fixes unvalidated forward detect by remove hook blacklist

Author: lostsnow

dongtai-core/src/main/java/io/dongtai/iast/core/utils/matcher/ConfigMatcher.java

@@ -7,7 +7,9 @@
 import org.apache.commons.lang3.StringUtils;
 
 import java.lang.instrument.Instrumentation;
-import java.util.*;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * 各种匹配方法（通过配置文件匹配）
@@ -168,6 +170,9 @@ public boolean canHook(String className, PolicyManager policyManager) {
         String realClassName = className.replace('/', '.');
         boolean isBlack = inHookBlacklist(className);
         if (isBlack) {
+            if (policyManager.getPolicy() == null) {
+                return false;
+            }
             policyManager.getPolicy().addBlacklistHooks(realClassName);
             if (!policyManager.getPolicy().isIgnoreBlacklistHooks(realClassName)
                     && !policyManager.getPolicy().isIgnoreInternalHooks(realClassName)) {

dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt

@@ -29998,7 +29998,7 @@ org/apache/catalina/connector/Request$SpecialAttributeAdapter
 org/apache/catalina/connector/ResponseFacade
 org/apache/catalina/connector/SessionTracker
 org/apache/catalina/core/AccessLogAdapter
-org/apache/catalina/core/ApplicationContext
+#org/apache/catalina/core/ApplicationContext
 org/apache/catalina/core/ApplicationContext$DispatchData
 org/apache/catalina/core/ApplicationContextFacade
 org/apache/catalina/core/ApplicationDispatcher