From 73202d621b7eb477048801c5e3a26a165068c9d6 Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Fri, 17 Dec 2021 23:41:14 +0100 Subject: [PATCH] Add updated 2.15.0, 2.12.2 info Close #35 Close #23 --- filter/filter.go | 6 +++++- filter/filter_test.go | 4 +++- testdata/JndiManager.class-2.12.2 | Bin 0 -> 5644 bytes testdata/JndiManager.class-2.16.0 | Bin 0 -> 9991 bytes 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 testdata/JndiManager.class-2.12.2 create mode 100644 testdata/JndiManager.class-2.16.0 diff --git a/filter/filter.go b/filter/filter.go index a24fa0b..c29e282 100644 --- a/filter/filter.go +++ b/filter/filter.go @@ -33,7 +33,10 @@ func IsVulnerableClass(buf []byte, filename string, examineV1 bool) string { if strings.Contains(strings.ToLower(filepath.Base(filename)), "jndimanager.") && bytes.Equal(buf[:4], []byte{0xca, 0xfe, 0xba, 0xbe}) && - !bytes.Contains(buf, []byte("Invalid JNDI URI - {}")) { + // 2.15+ + !bytes.Contains(buf, []byte("Invalid JNDI URI - {}")) && + // 2.12.2. Note the extra space for extra security. + !bytes.Contains(buf, []byte("Invalid JNDI URI - {}")) { return "JndiManager class missing new error message string literal" } @@ -55,6 +58,7 @@ var vulnVersions = map[string]string{ "77323460255818f4cbfe180141d6001bfb575b429e00a07cbceabd59adf334d6": "log4j 2.14.0-2.14.1", // JndiManager.class "ae950f9435c0ef3373d4030e7eff175ee11044e584b7f205b7a9804bbe795f9c": "log4j 2.1-2.3", // JndiManager.class "c3e95da6542945c1a096b308bf65bbd7fcb96e3d201e5a2257d85d4dedc6a078": "log4j 2.13.0-2.13.3", // JndiManager.class + "db07ef1ea174e000b379732681bd835cfede648a7971bf4e9a0d31981582d69e": "log4j-2.15.0", // JndiManager.class } var vulnVersionsV1 = map[string]string{ diff --git a/filter/filter_test.go b/filter/filter_test.go index f877674..76017fd 100644 --- a/filter/filter_test.go +++ b/filter/filter_test.go @@ -33,6 +33,7 @@ func TestFilterJndi(t *testing.T) { v{"2.11.2", true}, v{"2.12.0", true}, v{"2.12.1", true}, + v{"2.12.2", false}, v{"2.13.0", true}, v{"2.13.1", true}, v{"2.13.2", true}, @@ -40,7 +41,8 @@ func TestFilterJndi(t *testing.T) { v{"2.13-3-debian", true}, v{"2.14.0", true}, v{"2.14.1", true}, - v{"2.15.0", false}, + v{"2.15.0", true}, + v{"2.16.0", false}, v{"2.16.0-debian", false}, } { file := "../testdata/JndiManager.class-" + cand.version diff --git a/testdata/JndiManager.class-2.12.2 b/testdata/JndiManager.class-2.12.2 new file mode 100644 index 0000000000000000000000000000000000000000..c6919c1e82daf67a2cf4253da24f0793c57dcd73 GIT binary patch literal 5644 zcmc&&`F9i775>JHMwSQLC_qqfUIDjfrek@q2a6eHGyhpeM^`Bp#MWo+waYc@u{Ej%g4jJNmM_ZqQUnWeR>o6dJT10g4&z)H&(z{sJQv3EVZ0E= zSHk$JxcgcJU&o6wz7fF+oEOVC!}wMN-^O=paXVfL2jKK|3zWctyq~2}-wV>UL*Z%Vzbggy=4F$k?r!+OTeSX(`9D^AhB)t)2aQdk;$3 z)??YjNiCzLM)YLb8Xh*xVewpdESa)wJ!$GrG9Y1PVDC%optzJ}I{KI+VNuU9?SwX# zG_~VGP^b5vB=d}{VBKMAgK2$8LS<9)AqiET){ritzQ-{2J-Oq9y4^4CC4@E^rr~Us z(9+~eOr|x8>vL>M?I{0^=KVCb$4Y7G{hDnEF}|!SXT+c*l5?|^I#Jq(C0}1no zb!WSNRLi9u-?J@%bSiiwqq=%XGF?$5RlmfWLzfr z($3;VR>ld;lBi^*Qw} z8E+`KjsXSl#|8y&;w=UHaX>*o1|-~GT8i6pMw$R5zIRf=Pw-Q*{7lBr75oBI;_$Wt zQ?M>5S1bPO(jZD$BB&EygG?OtI?LIuCXuOuuEk`$0IK@gO1rhi0NckS8Ut#+3~ zPc=)DLO%rS?j`2&Iz3Vw^<$@sm3Kj4oXorEUt z$U}$_f&Y_&KZ^)gi3{R@g1_Le3O))=LTtdy<}w+}7S3}cLMF9MJ$2fTaY0ZCs<8QV znXzY{r+NZ2x`0w^=Q2_yd@Vg2lK zv`j`fSqsUngIULB$`(hSM$h#wgmr*d-#JwizLopc}n>uH^4kVY?f>|~rT6V^mKh;@Gk5rkUu4n5c46vrP%BX8(pSP{ciy$vIooOxvi>;$|d=F}Ks- zq8qxj0$@7RR#vx}`zf*MV@EcfG;NJ}LW_l1$U%{|3(M#zG^$~?_3@{p_?;BeAIiBi z_YC5K`V=xF*oF52*Odml+QmB}9iz7HR&{d&)X*nb&fmyu`E$PlcZjCXT~tgCeAb}` z9oPg3_wsZXD!BrYNmNFwD#ua%GEWjVa}DtcBq)R9iBI24dcmQ@rIrbV;;pYjeud`> zm!rH@Vb6Lo_^&noEdClc;?Q z;fv%9YPHGby5HwoPcEUW5}(Q8Y313`d>v4)q3+-W>Rs24 zqoHBTIOdB(bR4&hV?n8pP3poi(UT&rr7prh`S{zYmM&hyLdsgSF%%0$7stmDJJ2$P zdLHg*5r+$?y96n^Bz_f*m1v!U!mB%5#Z}uBnt52-CJwQxDKzl3ELIg@Q`=m&SoM_f zeXM#M%VQy-UZtC6U6{}PqjcaII_xZ6_ZSxAak}*hG~r1m-&0KbrUWD{i+7YR zx+R&Ur{h>ns1Q%j?{TITaG7avg{d(?NSValxJs&Pq`OYa*9jGGu%zB}ZHd#~D4H>d z6lLB=NEm|dmO@X_z8)VAg!h)9y5>DBk#RKgA67(#jA0ogkYpIObTcSU!YI<*Rp2=H z{1L)cIHH$tgp-;IIZnG9guUZvizd8%l4%}Y&Ap%NLFd04sG%lLxdu>W%a^~GE)c@FZX zcH-Evok#1osoUbFbHIClPXXLfcZ ztstcRz8Zgb?!9yFx#xBNbMCBOeB+tth-fXpFHE)crAjnkmfk;0?_Z?(S84t&Okbg| zhUnkr`5$4rlU|bPuSxTDXbY@Va>bz#~-uT*i2=T`AN zu9s%M#@AQT7G6-rab6hWMeO(AXw@zM}CYP>AO%Z25N5H~>; zZVvHEn1EM>c(ulB!qm@e!@Q1f)_A?f8#KN}bxU`5@1BnKgFAW?0|^jyA2E&_ z&1oYu+?>c;sm$;u5Vd79xxA6d?>5o}GsGQCwZ(O9-7SekMI$PQXdi(b>wRUH%;bvphNRF7z>Fn?@_{($ck>+I9GMh7IzS$$?5>MZe7}5m$ z`a3$iZVT}aCVzK(OCM7}9+2L@vt@S+)2va`I%Z_dOui+Z&Ym!bc4TvTSRi66SIDQ* z&E2V79?U8eso{)~FIXnil1Z;OPqoEXESWQzyKCXtoOcevo?I{cX6(VtUDknzo$QXyx<`7dw!_s}Q zYg={*2CD5&Wz3$!u|uXcAn)Oe&8bW(zm;jEVXCoyh7IjSC5K#XymYsOXf|o2cNxy9#CZVM5be-MaGd`W_~0))Mr?r%bON9`OyD~u4SWZlKww8 zjo4{c88KzPZrIGXn}>};I`5zX)2fE0*KE1Aa{RBEOAVy)9CM}*mSJm~#S2RRn;8{u zI3qZ%`IMR4bnU9gBAGbm>oLqpgln=#TQVI@)(LQhr#c!G@`m6*0W zR-8*A&P2GB$rBNq)GO^H{}0}r#y-`FypcS*%NSLVfl>h`v&^(< zE_c}z=5u#IxK5j2T={ZfQGwXUsjy{{bU)bNg=wF8 zl4<^g*~C~TZ=CEnnKVa5KoE6I)SwJFPE?_k;#?6nNdmX|xR#uv>E>lW3m?>t8h2^D zQ{%Uw;6vT2O0#7!iz{?aV_?9F%>x^4(G`L@-rZU*2nGfqUnrloOE0l-GHK>=OIEF1 ziNsetb)|e+qF5~yMe;Q=I8|nY=@j$S0Jfy1Ev`DgwvukuCdom*lMv8%a+NfzrCB4* zT4~lH8(mu#S+WX7E2_RuR9}3hbk>c!)3mUpvz&o`9&JLKlWC_8LcIj_!ij9bN}8Q1 zsgWX{^wuP2P^X9JQJr^jkMtha=_KWKIw4Jt@*4N*+{bT4s!)~j>LybaW5Pw}eokN! z59ss`x?iVzWzl`oyq$nSE3Qd;jR$q!O;6~Qreiwq;oEfj9r~b7zfDh|%$*GIt%Xz? zX-#DQg3fz+pEUb5zFp@7e1{AU>hyvvomoN}Z!S>N?y+-nC(}HkZptXUX*z6QOq!eo ztMi>~FkR;*L7G$fwF#+}>5+jEGrqH@y(`{TE+@woWW~YVjPJka-UIOyMlSAf7+M|& zw8rxzre&)6Og0Ym%qCOFcSA)gD~?3o6dyo+8OQ(W)KN1%7SCtnNu!W6g$h;Zv0RhJ zhjdOdYUX;cv_*v=Y}4q`VF2az-q*#<-!xh(2jXQ3kXuW&!Jd|QaU~>h3W@0yJdw(e z#GxCmSeBU^%_5L8!=?2e#!Wh#d|2aQoktirt&1e;RtA{X`3OCs@ll=AjBv?tR^w5f z?_y+v8*r%B9Z`#Kb*Ccq10LFHxDB;GfA^$ zXb7G|>{Q9VPPxgn)FqIcki&1{PA)@r%8IU>lv{CE=*k?2Dnqsh;q3Sdh@sOT(jVca z2f*U{Q5eZxaf=-I2av3mBd!V=89&JHLREBtY1=iyP?=l4K-@zbKdkd3^eG^y@~x-* zFS=VzwPv#@;!wfVl*n4gq-2^=nrIur1ulvE+XQay*@C*p)|Lo6(^&(-X@`^I-vxb< zFedQt&Sr*DQk9k^MzR*5``tRfhu@1hmp4o|U)d1G=%|?iq&Bx4%H>5o_deEq<%N^K zlOT^4@BZC5HO}XbsPj2Mrc?mS{bQyxDL(BheV)*qT*I_bM8DGc026g4n$=-bwWWeI zcg>W7%7Mhm1jW)0m2r3P_U#@0*nIlT@22hL)7nM}1f`r?&>+6^KvrBZOLI&suT&e9 z;ebLR3KmY3Ih^q2Y<8LIVV~R(S{tTULVe}3HF5IaCcD1!1h*=XJfWprhl>Y<5ClSX zfu0*FkChSQD*L-(=P+^b#4CwYqh9T{=yIAAz_3}+eutW*jDX(Dj$P_H#RV4DH?&>p zwFe7qApt=n0DSuk70RzJVbOIZ7F9VnBH+gjW#lX46VH@;JzFqsB-$%Or@o6}%HQAHI{>jfQrWNIvZ{Qx8=qONHe97kw_DG0d}8rHW%0AJ zjn_6A5;`0yxy49jfG`t2UKQ;FDI?}x1$-Up8qVN*vAy2}QahULn>rK{B%B`7O1B;x zCfsWx1Xy3jWwsWs^~%%^a>Wf|U**C@&V9{YFa;Pvts!`KK^Is!qrTHl{I=r8S^!+T z@KL`40Wv9Q9U6~`iw2uI1qNVLa+1QGE0Iq)zGVm}AK!qg22cm!9Im|@5>CluD$18l zd#n_Es(|S+^MinQII0Tzs7UM@#mE!6EtX}BVJc|kz<0GE&QJO0kDbUWPjAuTJ@u+9K3gf#x<24vtp7BA9 zaSz141-0*SjBz=fFvg8>!g$QHz7_O$d&b)^zQ;4(j`7<(;~f;0d!&b7RIZd0#<*Qh z7~}G(EL2JFqzCZkL5vnr1zMu;1=6CSigBuZ5+kN}p$+0mvvhh4eM;0B?)JRh;jV>DcJR0tU9{Zu;?O=HT zKWg3qcO6t3&bC>(8qRYx6qy37WU8cJqF;9W(V$cyibQM2DRP$T_yR?rr`j_h_j+ZR zWYw=Y65otf;w!yz;tE?t+mClCadewb2|>y*t`P61Uv=0$1Z_01t8ZMkd_~M33tXTX z8-o{UCb-A&EDB_^4=W8HrfTRYKHXujrN`h&`LCXS&GBhH{W^ML+Isp8^u(w2bP7H3 zRy{pVzX@+u<0yXsy`T~=76hXRSVXWmf@Kjbh=4Q#3%s9x%Mp2lV}Tl5%Erk;+BSI1 zV}lyCiED!ofMHlZqBxG&pyVWqU!qxi&(mz>k8zq4*)~qs$sjgPbH{1kWXGI>Soj`e zi^XdomRNGE@dbGM%q6M^ulXB;v0!vT<2c3lEW1p#7%W^SgVR)VmVD7gjTdQg1uef! zI$kYVF0WQxrllC%utEkg|7D6`bYsl#S$5M3wJa96OyO8C78s|7SWv{Xk76g)p??;p zej27d2O~ofIuEm7payz|*3h%Go}Qy^^gOlG$8qleocie#2;)xzF+W9FdJzZgGaeU@ zxh@`aT|DNxc+7S2nCs#($HleaXuJ4#AyW-$!PjY_M!y%PE*}3nRrWa!cnW+M`wTpl@N6^?W9}DQqLS$$dmm%Lp^8m z1~udoH1K^S z!&d=^KLD7#1~~a4-2WpShaclOyiT8{pU^+j8}wy*lU@eGzRJu#{PW|V#sQAvk5Ojg z4^)gI zKY_k}Nbq5L3P&`6eKR|^ZF?x3Hl$dMz?oko8;XWkpMK%-|hdQPK1TlzY6YV^EMpYtZ^`=W z=}A-E;(_P}TenDv{t^IW^RHLjA3}M!Y^3*D z`Wyuz>F4S1r)uvjFX=xxly