Написание кода v1.0

Author: TheAndrey

build.gradle

@@ -44,8 +44,8 @@ tasks.withType(JavaCompile).configureEach {
 
 jar {
     manifest {
-        attributes 'FMLCorePluginContainsFMLMod': 'true'
-        attributes 'FMLCorePlugin': 'mods.example.LoadingPlugin'
+        attributes 'FMLCorePluginContainsFMLMod': 'false' // TODO: Not a mod
+        attributes 'FMLCorePlugin': 'me.theandrey.objectstream.asm.LoadingPlugin'
     }
 }
 

src/main/java/me/theandrey/objectstream/ObjectInputStreamMock.java

@@ -0,0 +1,19 @@
+package me.theandrey.objectstream;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+
+/**
+ * Заглушка класса {@link ObjectInputStream}
+ */
+public final class ObjectInputStreamMock extends ObjectInputStream {
+
+    public ObjectInputStreamMock(InputStream in) throws IOException {
+        throw new SecurityException("Not available due security reasons");
+    }
+
+    public ObjectInputStreamMock() throws IOException, SecurityException {
+        throw new SecurityException("Not available due security reasons");
+    }
+}

src/main/java/me/theandrey/objectstream/asm/ASMHelper.java

@@ -0,0 +1,27 @@
+package me.theandrey.objectstream.asm;
+
+import org.objectweb.asm.ClassReader;
+import org.objectweb.asm.ClassWriter;
+import org.objectweb.asm.Type;
+import org.objectweb.asm.tree.ClassNode;
+
+public final class ASMHelper {
+
+    public static ClassNode readClass(byte[] bytes) {
+        ClassNode node = new ClassNode();
+        ClassReader reader = new ClassReader(bytes);
+        reader.accept(node, 0);
+        return node;
+    }
+
+    public static byte[] writeClass(ClassNode node, int flags) {
+        ClassWriter writer = new ClassWriter(flags);
+        node.accept(writer);
+        return writer.toByteArray();
+    }
+
+    public static Type getObjectType(String name) {
+        return Type.getType('L' + name.replace('.', '/') + ';');
+    }
+
+}

src/main/java/me/theandrey/objectstream/asm/LoadingPlugin.java

@@ -0,0 +1,34 @@
+package me.theandrey.objectstream.asm;
+
+import java.util.Map;
+import cpw.mods.fml.relauncher.IFMLLoadingPlugin;
+
+@IFMLLoadingPlugin.SortingIndex(2000)
+@IFMLLoadingPlugin.TransformerExclusions("me.theandrey.objectstream.asm.")
+public class LoadingPlugin implements IFMLLoadingPlugin {
+
+    @Override
+    public String[] getASMTransformerClass() {
+        return new String[]{"me.theandrey.objectstream.asm.ObjectInputStreamTransformer"};
+    }
+
+    @Override
+    public String getModContainerClass() {
+        return null;
+    }
+
+    @Override
+    public String getSetupClass() {
+        return null;
+    }
+
+    @Override
+    public void injectData(Map<String, Object> data) {
+        // NO-OP
+    }
+
+    @Override
+    public String getAccessTransformerClass() {
+        return null;
+    }
+}

src/main/java/me/theandrey/objectstream/asm/ObjectInputStreamTransformer.java

@@ -0,0 +1,89 @@
+package me.theandrey.objectstream.asm;
+
+import java.io.ObjectInputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.ListIterator;
+import net.minecraft.launchwrapper.IClassTransformer;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.Type;
+import org.objectweb.asm.tree.AbstractInsnNode;
+import org.objectweb.asm.tree.ClassNode;
+import org.objectweb.asm.tree.MethodInsnNode;
+import org.objectweb.asm.tree.MethodNode;
+import org.objectweb.asm.tree.TypeInsnNode;
+
+/**
+ * Заменяет использование {@link ObjectInputStream} заглушкой
+ */
+public class ObjectInputStreamTransformer implements IClassTransformer {
+
+    static final Logger LOGGER = LogManager.getLogger();
+    private final Type findType;
+    private final Type replaceType;
+
+    public ObjectInputStreamTransformer() {
+        findType = Type.getType(ObjectInputStream.class);
+        replaceType = ASMHelper.getObjectType("me.theandrey.objectstream.ObjectInputStreamMock");
+    }
+
+    @Override
+    public byte[] transform(String name, String transformedName, byte[] bytes) {
+        ClassNode node = ASMHelper.readClass(bytes);
+
+        List<MethodNode> unsafeMethods = scanMethods(node);
+
+        if (!unsafeMethods.isEmpty()) {
+            LOGGER.warn("SECURITY ALERT: Detected usage of ObjectInputStream in class '{}'", name);
+            for (MethodNode method : unsafeMethods) {
+                LOGGER.warn("Method: {} {}", name, method.name + method.desc);
+            }
+
+            return ASMHelper.writeClass(node, 0);
+        }
+
+        return bytes;
+    }
+
+    /**
+     * Ищет случаи использования в коде методов и производит замену.
+     * @return Список методов в которых были найдены случаи использования
+     */
+    private List<MethodNode> scanMethods(ClassNode node) {
+        List<MethodNode> found = new ArrayList<>();
+
+        for (MethodNode method : node.methods) {
+            ListIterator<AbstractInsnNode> it = method.instructions.iterator();
+            boolean foundNew = false; // Найден оператор NEW
+
+            while (it.hasNext()) {
+                AbstractInsnNode next = it.next();
+
+                if (next.getOpcode() == Opcodes.NEW) {
+                    TypeInsnNode cast = ((TypeInsnNode)next);
+
+                    if (cast.desc.equals(findType.getInternalName())) { // Инициализация типа
+                        foundNew = true;
+                        cast.desc = replaceType.getInternalName(); // Заглушка
+
+                        if (!found.contains(method)) {
+                            found.add(method);
+                        }
+                    }
+
+                } else if (foundNew && next.getOpcode() == Opcodes.INVOKESPECIAL) { // Вызов конструктора
+                    MethodInsnNode invoke = ((MethodInsnNode)next);
+
+                    if ("<init>".equals(invoke.name) && invoke.owner.equals(findType.getInternalName())) {
+                        invoke.owner = replaceType.getInternalName(); // Заглушка
+                        foundNew = false; // Завершаем замену блока
+                    }
+                }
+            }
+        }
+
+        return found;
+    }
+}