Skip to content

Commit

Permalink
Add string-based match for SocketNode.class without CVE-2019-17571 patch
Browse files Browse the repository at this point in the history
  • Loading branch information
@hillu
hillu committed Dec 15, 2021
1 parent f47fd59 commit dfd4d63
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions filter/filter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ func IsVulnerableClass(buf []byte, filename string, examineV1 bool) string {
if desc, ok := vulnVersionsV1[sum]; ok {
return desc
}
// cf. https://sources.debian.org/src/apache-log4j1.2/1.2.17-10/debian/patches/CVE-2019-17571.patch
if strings.ToLower(filepath.Base(filename)) == "socketnode.class" &&
bytes.Contains(buf, []byte("org/apache/log4j")) &&
!bytes.Contains(buf, []byte("FilteredObjectInputStream")) {
return "SocketNode class missing FilteredObjectInputStream patch"
}
}

if strings.ToLower(filepath.Base(filename)) == "jndimanager.class" &&
Expand Down

0 comments on commit dfd4d63

Please sign in to comment.