Expand description
Java object serialization stream parser.
Parses Java serialization streams according to the Java Object Serialization Specification. Supports all type codes (TC_OBJECT, TC_ARRAY, TC_CLASSDESC, TC_ENUM, TC_PROXYCLASSDESC, etc.), block data, annotations, and handle references.
Automatically detects and handles JDK 8u20 exploit payloads that omit a TC_ENDBLOCKDATA byte, retrying with the missing byte inserted.
§Example
use java_serialization::parse_serialization_stream;
// Minimal valid Java serialization stream: magic 0xACED, version 5
let data: &[u8] = &[0xAC, 0xED, 0x00, 0x05];
let (remaining, stream) = parse_serialization_stream(data).unwrap();
assert!(remaining.is_empty());
assert_eq!(stream.version, 5);Structs§
- Field
Value Set - Set of field values for a class.
- NewArray
- TC_ARRAY: new array.
- NewClass
- TC_CLASS: reference to a class.
- NewEnum
- TC_ENUM: new enum constant.
- NewObject
- TC_OBJECT: new object.
- Normal
Class Desc - TC_CLASSDESC: normal class descriptor.
- Object
Annotation - Object annotation: contents between the class data and TC_ENDBLOCKDATA.
- Object
Field Desc - Object field descriptor.
- Primitive
Field Desc - Primitive field descriptor.
- Proxy
Class Desc - TC_PROXYCLASSDESC: proxy class descriptor.
- Serialization
Stream - Parsed Java serialization stream.
- Stream
String - TC_STRING / TC_LONGSTRING.
Enums§
- Annotation
Element - Elements in class annotation (between classDescInfo and superClassDesc).
- Array
Values - Array values based on component type.
- Block
Data - Block data.
- Class
Data - Class data for one class level in an object.
- Class
Desc - Class descriptor: either a normal class or a proxy class.
- Class
Desc Ref - Reference to a class descriptor - either inline or a back-reference.
- Content
Element - Top-level content elements in a serialization stream.
- Field
Desc - Field descriptor in a class descriptor.
- Field
Value - A single field value.
- Stream
Object - An object in the serialization stream.
Constants§
- BASE_
WIRE_ HANDLE - First wire handle to be assigned.
- SC_
BLOCK_ DATA - Externalizable data written in Block Data mode.
- SC_ENUM
- Class is an enum type.
- SC_
EXTERNALIZABLE - Class is Externalizable.
- SC_
SERIALIZABLE - Class is Serializable.
- SC_
WRITE_ METHOD - Serializable class defines writeObject method.
- STREAM_
MAGIC - Magic number written to the stream header.
- STREAM_
VERSION - Version number written to the stream header.
- TC_
ARRAY - New Array.
- TC_
BLOCKDATA - Block of optional data (short).
- TC_
BLOCKDATALONG - Long block data.
- TC_
CLASS - Reference to Class.
- TC_
CLASSDESC - New Class Descriptor.
- TC_
ENDBLOCKDATA - End of optional block data blocks.
- TC_ENUM
- New Enum constant.
- TC_
EXCEPTION - Exception during write.
- TC_
LONGSTRING - Long string.
- TC_NULL
- Null object reference.
- TC_
OBJECT - New Object.
- TC_
PROXYCLASSDESC - New Proxy Class Descriptor.
- TC_
REFERENCE - Reference to an object already written into the stream.
- TC_
RESET - Reset stream context.
- TC_
STRING - New String.
Functions§
- parse_
serialization_ stream - Parse a Java serialization stream.
- preprocess_
jdk8u20 - Preprocess JDK 8u20 serialization data by inserting a missing TC_ENDBLOCKDATA.