You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
URLu = newURL(null, url, handler); // URL to use as the Key
But it also affects the hash code of the URL, causing the hash code obtained by the URL to be inconsistent with the original hash code:
The hashcode of the URL obtained at this point appears to be true, but in reality it is not:
The true hashcode should be:
Subsequently, the hashcode cache in the URL was reset through reflection:
Reflections.setFieldValue(u, "hashCode", -1); // During the put above, the URL's hashCode is calculated and cached. This resets that so the next time hashCode is called a DNS lookup will be triggered.
This reflection looks quite troublesome because it also involves compatibility issues with the JDK version and introduces a dedicated library:
My question is, since the hashcode needs to be cleaned up, why not just rewrite the hashcode method of URLStreamHandler in SilentURLStreamHandler and directly return -1? This way, the implementation is simpler and there is no need to consider compatibility issues
Anyway, the hashcode is different from the original one. As for whether the hashcode of the key in HashMap is -1 or 12345678, it doesn't seem to be that important anymore?
Thank you again for bringing such an excellent project, and I hope you have time to help me clarify.
The text was updated successfully, but these errors were encountered:
Thank you for such an excellent open source project, I have some confusion about the code implementation of URLDNS,
A custom URLStreamHandler was used here to block DNS resolution:
ysoserial/src/main/java/ysoserial/payloads/URLDNS.java
Line 56 in 2874a69
But it also affects the hash code of the URL, causing the hash code obtained by the URL to be inconsistent with the original hash code:
The hashcode of the URL obtained at this point appears to be true, but in reality it is not:
The true hashcode should be:
Subsequently, the hashcode cache in the URL was reset through reflection:
ysoserial/src/main/java/ysoserial/payloads/URLDNS.java
Line 59 in 2874a69
This reflection looks quite troublesome because it also involves compatibility issues with the JDK version and introduces a dedicated library:
My question is, since the hashcode needs to be cleaned up, why not just rewrite the hashcode method of URLStreamHandler in SilentURLStreamHandler and directly return -1? This way, the implementation is simpler and there is no need to consider compatibility issues
![image](https://private-user-images.githubusercontent.com/12819457/299550212-6d3700ac-bfa2-40f1-8a30-10031b49f793.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjM3MzUzODEsIm5iZiI6MTcyMzczNTA4MSwicGF0aCI6Ii8xMjgxOTQ1Ny8yOTk1NTAyMTItNmQzNzAwYWMtYmZhMi00MGYxLThhMzAtMTAwMzFiNDlmNzkzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA4MTUlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwODE1VDE1MTgwMVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWI2MzU2MjgwZDJkOGM0MzBiMmNhM2Y0OGRlMTI3NjE0ZGY0YTYyYTAzZWI3MDJkZjdlZGZjZmE2ZmUyZGJkNmMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.rZtCfj6GGGyZU2m9khmQH5rqMUWBiyQ_HNfFOTVA5sQ)
Anyway, the hashcode is different from the original one. As for whether the hashcode of the key in HashMap is -1 or 12345678, it doesn't seem to be that important anymore?
Thank you again for bringing such an excellent project, and I hope you have time to help me clarify.
The text was updated successfully, but these errors were encountered: