Class GhidraObjectInputFilter

java.lang.Object

ghidra.framework.remote.GhidraObjectInputFilter

All Implemented Interfaces:

ObjectInputFilter

public class GhidraObjectInputFilter
extends Object
implements ObjectInputFilter

GhidraObjectInputFilter provides global serial input filter for use with Ghidra server and client applications. This filter primarily targets RMI deserialization, however as a global filter it impacts all deserialization cases which may need to be considered when specifying filters.

Filter files use syntax as supported by ObjectInputFilter.Config.createFilter(String) with the addition of remoteIf=<remote-classname> entries for client filters to specify those Remote interfaces which require the use of dynamic Proxy class implementations for RMI stubs.

RMI Server applications should invoke configureServerSerialFilter(ResourceFile, Supplier) during early initialization with a suitable filter file, while Ghidra client applications should invoke configureClientSerialFilter() to use all Module data *.serial.filter files to define client deserialization restrictions. See ObjectInputFilter.Config.createFilter(String) for filter file syntax. See ObjectInputFilter.Config.setSerialFilterFactory(java.util.function.BinaryOperator).

Nested Class Summary

Nested classes/interfaces inherited from interface ObjectInputFilter

ObjectInputFilter.Config, ObjectInputFilter.FilterInfo, ObjectInputFilter.Status

Method Summary

Modifier and Type	Method	Description
ObjectInputFilter.Status	checkInput(ObjectInputFilter.FilterInfo info)
static void	configureClientSerialFilter()	Configure global serial input filter for a client.
static void	configureServerSerialFilter(ResourceFile filterFile, Supplier<String> sourceNameSupplier)	Install global deserialization filter factory for a server.
protected String	getSourceName()	Get the class serialization source.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

checkInput

public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo info)

Specified by:

checkInput in interface ObjectInputFilter

getSourceName

protected String getSourceName()

Get the class serialization source. If a sourceSupplierRef has been set it will be used, otherwise null will be returned.

Returns:

serialized data source name or null

configureServerSerialFilter

public static void configureServerSerialFilter(ResourceFile filterFile,
 Supplier<String> sourceNameSupplier)
                                        throws IllegalStateException

Install global deserialization filter factory for a server. This will handle all deserialization filtering including SignedObject payloads.

This filter will make use of the GhidraSerialFilterFactory and ensure that it is properly installed.

Parameters:

filterFile - serial filter file

sourceNameSupplier - source name supplied for use during logging, or null. It is assumed that a the current thread may be used to differentiate a client connection over which the serialization is occuring.

Throws:

IllegalStateException - if error occured building or installing serial input filter and related filter factory.

configureClientSerialFilter

public static void configureClientSerialFilter()
                                        throws IllegalStateException

Configure global serial input filter for a client. This will handle all deserialization filtering including SignedObject payloads. The object deserialization filter will be based on the accumulation of all data/*.serial.filter files found within all Application modules.

This filter will make use of the GhidraSerialFilterFactory and ensure that it is properly installed.

Throws:

IllegalStateException - if error occurred building or installing serial input filter and related filter factory.