Missing Java classes

.travis.yml

@@ -28,4 +28,4 @@ branches:
   - v3.0/master
   - v3.1/dev
 notifications:
-  irc: "chat.freenode.net#modsecurity"
+  irc: "chat.freenode.net#modsecurity"

README.md

@@ -7,7 +7,7 @@ The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection r
 
 ## CRS Resources
 
-Please see the [OWASP ModSecurity Core Rule Set page](https://modsecurity.org/crs/) to get introduced to the CRS and view resources on installation, configuration, and working with the CRS.
+Please see the [OWASP ModSecurity Core Rule Set page](https://coreruleset.org/) to get introduced to the CRS and view resources on installation, configuration, and working with the CRS.
 
 ## Contributing to the CRS
 

crs-setup.conf.example

@@ -1,5 +1,5 @@
 # ------------------------------------------------------------------------
-# OWASP ModSecurity Core Rule Set ver.3.0.2
+# OWASP ModSecurity Core Rule Set ver.3.2.0
 # Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under

rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf

@@ -86,7 +86,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
 # Magic bytes detected and payload included possibly RCE vulnerable classess detected and process execution methods detected
 # anomaly score set to critical as all conditions indicate the request try to perform RCE.
 SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \
-    "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure)" \
+    "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" \
     "id:944120,\
     phase:2,\
     block,\
@@ -235,7 +235,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
     ver:'OWASP_CRS/3.1.0',\
     severity:'CRITICAL',\
     chain"
-    SecRule MATCHED_VARS "@rx (?:runtime|processbuilder|clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure)" \
+    SecRule MATCHED_VARS "@rx (?:runtime|processbuilder|clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" \
         "t:base64Decode,t:lowercase,\
         setvar:'tx.msg=%{rule.msg}',\
         setvar:tx.rce_score=+%{tx.critical_anomaly_score},\
@@ -244,7 +244,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
 
 # Renamed 944340 to 944240
 SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \
-    "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure)" \
+    "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" \
     "id:944240,\
     phase:2,\
     block,\

rules/java-classes.data

@@ -8,6 +8,8 @@ java.io.CharArrayReader
 java.io.DataInputStream
 java.io.File
 java.io.FileOutputStream
+java.io.FilePermission
+java.io.FileWriter
 java.io.FilterInputStream
 java.io.FilterOutputStream
 java.io.FilterReader
@@ -36,3 +38,4 @@ java.lang.System
 javax.script.ScriptEngineManager
 org.apache.commons
 org.omg.CORBA
+java.beans.XMLDecoder