惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tenable Blog
C
Cybersecurity and Infrastructure Security Agency CISA
GbyAI
GbyAI
Microsoft Security Blog
Microsoft Security Blog
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
Security Latest
Security Latest
L
LINUX DO - 热门话题
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
Stack Overflow Blog
Stack Overflow Blog
Vercel News
Vercel News
S
Securelist
I
Intezer
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
T
The Exploit Database - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Hacker News
The Hacker News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
U
Unit 42
The Register - Security
The Register - Security
NISL@THU
NISL@THU
S
Schneier on Security
M
MIT News - Artificial intelligence
The Last Watchdog
The Last Watchdog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
Y
Y Combinator Blog
Know Your Adversary
Know Your Adversary
罗磊的独立博客
MongoDB | Blog
MongoDB | Blog
美团技术团队
W
WeLiveSecurity
P
Privacy International News Feed
Forbes - Security
Forbes - Security
H
Hacker News: Front Page
小众软件
小众软件
博客园 - 【当耐特】
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
T
Tor Project blog

SumSec's Blog

AI Agent 工程的必然演进:CLI、Skills、Harne… 从安全角度谈Java反射机制--前章 · SUMSEC 从安全角度谈Java反射机制--终章 · SUMSEC 逆向学习fastjson反序列化始 · SUMSEC 2020年研究回顾总结 · SUMSEC Abstract syntax tree classes for … Analyzing data flow in Java · SUM… Annotations in Java · SUMSEC Basic query for Java code · SUMSEC BypassSuper使用介绍说明 · SUMSEC CodeQL library for Java · SUMSEC Navigating the call graph · SUMSEC Overflow-prone comparisons in Jav… Types in Java · SUMSEC Working with source locations · S… Aliases · SUMSEC Expression · SUMSEC Formulas · SUMSEC Javadoc · SUMSEC Modules · SUMSEC Predicates · SUMSEC Queries · SUMSEC Type · SUMSEC Variables · SUMSEC 一道shiro反序列化题目引发的思考 · SUMSEC 修改ysoserial使其支持任意代码执行 · SUMSEC 自定义 ClassLoader 隔离运行不同版本jar包的方式 ·… 2020网鼎杯---Java文件上传wp · SUMSEC CNVD-2020-10487(CVE-2020-1938)tom… JDSRC安全课笔记 · SUMSEC Java反序列化链回显解决方案 · SUMSEC Skipped breakpoint because it hap… Windows Terminal 配置文件 · SUMSEC bypass 学习笔记之绕安全狗bypass safedog · … 一次意外的代码审计----JfinalCMS审计 · SUMSEC 一篇文章读懂Java代码审计之XXE · SUMSEC 从安全角度谈Java反射机制--序章 · SUMSEC 小楼昨夜又春风,你知ysoserial-Gadget-URLDNS… 春眠不觉晓,RCE知多少? · SUMSEC 漫谈Commons-Collections反序列化 · SUMSEC 漫谈Java反序列化 · SUMSEC 白头搔更短,SSTI惹人心! · SUMSEC 记一次面试题 · SUMSEC About Me 关于我 · SUMSEC Apache Flink任意Jar包上传导致远程代码执行 · SU… CVE-2019-1388 UAC提权复现 · SUMSEC CVE-2019-16097 || Harbor任意管理员注册漏洞… Python加密shellcode免杀 · SUMSEC Telegram机器人作为渗透测试框架 · SUMSEC VM虚拟机无法安装vmtools解决|本程序需要您将此虚拟机上安装… 谁能想到,电视遥控器竟成了 Vibe Coding 神器 · SU… 从手改 Skill 到自动进化:评测结果和执行轨迹如何让 Agen… 模型人人都能用,什么才是你能带走的?我的答案是一个可进化的SKIL… 模型人人都能用,什么才是你能带走的?我的答案是一个可进化的Skil… AI 时代 ShiroAttack2 5.x:修改了什么 · SU… 在 AGI 降临前,先给 AI 开一条”脑内弹幕”通道 · SUM… 一篇博文,三种时间:网页幻灯与 Remotion 动效的交付逻辑 … 🔍 别让大模型”想太多”:SKILL开发中的语义陷阱与抗幻觉设计 … 2022 年年度总结 · SUMSEC Java Swing To RCE 漏洞分析 · SUMSEC SpringBoot GatewayEL表达式漏洞分析 · SUM… Sensitive keys in codebases · SUM… 论如何优雅注入 Java 内存马 · SUMSEC SUMSEC 知识点 · SUMSEC VMWare Workspace ONE Access Auth … Spring Framework RCE CVE-2022-229… 相似度算法调研 · SUMSEC CVE-2022-33891 Apache Spark shell… 正则匹配配置不当 · SUMSEC Spring Data MongoDB SpEL CVE-2022… CodeQl Usage Tricks · SUMSEC Spring Boot RCE到内存马探索 · SUMSEC Shiro后渗透拓展面 · SUMSEC shiro反序列化漏洞攻击拓展面–修改key · SUMSEC GitHub Java CodeQL CTF · SUMSEC Hack-Tools 转化成Web · SUMSEC CodeQL与Shiro550碰撞 · SUMSEC CodeQL初见Shiro550 · SUMSEC CodeQL与AST之间联系 · SUMSEC Java加载动态链接库 · SUMSEC Log4j2 漏洞分析 · SUMSEC Interprocedural-Analysis 过程间分析 · … Data Analysis Foundation 数据分析基础 ·… Data Flow Analysis · SUMSEC Intermediate Representation 中间代表(… PII泄露–用CodeQL识别日志中的PII数据 · SUMSEC CodeQL workshop for Java: Unsafe … 前言 · SUMSEC 漏洞环境的搭建 · SUMSEC Fastjson回显 · SUMSEC Tomcat通用回显学习笔记 · SUMSEC 从Java反序列化漏洞题看CodeQL数据流 · SUMSEC 概述 · SUMSEC 记一次Log4j失败的Gadget挖掘记录 · SUMSEC Ysoserial改造记录 · SUMSEC JNDI注入 · SUMSEC shiro JRMP gadget · SUMSEC Fastjson MySQL gadget复现 · SUMSEC 2021年度总结 · SUMSEC
CodeQL Create OpenJdk/Jdk8 Databa…
2026-07-17 · via SumSec's Blog

CodeQL Create OpenJdk/Jdk8 Database

sudo apt install mercurial
hg clone http://hg.openjdk.java.net/jdk8/jdk8 jdk8u
cd jdk8u
chmod 777 ./*
wget https://download.java.net/openjdk/jdk7u75/ri/jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz
tar xvf jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz
./configure –with-target-bits=64 –with-jvm-variants=server –with-debug-level=slowdebug –disable-zip-debug-info –with-boot-jdk=/your-pwd/soft/java-se-7u75-ri/ –with-memory-size=1024
参数解释:

–with-target-bits=64: 构建64的JDK

–with-jvm-variants=server :构建server模式的JDK

–with-debug-level=slowdebug: slowdebug带有更多的调试信息

–disable-zip-debug-info:禁止压缩调试信息,可以方便调试

–with-boot-jdk=/export/soft/java-se-7u75-ri/ :表示boot jdk的路径,就是刚才下载的jdk7的路径
--with-memory-size=1024 表示1GB

sudo apt-get install libx11-dev libxext-dev libxrender-dev libxtst-dev libxt-dev

./get_source.sh

等待几分钟,时间可能需要很久
在运行 ./configure ,运行的过程需要的依赖很多,依次安装就好了。
image.png
image.png

vi hotspot/make/linux/makefiles/adjust-mflags.sh

image.png

gcc的版本过高
image.png
安装gcc和g++ 4.9版本

修改apt源:

sudo vi /etc/apt/sources.list

添加以下内容到文件末尾:

#install gcc 4.9

deb http://dk.archive.ubuntu.com/ubuntu/ xenial main

deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe

更新源:

sudo apt-get update

安装4.9版本:

sudo apt install gcc-4.9

sudo apt install g++-4.9

管理多版本gcc:

sudo update-alternatives –install /usr/bin/gcc gcc /usr/bin/gcc-7 50
sudo update-alternatives –install /usr/bin/g++ g++ /usr/bin/g++-7 50
sudo update-alternatives –install /usr/bin/gcc gcc /usr/bin/gcc-4.9 20
sudo update-alternatives –install /usr/bin/g++ g++ /usr/bin/g++-4.9 20

切换到4.9版本:

sudo update-alternatives –config gcc

sudo update-alternatives –config g++

注意:切换完gcc的版本后需要重新运行之前命令

sh ./configure –with-target-bits=64 –with-jvm-variants=server –with-debug-level=slowdebug –disable-zip-debug-info –with-boot-jdk=/export/soft/java-se-7u75-ri/

再执行
vi hotspot/make/linux/makefiles/gcc.make
注释掉如下这行

./configure –with-target-bits=64 –with-jvm-variants=server –with-debug-level=slowdebug –disable-zip-debug-info –with-boot-jdk=/your-pwd/soft/java-se-7u75-ri/
最后 make images

codeql database create jdk_src --language=java --command="make images"

如果运行过程中下面错误,就是系统内存不够
image.png

CompileJavaClasses.gmk:316: recipe for target '/data/github/jdk-jdk8-b120/build/linux-x86_64-normal-server-release/jdk/classes/_the.BUILD_JDK_batch' failed
make[2]: *** [/data/github/jdk-jdk8-b120/build/linux-x86_64-normal-server-release/jdk/classes/_the.BUILD_JDK_batch] Error 137
BuildJdk.gmk:64: recipe for target 'classes-only' failed
make[1]: *** [classes-only] Error 2
/data/github/jdk-jdk8-b120//make/Main.gmk:115: recipe for target 'jdk-only' failed
make: *** [jdk-only] Error 2

建议加上

codeql database create jdk_src --language=java --command="make images" -M 1024

其实就是编译jdk,因为CodeQL需要参与到源码的编译过程中去才能构建数据库。效果成功如下:
image.png


参考原文:
https://blog.csdn.net/java_yanglikun/article/details/114460300
https://github.com/github/codeql/issues/4304