Shulou(Shulou.com)06/01 Report--

This article mainly explains the "singleton pattern attack examples in ABAP and Java". The explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "singleton pattern attack examples in ABAP and Java".

The singleton pattern (Singleton) in the object-oriented programming world is probably the simplest of design patterns, and most developers find it easy to master its usage. The singleton pattern ensures that there is only one instance of a class and provides a global access point to it.

However, in some scenarios, the singleton feature of this design pattern can be broken, as shown in the following example:

In the third line of code, this ABAP class implements the interface if_serializable_object, which means it can be serialized and deserialized by the keyword CALL TRANSFORMATION.

Use the following ABAP code:

DATA (lo_instance) = zcl_jerry_singleton= > get_instance (). DATA: s TYPE string.CALL TRANSFORMATION id SOURCE model = lo_instance RESULT XML s.DATA: lo_instance2 TYPE REF TO zcl_jerry_singleton.CALL TRANSFORMATION id SOURCE XML s RESULT model = lo_instance2.

After execution, it is found in the debugger that lo_instance and lo_instance2 point to two different object instances, indicating that the ABAP singleton pattern has been corrupted at this time.

If you look at Java, here is the simplest singleton pattern for Java:

However, we can still break this singleton through Java's reflection mechanism:

Class classType = JerrySingleton.class; Constructor c = classType.getDeclaredConstructor (null); c.setAccessible (true); JerrySingleton E1 = (JerrySingleton) c.newInstance (); JerrySingleton e2 = JerrySingleton.getInstance (); System.out.println (E1 = = e2)

In Java, we can defend against this reflection attack by enumerating classes:

Public enum JerrySingletonAnotherApproach {INSTANCE; private String name = "Jerry"; public String getName () {return this.name;}}

System.out.println ("Name:" + JerrySingletonAnotherApproach.INSTANCE.getName ())

If an attacker with ulterior motives wants to create a new instance using the reflection mechanism, he will receive the following error message:

Exception in thread "main" java.lang.NoSuchMethodException: singleton.JerrySingletonAnotherApproach. ()

At java.lang.Class.getConstructor0 (Class.java:3082)

At java.lang.Class.getDeclaredConstructor (Class.java:2178)

At singleton.SingletonAttack.test3 (SingletonAttack.java:31)

At singleton.SingletonAttack.main (SingletonAttack.java:43) Thank you for your reading. The above is the content of "Singleton pattern attack examples in ABAP and Java". After the study of this article, I believe you have a deeper understanding of the singleton pattern attack instances in ABAP and Java, and the specific usage still needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.