Zip file entries are incorrectly parsed as directories instead of class files

c01dc0ffee commented 3 months ago

Obfuscated class files stored in the jar file which are suffixed with a directory separator character are incorrectly detected as directories. The JVM will still parse these pseudo-directories as class files.

See: https://github.com/sim0n/Caesium/blob/master/src/main/java/dev/sim0n/caesium/manager/ClassManager.java#L95

ingokegel commented 3 months ago

Can you attach such a JAR file, so I can try it out?

c01dc0ffee commented 2 months ago

test-1.0-SNAPSHOT-tamper.jar.zip

java -jar test-1.0-SNAPSHOT-tamper.jar
Hello world!

Archive manager programs may also interpret this similarly. Here's what 7zip says:

Tested with:

openjdk version "1.8.0_345"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_345-b01)
OpenJDK 64-Bit Server VM (Temurin)(build 25.345-b01, mixed mode)

openjdk version "11.0.16.1" 2022-08-12
OpenJDK Runtime Environment Temurin-11.0.16.1+1 (build 11.0.16.1+1)
OpenJDK 64-Bit Server VM Temurin-11.0.16.1+1 (build 11.0.16.1+1, mixed mode)

openjdk version "17.0.4.1" 2022-08-12
OpenJDK Runtime Environment Temurin-17.0.4.1+1 (build 17.0.4.1+1)
OpenJDK 64-Bit Server VM Temurin-17.0.4.1+1 (build 17.0.4.1+1, mixed mode, sharing)

ingokegel / jclasslib

Zip file entries are incorrectly parsed as directories instead of class files #75