Deny oracle db jvm based tools (#8909)

bric3 · web-flow · commit d55b36fc2027 · 2025-06-03T16:53:38.000Z
* Deny Oracle Database JVM based tools

APMS-16000
diff --git a/metadata/README.md b/metadata/README.md
@@ -0,0 +1,16 @@
+# SSI injection metadata
+
+## Adding a new deny metadata.
+
+1. Adding or updating denied Java process metadata in order to avoid enabling the tracer is done by editing 
+   the following files :
+
+    * `base-requirements.json`
+    * `denied-arguments.tsv`
+    * `denied-environment-variables.tsv`
+
+2. Then run the following command to build/update the `requirements.json` file:
+    
+    ```bash
+    ./build-requirements.sh
+    ```
diff --git a/metadata/denied-arguments.tsv b/metadata/denied-arguments.tsv
@@ -14,6 +14,20 @@ apache_cassandra_sstableupgrade org.apache.cassandra.tools.StandaloneUpgrader
 apache_cassandra_sstableutil    org.apache.cassandra.tools.StandaloneSSTableUtil    Skip Apache Cassandra sstableutil
 apache_cassandra_sstableverify  org.apache.cassandra.tools.StandaloneVerifier       Skip Apache Cassandra sstableverify
 
+# Oracle Database JVM based tools
+oracle_dbca                     oracle.assistants.dbca.driver.DBConfigurator            Skip Oracle Database Configuration Assistant
+oracle_dbua                     oracle.assistants.dbua.driver.StartDBUA                 Skip Oracle Database Upgrade Assistant
+oracle_emca                     oracle.sysman.assistants.emca.sdkimpl.EMConfigAssistant Skip Oracle Enterprise Manager Configuration Assistant
+oracle_invctl                   oracle.install.common.endpoints.cli.CliExecutor         Skip Oracle Inventory Control
+oracle_netca                    oracle.net.ca.NetCA                                     Skip Oracle Net Configuration Assistant
+oracle_rconfig                  oracle.sysman.assistants.rconfig.RConfig                Skip Oracle RAC Converter
+oracle_roohctl                  oracle.assistants.roohctl.RoohCtl                       Skip Oracle Read-Only Oracle Home Control
+oracle_srvctl                   oracle.ops.opsctl.OPSCTLDriver                          Skip Oracle Server Control Utility
+oracle_diagsetup                oracle.diagfw.adr.diagsetup.DiagSetup                   Skip Oracle Setup Diagnostic Tool
+oracle_ldifmigrator             oracle.ldap.util.LDIFMigration                          Skip Oracle LDIF Migration Tool
+oracle_trcasst                  oracle.net.trcasst.Jtrcasst                             Skip Oracle Trace Assistant
+oracle_trcsess                  oracle.ss.tools.trcsess.TrcSess                         Skip Oracle Session Tracer
+
 # Apache Lucene
 apache_lucene8_luke             org.apache.lucene.luke.app.desktop.LukeMain         Skip Lucene 8 Luke
 apache_lucene9_luke             org.apache.lucene.luke                              Skip Apache Netbeans
diff --git a/metadata/requirements.json b/metadata/requirements.json
@@ -201,6 +201,210 @@
       ],
       "envars": null
     },
+    {
+      "id": "oracle_dbca",
+      "description": "Skip Oracle Database Configuration Assistant",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.assistants.dbca.driver.DBConfigurator"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_dbua",
+      "description": "Skip Oracle Database Upgrade Assistant",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.assistants.dbua.driver.StartDBUA"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_emca",
+      "description": "Skip Oracle Enterprise Manager Configuration Assistant",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.sysman.assistants.emca.sdkimpl.EMConfigAssistant"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_invctl",
+      "description": "Skip Oracle Inventory Control",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.install.common.endpoints.cli.CliExecutor"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_netca",
+      "description": "Skip Oracle Net Configuration Assistant",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.net.ca.NetCA"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_rconfig",
+      "description": "Skip Oracle RAC Converter",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.sysman.assistants.rconfig.RConfig"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_roohctl",
+      "description": "Skip Oracle Read-Only Oracle Home Control",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.assistants.roohctl.RoohCtl"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_srvctl",
+      "description": "Skip Oracle Server Control Utility",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.ops.opsctl.OPSCTLDriver"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_diagsetup",
+      "description": "Skip Oracle Setup Diagnostic Tool",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.diagfw.adr.diagsetup.DiagSetup"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_ldifmigrator",
+      "description": "Skip Oracle LDIF Migration Tool",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.ldap.util.LDIFMigration"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_trcasst",
+      "description": "Skip Oracle Trace Assistant",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.net.trcasst.Jtrcasst"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
+    {
+      "id": "oracle_trcsess",
+      "description": "Skip Oracle Session Tracer",
+      "os": null,
+      "cmds": [
+        "**/java"
+      ],
+      "args": [
+        {
+          "args": [
+            "oracle.ss.tools.trcsess.TrcSess"
+          ],
+          "position": null
+        }
+      ],
+      "envars": null
+    },
     {
       "id": "apache_lucene8_luke",
       "description": "Skip Lucene 8 Luke",
