Skip to content

feat: Update java-classes.data #4173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 4, 2025
Merged

feat: Update java-classes.data #4173

merged 4 commits into from
Jul 4, 2025

Conversation

@KIC-8462852
Copy link
Contributor

@KIC-8462852 KIC-8462852 commented Jun 24, 2025
edited
Loading

Removed: java.lang.ProcessBuilder (java.lang.Process has greater scope)
Removed: java.io.InputStreamReader (java.io.InputStream has greater scope)
Added: classLoader (Block access to ClassLoader to avoid RCE)
Added: java.lang.Enum
Added: declaredClass (CVE-2025-48734)
Added: PropertyUtilsBean (CVE-2025-48734)
Added: OgnlContext (used in CVE-2017-5638 and CVE-2018-11776 payloads)
Added: OgnlUtil (used in CVE-2017-5638 and CVE-2018-11776 payloads)

Refers to: #4172

@github-actions
Copy link
Contributor

github-actions bot commented Jun 24, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@franbuehler
Copy link
Contributor

franbuehler commented Jun 25, 2025

Thank you for providing this PR! Could you please check the PR title? This check failed.

@KIC-8462852 KIC-8462852 changed the title Update java-classes.data feat: Update java-classes.data Jun 26, 2025
fzipi
fzipi reviewed Jun 26, 2025
View reviewed changes
Copy link
Member

@fzipi fzipi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There might be others from https://docs.oracle.com/en/java/javase/24/docs/api/index.html

@franbuehler @fzipi
Update rules/java-classes.data
0211f2e 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
franbuehler
franbuehler approved these changes Jul 3, 2025
View reviewed changes
Copy link
Contributor

@franbuehler franbuehler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Xhoenix Xhoenix enabled auto-merge July 3, 2025 15:45
@Xhoenix Xhoenix disabled auto-merge July 3, 2025 15:47
@Xhoenix Xhoenix enabled auto-merge July 4, 2025 05:06
@Xhoenix Xhoenix disabled auto-merge July 4, 2025 05:06
@Xhoenix Xhoenix added this pull request to the merge queue Jul 4, 2025
Merged via the queue into coreruleset:main with commit 39560c5 Jul 4, 2025
6 checks passed
@fzipi fzipi mentioned this pull request Jul 7, 2025
Closed
@fzipi fzipi mentioned this pull request Jul 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi fzipi left review comments

@franbuehler franbuehler franbuehler approved these changes

@Xhoenix Xhoenix Xhoenix approved these changes

Assignees

No one assigned

Labels

release:fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@KIC-8462852 @franbuehler @fzipi @Xhoenix