Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Cryin/JavaID
java source code static code analysis and danger function identify prog
https://github.com/Cryin/JavaID
java-code-audit web-security
Last synced: about 2 months ago
JSON representation
java source code static code analysis and danger function identify prog
- Host: GitHub
- URL: https://github.com/Cryin/JavaID
- Owner: Cryin
- Created: 2017-11-22T05:22:43.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2019-02-18T08:16:02.000Z (almost 6 years ago)
- Last Synced: 2024-08-01T09:23:15.742Z (4 months ago)
- Topics: java-code-audit, web-security
- Language: Python
- Homepage: https://github.com/Cryin/JavaID
- Size: 31.3 KB
- Stars: 524
- Watchers: 10
- Forks: 117
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Cryin/JavaID - java source code static code analysis and danger function identify prog (Python)
README
# JavaID
java source code danger function identify prog# How does it work?
JavaID identify some dangerous functions in java source code by way of regular matching.
For further details, check out the source code on the main site, github.com/Cryin/JavaID.
# What does it identify?```
XXE:
"SAXReader",
"DocumentBuilder",
"XMLStreamReader",
"SAXBuilder",
"SAXParser",
"XMLReader",
"SAXSource",
"TransformerFactory",
"SAXTransformerFactory",
"SchemaFactory",
"Unmarshaller",
"XPathExpression"JavaObjectDeserialization:
"readObject",
"readUnshared",
"Yaml.load",
"fromXML",
"ObjectMapper.readValue",
"JSON.parseObject"
SSRF:
"HttpClient",
"Socket",
"URL",
"ImageIO",
"HttpURLConnection",
"OkHttpClient"
"SimpleDriverDataSource.getConnection"
"DriverManager.getConnection"
FILE:
"MultipartFile",
"createNewFile",
"FileInputStream"
SPelInjection:
"SpelExpressionParser",
"getValue"
Autobinding:
"@SessionAttributes",
"@ModelAttribute"
URL-Redirect:
"sendRedirect",
"forward",
"setHeader"
EXEC:
"getRuntime.exec",
"ProcessBuilder.start",
"GroovyShell.evaluate"
```
and so on...
Also you can add function id with regexp.xml!
# How do I use it?Usage: python javaid.py -d dir
# Questions?contact me :)