Open c01dc0ffee opened 3 months ago
Can you attach such a JAR file, so I can try it out?
test-1.0-SNAPSHOT-tamper.jar.zip
java -jar test-1.0-SNAPSHOT-tamper.jar
Hello world!
Archive manager programs may also interpret this similarly. Here's what 7zip says:
Tested with:
openjdk version "1.8.0_345"
OpenJDK Runtime Environment (Temurin)(build 1.8.0_345-b01)
OpenJDK 64-Bit Server VM (Temurin)(build 25.345-b01, mixed mode)
openjdk version "11.0.16.1" 2022-08-12
OpenJDK Runtime Environment Temurin-11.0.16.1+1 (build 11.0.16.1+1)
OpenJDK 64-Bit Server VM Temurin-11.0.16.1+1 (build 11.0.16.1+1, mixed mode)
openjdk version "17.0.4.1" 2022-08-12
OpenJDK Runtime Environment Temurin-17.0.4.1+1 (build 17.0.4.1+1)
OpenJDK 64-Bit Server VM Temurin-17.0.4.1+1 (build 17.0.4.1+1, mixed mode, sharing)
Obfuscated class files stored in the jar file which are suffixed with a directory separator character are incorrectly detected as directories. The JVM will still parse these pseudo-directories as class files.
See: https://github.com/sim0n/Caesium/blob/master/src/main/java/dev/sim0n/caesium/manager/ClassManager.java#L95