145]
 [+]
 [+] RMI server codebase enumeration:
 [+]
 [+]   - http://iinsecure.example/well-hidden-development-folder/
-[+]     --> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub
-[+]     --> de.qtc.rmg.server.interfaces.IPlainServer
+[+]     --> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub
+[+]     --> eu.tneitzel.rmg.server.interfaces.IPlainServer
 [+]
 [+] RMI server String unmarshalling enumeration:
 [+]
@@ -500,13 +500,13 @@ for each *bound name* and *remote-method-guesser* displays them during the ``enu
 [+] RMI registry bound names:
 [+]
 [+] 	- plain-server2
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40393 ObjID: [-2bc5d969:17d6f8cf44c:-7ff7, 1096154566158180646]
 [+] 	- legacy-service
-[+] 		--> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
 [+] 		    Endpoint: iinsecure.example:40393 ObjID: [-2bc5d969:17d6f8cf44c:-7ffc, 625759208507801754]
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40393 ObjID: [-2bc5d969:17d6f8cf44c:-7ff8, -6355415622579283910]
 ```
 

diff --git a/docker/example-server/CHANGELOG.md b/docker/example-server/CHANGELOG.md
@@ -6,7 +6,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
-## [4.0] - Jan 19, 2023
+## v5.0.0 - Dec 10, 2023
+
+### Added
+
+* Add `custom-socks` bound name to registry on port `9010` which uses a custom socket factory
+
+### Changed
+
+* Changed the servers namespace from `de.qtc` to `eu.tneitzel`
+* Since Java 9 is no longer available in the alpine default package
+  repositories, the JDK is now obtained from an older image of the
+  example-server.
+
+
+## v4.0.0 - Jan 19, 2023
 
 ### Added
 
@@ -19,15 +33,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Change server certificate
 
 
-## [3.3] - May 08, 2022
+## v3.3.0 - May 08, 2022
 
 ### Changed
 
 * Fix timestamp for log messages
 
 
-## [3.2] - May 06, 2022
+## v3.2.0 - May 06, 2022
 
 ### Changed
 
 * Add activation system on port 1098
+
+
+## v3.1.0 and before
+
+Changelog entries can be found within the global [CHANGELOG.md](/CHANGELOG.md) file
+of remote-method-guesser.
diff --git a/docker/example-server/Dockerfile-jdk9 b/docker/example-server/Dockerfile-jdk9
@@ -9,11 +9,9 @@ RUN mvn clean package
 ###########################################
 ###            Build Stage 2            ###
 ###########################################
-FROM alpine:latest AS jdk-builder
+FROM ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:4.0-jdk9 AS jdk-builder
 RUN set -ex \
-    && apk add --no-cache openjdk9 \
-    && /usr/lib/jvm/java-9-openjdk/bin/jlink --add-modules java.rmi,java.management.rmi,jdk.unsupported --verbose --strip-debug --compress 2 \
-       --no-header-files --no-man-pages --module-path  /usr/lib/jvm/java-9-openjdk/jmods/ --output /jdk
+    && mv /usr/lib/jvm/java-9-openjdk /jdk
 
 ###########################################
 ###          Container Stage            ###

diff --git a/docker/example-server/README.md b/docker/example-server/README.md
@@ -34,21 +34,21 @@ The registry on port `1090` is *SSL* protected and contains three available boun
 [+] RMI registry bound names:
 [+]
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7fff, 8831379559932805383]
 [+] 	- ssl-server
-[+] 		--> de.qtc.rmg.server.interfaces.ISslServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.ISslServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:42031  TLS: yes  ObjID: [-492549a8:1809adab6bf:-7ffe, -8819602238278920745]
 [+] 	- secure-server
-[+] 		--> de.qtc.rmg.server.interfaces.ISecureServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.ISecureServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7ffd, -5037949272481440924]
 [+]
 [+] RMI server codebase enumeration:
 [+]
 [+] 	- http://iinsecure.example/well-hidden-development-folder/
-[+] 		--> de.qtc.rmg.server.interfaces.ISslServer
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer
-[+] 		--> de.qtc.rmg.server.interfaces.ISecureServer
+[+] 		--> eu.tneitzel.rmg.server.interfaces.ISslServer
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer
+[+] 		--> eu.tneitzel.rmg.server.interfaces.ISecureServer
 [+]
 [+] RMI server String unmarshalling enumeration:
 [+]
@@ -96,13 +96,13 @@ The registry on port `1098` hosts an *Activation System* and has some *activatab
 [+] RMI registry bound names:
 [+]
 [+] 	- activation-test
-[+] 		--> de.qtc.rmg.server.activation.IActivationService (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.activation.IActivationService (unknown class)
 [+] 		    Activator: iinsecure.example:1098  ActivationID: -492549a8:1809adab6bf:-7ff1
 [+] 	- activation-test2
-[+] 		--> de.qtc.rmg.server.activation.IActivationService2 (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.activation.IActivationService2 (unknown class)
 [+] 		    Activator: iinsecure.example:1098  ActivationID: -492549a8:1809adab6bf:-7fee
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7fec, 5541025679742310482]
 [+] 	- java.rmi.activation.ActivationSystem
 [+] 		--> sun.rmi.server.Activation$ActivationSystemImpl_Stub (known class: RMI Activator)
@@ -111,10 +111,10 @@ The registry on port `1098` hosts an *Activation System* and has some *activatab
 [+] RMI server codebase enumeration:
 [+]
 [+] 	- http://iinsecure.example/well-hidden-development-folder/
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer
-[+] 		--> de.qtc.rmg.server.activation.IActivationService
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer
+[+] 		--> eu.tneitzel.rmg.server.activation.IActivationService
 [+] 		--> sun.rmi.server.Activation$ActivationSystemImpl_Stub
-[+] 		--> de.qtc.rmg.server.activation.IActivationService2
+[+] 		--> eu.tneitzel.rmg.server.activation.IActivationService2
 [+]
 [+] RMI server String unmarshalling enumeration:
 [+]
@@ -167,20 +167,20 @@ registry port binds an *RMI Activator instance*, but not a full working *Activat
 [+] RMI registry bound names:
 [+]
 [+] 	- plain-server2
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7ff7, 8893583921173173865]
 [+] 	- legacy-service
-[+] 		--> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7ffc, -5452660335673756521]
 [+] 	- plain-server
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer (unknown class)
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer (unknown class)
 [+] 		    Endpoint: iinsecure.example:40579  TLS: no  ObjID: [-492549a8:1809adab6bf:-7ff8, 5860842907020657289]
 [+]
 [+] RMI server codebase enumeration:
 [+]
 [+] 	- http://iinsecure.example/well-hidden-development-folder/
-[+] 		--> de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub
-[+] 		--> de.qtc.rmg.server.interfaces.IPlainServer
+[+] 		--> eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub
+[+] 		--> eu.tneitzel.rmg.server.interfaces.IPlainServer
 [+]
 [+] RMI server String unmarshalling enumeration:
 [+]
@@ -230,8 +230,8 @@ to enable *codebase logging*:
 ```yaml
 environment:
   [...]
-    -Djava.rmi.server.RMIClassLoaderSpi=de.qtc.rmg.server.utils.CodebaseLogger
-    -Dde.qtc.rmg.server.disableColor=true
+    -Djava.rmi.server.RMIClassLoaderSpi=eu.tneitzel.rmg.server.utils.CodebaseLogger
+    -Deu.tneitzel.rmg.server.disableColor=true
 ```
 
 Each successful method call is logged on the server side. The following listing shows the output after the server
@@ -265,7 +265,7 @@ Picked up _JAVA_OPTIONS: -Djava.rmi.server.hostname=iinsecure.example     -Djava
 [2022.05.06 - 19:45:12]     
 [2022.05.06 - 19:45:12]     Creating LegacyServiceImpl object.
 [2022.05.06 - 19:45:12]         Binding LegacyServiceImpl as legacy-service
-[2022.05.06 - 19:45:12]         Boundname legacy-service with class de.qtc.rmg.server.legacy.LegacyServiceImpl_Stub is ready.
+[2022.05.06 - 19:45:12]         Boundname legacy-service with class eu.tneitzel.rmg.server.legacy.LegacyServiceImpl_Stub is ready.
 [2022.05.06 - 19:45:12]     Creating PlainServer object.
 [2022.05.06 - 19:45:12]         Binding Object as plain-server
 [2022.05.06 - 19:45:12]         Boundname plain-server with interface IPlainServer is ready.

diff --git a/docker/example-server/docker-compose-jdk11.yml b/docker/example-server/docker-compose-jdk11.yml
@@ -1,8 +1,8 @@
 version: '3.7'
 
 services:
-    rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:4.0-jdk11
+    example-server:
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:5.0-jdk11
       build: .
       environment:
         - > 
@@ -16,8 +16,8 @@ services:
           -Djava.rmi.server.codebase=http://iinsecure.example/well-hidden-development-folder/
         - >
           DELETE_THIS_AND_THE_ABOVE_LINE_TO_ENABLE_CODEBASE_LOGGING_OR_TO_DISABLE_COLOR=
-          -Djava.rmi.server.RMIClassLoaderSpi=de.qtc.rmg.server.utils.CodebaseLogger
-          -Dde.qtc.rmg.server.disableColor=true
+          -Djava.rmi.server.RMIClassLoaderSpi=eu.tneitzel.rmg.server.utils.CodebaseLogger
+          -Deu.tneitzel.rmg.server.disableColor=true
       volumes: 
         - ./resources/trust/store.p12:/opt/store.p12
         - ./resources/conf/policy:/opt/policy
diff --git a/docker/example-server/docker-compose-jdk8.yml b/docker/example-server/docker-compose-jdk8.yml
@@ -1,8 +1,8 @@
 version: '3.7'
 
 services:
-    rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:4.0-jdk8
+    example-server:
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:5.0-jdk8
       build: .
       environment:
         - > 
@@ -16,8 +16,8 @@ services:
           -Djava.rmi.server.codebase=http://iinsecure.example/well-hidden-development-folder/
         - >
           DELETE_THIS_AND_THE_ABOVE_LINE_TO_ENABLE_CODEBASE_LOGGING_OR_TO_DISABLE_COLOR=
-          -Djava.rmi.server.RMIClassLoaderSpi=de.qtc.rmg.server.utils.CodebaseLogger
-          -Dde.qtc.rmg.server.disableColor=true
+          -Djava.rmi.server.RMIClassLoaderSpi=eu.tneitzel.rmg.server.utils.CodebaseLogger
+          -Deu.tneitzel.rmg.server.disableColor=true
       volumes: 
         - ./resources/trust/store.p12:/opt/store.p12
         - ./resources/conf/policy:/opt/policy
diff --git a/docker/example-server/docker-compose-jdk9.yml b/docker/example-server/docker-compose-jdk9.yml
@@ -1,8 +1,8 @@
 version: '3.7'
 
 services:
-    rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:4.0-jdk9
+    example-server:
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:5.0-jdk9
       build: .
       environment:
         - > 
@@ -16,8 +16,8 @@ services:
           -Djava.rmi.server.codebase=http://iinsecure.example/well-hidden-development-folder/
         - >
           DELETE_THIS_AND_THE_ABOVE_LINE_TO_ENABLE_CODEBASE_LOGGING_OR_TO_DISABLE_COLOR=
-          -Djava.rmi.server.RMIClassLoaderSpi=de.qtc.rmg.server.utils.CodebaseLogger
-          -Dde.qtc.rmg.server.disableColor=true
+          -Djava.rmi.server.RMIClassLoaderSpi=eu.tneitzel.rmg.server.utils.CodebaseLogger
+          -Deu.tneitzel.rmg.server.disableColor=true
       volumes: 
         - ./resources/trust/store.p12:/opt/store.p12
         - ./resources/conf/policy:/opt/policy
diff --git a/docker/example-server/resources/server/pom.xml b/docker/example-server/resources/server/pom.xml
@@ -1,9 +1,9 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 
   <modelVersion>4.0.0</modelVersion>
-  <groupId>de.qtc.rmg.server.ExampleServer</groupId>
+  <groupId>eu.tneitzel.rmg.server.ExampleServer</groupId>
   <artifactId>rmg-example-server</artifactId>
-  <version>3.3.0</version>
+  <version>4.1.0</version>
   <name>rmg-example-server</name>
   <description>RMG Example Server</description>
 
@@ -47,8 +47,13 @@
           <finalName>rmg-example-server-${project.version}</finalName>
           <archive>
             <manifest>
-              <mainClass>de.qtc.rmg.server.ExampleServer</mainClass>
+              <mainClass>eu.tneitzel.rmg.server.ExampleServer</mainClass>
             </manifest>
+            <manifestEntries>
+                <Built-By>
+                    Tobias Neitzel (@qtc_de)
+                </Built-By>
+            </manifestEntries>
           </archive>
           <descriptorRefs>
             <descriptorRef>jar-with-dependencies</descriptorRef>