Blacklist java.net.URL #11

Open
thomasmueller opened this Issue Nov 13, 2015 · 0 comments

Projects

None yet

1 participant

@thomasmueller

The method java.net.URL#hashCode does a network lookup. Just one network lookup is not a problem, but I guess an endless loop of network lookups, with a 2 KB serialized file.

To make it do an endless loop of network lookups, the URL is be placed in a ArrayList which is placed in another ArrayList which is placed in a HashMap as the key, such that the hashCode method is called in a virtually endless loop. And the URL string is specially crafted such that the hashCode is -1, so that the hashCode is not cached.

Blacklisting java.net.URL will not solve the 100% CPU endless loop problem by the way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment