JDK 手动编译入库教程
构建环境介绍
操作系统:ubuntu 16.04
Boot_JDK:jdk 1.7.0_80
Target_OpenJDK:OpenJDK 8u73
Docker 环境构建
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 sudo docker pull ubuntu:16.04sudo docker run -it ubuntu:16.04 /bin/bashcat > /etc/apt/sources.list <<EOF deb-src <http://archive.ubuntu.com/ubuntu> xenial main restricted deb <http://mirrors.aliyun.com/ubuntu/> xenial main restricted deb-src <http://mirrors.aliyun.com/ubuntu/> xenial main restricted multiverse universe deb <http://mirrors.aliyun.com/ubuntu/> xenial-updates main restricted deb-src <http://mirrors.aliyun.com/ubuntu/> xenial-updates main restricted multiverse universe deb <http://mirrors.aliyun.com/ubuntu/> xenial universe deb <http://mirrors.aliyun.com/ubuntu/> xenial-updates universe deb <http://mirrors.aliyun.com/ubuntu/> xenial multiverse deb <http://mirrors.aliyun.com/ubuntu/> xenial-updates multiverse deb <http://mirrors.aliyun.com/ubuntu/> xenial-backports main restricted universe multiverse deb-src <http://mirrors.aliyun.com/ubuntu/> xenial-backports main restricted universe multiverse deb <http://archive.canonical.com/ubuntu> xenial partner deb-src <http://archive.canonical.com/ubuntu> xenial partner deb <http://mirrors.aliyun.com/ubuntu/> xenial-security main restricted deb-src <http://mirrors.aliyun.com/ubuntu/> xenial-security main restricted multiverse universe deb <http://mirrors.aliyun.com/ubuntu/> xenial-security universe deb <http://mirrors.aliyun.com/ubuntu/> xenial-security multiverse EOF apt install -y build-essential gdb cmake openjdk-8-jdk cpio file unzip zip wget git vim && apt install -y --no-install-recommends libfontconfig1-dev libfreetype6-dev libcups2-dev libx11-dev libxext-dev libxrender-dev libxrandr-dev libxtst-dev libxt-dev libasound2-dev libffi-dev autoconf wget <http://ftp.gnu.org/gnu/make/make-3.81.tar.gz> && tar -zxvf make-3.81.tar.gz && cd make-3.81 && bash configure -prefix=/usr && make && make install
make降级完如图:
接着我们clone openjdk项目,这个项目有差不多1个g的大小,建议在物理机上clone完然后通过docker cp 命令拷贝到容器内即可
https://github.com/openjdk/jdk8u
docker cp拷贝
1 sudo docker cp ./jdk8u a028a2c93958:/root/
准备Boot_JDK 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 wget <https://repo.huaweicloud.com/java/jdk/7u80-b15/jdk-7u80-linux-x64.tar.gz> mkdir /usr/lib/jvmtar -zxvf jdk-7u80-linux-x64.gz -C /usr/lib/jvm vim ~/.bashrc export JAVA_HOME=/usr/lib/jvm/jdk1.7.0_80export JRE_HOME=${JAVA_HOME} /jreexport CLASSPATH=.:${JAVA_HOME} /lib:${JRE_HOME} /lib export PATH=${JAVA_HOME} /bin:$PATH source ~/.bashrcupdate-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.7.0_80/bin/java 300 update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk1.7.0_80/bin/javac 300 update-alternatives --install /usr/bin/jar jar /usr/lib/jvm/jdk1.7.0_80/bin/jar 300 update-alternatives --install /usr/bin/javah javah /usr/lib/jvm/jdk1.7.0_80/bin/javah 300 update-alternatives --install /usr/bin/javap javap /usr/lib/jvm/jdk1.7.0_80/bin/javap 300 update-alternatives --config java java -version
配置完构建的jdk 环境如图:
OpenJDK编译环境检查:
1 2 3 cd jdk8uchmod 777 configure./configure --with-target-bits=64 --with-boot-jdk=/usr/lib/jvm/jdk1.7.0_80 --with-debug-level=slowdebug --enable-debug-symbols ZIP_DEBUGINFO_FILES=0
说明我们可以正常构建jdk了
然后再把codeql 拷一份到容器中去即可
最后一步,直接构建JDK并且用codeql记录
这一步很吃电脑性能,反正内存是真能吃满!
1 ~/codeql/codeql database create ~/Openjdk8u65_db --language="java" --command ="make all DISABLE_HOTSPOT_OS_VERSION_CHECK=OK ZIP_DEBUGINFO_FILES=0" --overwrite
出现的问题:
绕过这个”十年” 限制
1 2 3 4 5 6 7 8 find . -name GenerateCurrencyData.java ./jdk/make/src/classes/build/tools/generatecurrencydata/GenerateCurrencyData.java long now = System.currentTimeMillis(); if (Math.abs(now - time ) > TEN_YEARS) { throw new RuntimeException("time is more than 10 years from present: " + time ); }
注释287行
完结撒花
用时大概20 mins左右
将得到的数据库进行打包
不然会出现 there was no upgrade path to the target dbscheme 的问题,即使使用了两个相同版本的codeql
1 2 3 codeql.exe database bundle --output=openjdk8u65_db.zip -- ./openjdk8u65_db Creating bundle metadata for F:\Main-Sec\codeAudit\codeql\databases\openjdk8u65_db... Creating zip file at F:\Main-Sec\codeAudit\codeql\databases\openjdk8u65_db.zip.
最好使用相同版本的codeql进行构建和查询,不要版本差距过大,兼容性真的很差!
CC依赖codeQL数据库构建
构建cc 3.2.1版本:
环境要求: JDK 7.x
将仓库拉下来:
git clone <https://github.com/apache/commons-collections>
然后 cd ./commons-collections && git check out tag 如下图所示:
powershell 下用一个命令捕获当前文件夹下所有的java文件,当然我们可以尽可能排除test 目录下的测试代码
1 2 3 4 5 6 7 8 Get-ChildItem -Recurse -Filter *.java | Where-Object { ($_ -notmatch '\\test\\' ) -and ($_ -notmatch 'Test\.java$' ) } | ForEach-Object { $_ .FullName } | Out-File -Encoding ASCII java-files.txt mkdir classes
然后采用javac 命令进行编译
1 2 3 4 5 codeql database create yourdb_address --language=java --command ='cmd /c "F:\Main-Sec\JavaSec\JDK\jdk1.7.0_21\bin\javac -Xlint:none -proc:none -source 1.7 -target 1.7 -d classes @java-files.txt"' --overwrite javac -cp "libs/commons-collections-3.2.1.jar;libs/commons-logging-1.2.jar" -Xlint:none -proc:none -source 1.7 -target 1.7 -d classes @java-files.txt codeql database create ../../databases/cc1-db --language=java --command ='cmd /C "chcp 936 >nul && set JAVA_TOOL_OPTIONS=-Dfile.encoding=GBK && F:\Main-Sec\JavaSec\JDK\jdk1.7.0_21\bin\javac -cp \"libs/commons-collections-3.2.1.jar;libs/commons-logging-1.2.jar\" -Xlint:none -proc:none -source 1.7 -target 1.7 -d classes @java-files.txt > compile.log 2>&1"' --overwrite
解决命令行中出现锟斤拷等乱码
cmd /C "chcp 936 >nul && set JAVA_TOOL_OPTIONS=-Dfile.encoding=GBK 加入这个即可
参考:
https://fynch3r.github.io/记一次CodeQL与OpenJDK的联动/
编译OpenJDK8并生成CodeQL数据库_codeql-docker-CSDN博客
得到的结果存放在Github ,后续根据自己对漏洞的挖掘再逐渐构建更多的数据库
