-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathrules.json
64 lines (64 loc) · 3.29 KB
/
rules.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{
"depth": 1,
"path_exclusions": ["AndroidSDK",".idea","resources","java\\bin","META-INF"],
"jar_name_inclusions": ["*"],
"jar_name_exclusions": ["spring-boot","logback","lombok","META-INF","log4j","slf4j",
"spring-context","spring-aop","spring-bean","tomcat-embed-core","spring-web","mysql-connector-java","antlr-","commons-"],
"class_inclusions": ["*"],
"class_exclusions": ["logback","lombok","org.springframework.boot.loader"],
"sink_rules": [
{
"sink_name": "RCE",
"severity_level": "High",
"sinks": ["java.lang.Runtime:exec","java.lang.ProcessBuilder:<init>","java.lang.ProcessBuilder:start","javax.script.ScriptEngine:eval","javax.swing.plaf.synth.SynthLookAndFeel:load"]
}, {
"sink_name": "UNSERIALIZE",
"severity_level": "High",
"sinks": ["java.io.ObjectInputStream:readObject","java.io.ObjectInputStream:readUnshared","org.yaml.snakeyaml.Yaml:load"]
}, {
"sink_name": "XML",
"severity_level": "High",
"sinks": ["com.thoughtworks.xstream.XStream:fromXML","org.apache.xmlrpc.parser.XmlRpcRequestParser:startElement","java.beans.XMLDecoder:readObject","org.apache.xml.security.transforms.Transforms:performTransforms"]
}, {
"sink_name": "JNDI",
"severity_level": "High",
"sinks": ["javax.naming.InitialContext:doLookup","javax.naming.InitialContext:lookup"]
}, {
"sink_name": "AuthBypass",
"severity_level": "High",
"sinks": ["javax.servlet.http.HttpServletRequest:getRequestURI","javax.servlet.http.HttpServletRequest:getRequestURL"]
}, {
"sink_name": "SSTI",
"severity_level": "High",
"sinks": ["org.apache.velocity.app.Velocity:evaluate"]
}, {
"sink_name": "SPEL",
"severity_level": "High",
"sinks": ["org.springframework.expression.spel.standard.SpelExpression:getValue"]
}, {
"sink_name": "JDBC",
"severity_level": "High",
"sinks": ["com.mysql.cj.jdbc.result.ResultSetImpl:getObject", "java.sql.DriverManager:getConnection","java.sql.Driver:connect"]
}, {
"sink_name": "ZIPSLIP",
"severity_level": "High",
"sinks": ["java.util.zip.ZipInputStream:close"]
}, {
"sink_name": "DynamicInvoke",
"severity_level": "High",
"sinks": ["java.lang.reflect.Constructor:newInstance","java.lang.reflect.Method:invoke"]
}, {
"sink_name": "Fastjson",
"severity_level": "Medium",
"sinks": ["com.alibaba.fastjson.JSON:parseObject","com.alibaba.fastjson.JSON:parse"]
}, {
"sink_name": "XXE",
"severity_level": "Medium",
"sinks": ["javax.xml.parsers.DocumentBuilder:parse","javax.xml.parsers.SAXParser:parse", "com.sun.org.apache.xerces.internal.parsers.DOMParser:parse","org.dom4j.io.SAXReader:read","org.xml.sax.XMLReader:parse","org.jdom2.input.SAXBuilder:build","org.apache.commons.digester3.Digester:parse","org.dom4j.DocumentHelper:parseText","org.apache.poi.xssf.usermodel.XSSFWorkbook:<init>"]
}, {
"sink_name": "SSRF",
"severity_level": "Medium",
"sinks": ["java.net.URL:openConnection","java.net.URL:openStream","org.apache.http.client.fluent.Request:Get","javax.imageio.ImageIO:read","com.squareup.okhttp.OkHttpClient:newCall","org.apache.http.impl.client.CloseableHttpClient:execute","org.jsoup.Jsoup:connect","org.apache.commons.io.IOUtils:toByteArray"]
}
]
}