-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathhook.json
More file actions
110 lines (110 loc) · 4.29 KB
/
hook.json
File metadata and controls
110 lines (110 loc) · 4.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{
"FileHook": {
"doFileHook": true,
"dangerPaths": [
"/etc/passwd",
"/root/",
"C:\\Users\\86138\\Desktop\\coverage.json"
]
},
"JNDIHook": {
"doJNDIHook": true
},
"RCEHook": {
"doRCEHook": true,
"safeCommands": [
"ping 127.0.0.1"
]
},
"SerialHook": {
"doSerialHook": true,
"serialClassName": "org/apache/shiro/io/ClassResolvingObjectInputStream",
"dangerClasses": [
"org.springframework.transaction.support.AbstractPlatformTransactionManager",
"java.rmi.server.UnicastRemoteObject",
"java.rmi.server.RemoteObjectInvocationHandler",
"com.bea.core.repackaged.springframework.transaction.support.AbstractPlatformTransactionManager",
"java.rmi.server.RemoteObject",
"com.tangosol.coherence.rest.util.extractor.MvelExtractor",
"java.lang.Runtime",
"oracle.eclipselink.coherence.integrated.internal.cache.LockVersionExtractor",
"org.eclipse.persistence.internal.descriptors.MethodAttributeAccessor",
"org.eclipse.persistence.internal.descriptors.InstanceVariableAttributeAccessor",
"org.apache.commons.fileupload.disk.DiskFileItem",
"oracle.jdbc.pool.OraclePooledConnection",
"com.tangosol.util.extractor.ReflectionExtractor",
"com.tangosol.internal.util.SimpleBinaryEntry",
"com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$Storage$BinaryEntry",
"com.sun.rowset.JdbcRowSetImpl",
"org.eclipse.persistence.internal.indirection.ProxyIndirectionHandler",
"bsh.XThis",
"bsh.Interpreter",
"com.mchange.v2.c3p0.PoolBackedDataSource",
"com.mchange.v2.c3p0.impl.PoolBackedDataSourceBase",
"org.apache.commons.beanutils.BeanComparator",
"java.lang.reflect.Proxy",
"clojure.lang.PersistentArrayMap",
"org.apache.commons.io.output.DeferredFileOutputStream",
"org.apache.commons.io.output.ThresholdingOutputStream",
"org.apache.wicket.util.upload.DiskFileItem",
"org.apache.wicket.util.io.DeferredFileOutputStream",
"org.apache.wicket.util.io.ThresholdingOutputStream",
"com.sun.org.apache.bcel.internal.util.ClassLoader",
"com.sun.syndication.feed.impl.ObjectBean",
"org.springframework.beans.factory.ObjectFactory",
"org.springframework.aop.framework.AdvisedSupport",
"org.springframework.aop.target.SingletonTargetSource",
"com.vaadin.data.util.NestedMethodProperty",
"com.vaadin.data.util.PropertysetItem",
"javax.management.BadAttributeValueExpException",
"org.apache.myfaces.context.servlet.FacesContextImpl",
"org.apache.myfaces.context.servlet.FacesContextImplBase",
"org.apache.commons.collections.functors.InvokerTransformer",
"org.apache.commons.collections.functors.InstantiateTransformer",
"org.apache.commons.collections4.functors.InvokerTransformer",
"org.apache.commons.collections4.functors.InstantiateTransformer",
"java.lang.ProcessBuilder",
"com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl",
"java.security.SignedObject",
"com.sun.jndi.ldap.LdapAttribute",
"javax.naming.InitialContext",
"org.springframework.aop.framework.JdkDynamicAopProxy",
"org.springframework.aop.aspectj",
"org.apache.xbean.naming.context",
"JSONArray",
"POJONode",
"ToStringBean",
"EqualsBean",
"ProxyLazyValue",
"SwingLazyValue",
"UIDefaults",
"XString",
"org.springframework.cache.interceptor.BeanFactoryCacheOperationSourceAdvisor",
"org.springframework.aop.aspectj.AspectInstanceFactory",
"org.slf4j",
"groovy",
"sun.print.UnixPrintService"
]
},
"SpELHook": {
"doSpELHook": true,
"dangerSpELs": [
"java.lang.Runtime",
"java.lang.ProcessBuilder",
"javax.script.ScriptEngineManager",
"java.net.URLClassLoader",
"java.lang.ClassLoader",
"org.springframework.expression.Expression",
"org.thymeleaf.context.AbstractEngineContext",
"com.sun.org.apache.bcel.internal.util.JavaWrapper",
"java.lang.System",
"org.springframework.cglib.core.ReflectUtils",
"java.io.File",
"javax.management.remote.rmi.RMIConnector",
"java.io.FileInputStream"
]
},
"SqlHook": {
"doSqlHook": true
}
}