Hello, I have some confusion about the code implementation of URLDNS

[CC11001100]

Thank you for such an excellent open source project, I have some confusion about the code implementation of URLDNS,

A custom URLStreamHandler was used here to block DNS resolution:

ysoserial/src/main/java/ysoserial/payloads/URLDNS.java

Line 56 in 2874a69

URL u = new URL(null, url, handler); // URL to use as the Key

But it also affects the hash code of the URL, causing the hash code obtained by the URL to be inconsistent with the original hash code:

The hashcode of the URL obtained at this point appears to be true, but in reality it is not:

The true hashcode should be:

Subsequently, the hashcode cache in the URL was reset through reflection:

ysoserial/src/main/java/ysoserial/payloads/URLDNS.java

Line 59 in 2874a69

Reflections.setFieldValue(u, "hashCode", -1); // During the put above, the URL's hashCode is calculated and cached. This resets that so the next time hashCode is called a DNS lookup will be triggered.

This reflection looks quite troublesome because it also involves compatibility issues with the JDK version and introduces a dedicated library:

        <dependency>
            <groupId>com.nqzero</groupId>
            <artifactId>permit-reflect</artifactId>
            <version>0.3</version>
        </dependency>

My question is, since the hashcode needs to be cleaned up, why not just rewrite the hashcode method of URLStreamHandler in SilentURLStreamHandler and directly return -1? This way, the implementation is simpler and there is no need to consider compatibility issues

Anyway, the hashcode is different from the original one. As for whether the hashcode of the key in HashMap is -1 or 12345678, it doesn't seem to be that important anymore?

Thank you again for bringing such an excellent project, and I hope you have time to help me clarify.

[UzJu]

mark

[frohoff]

Please use the discussions feature for questions or troubleshooting not related to a bug.

https://github.com/frohoff/ysoserial/discussions