slight refactoring

winnpixie · May 15, 2024 · 36028f1 · 36028f1
1 parent cbacf9c
commit 36028f1
Show file tree

Hide file tree

Showing 9 changed files with 35 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Maven
 target/
+dependency-reduced-pom.xml
 
 # IntelliJ
 .idea/

diff --git a/README.md b/README.md
@@ -1,25 +1,25 @@
 # Log4NoShell
-A Java Agent that disables Apache Log4J's JNDI Lookup to aid against [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) ("Log4Shell").
+A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) ("Log4Shell").
 
 If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version *2.17.1*.
-Otherwise, download [log4noshell-0.4-SNAPSHOT-shaded.jar](https://winnpixie.github.io/log4noshell/log4noshell-0.4-SNAPSHOT-shaded.jar) and continue reading.
+Otherwise, download [log4noshell-0.5.jar](log4noshell-0.5.jar) and continue reading.
 
 ## Usage
 To use Java Agents, you must specify them with the `-javaagent` argument. \
-`java -jar -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar Program.jar`
+`java -javaagent:path/to/log4noshell-0.5.jar -jar Program.jar`
 
 ### **Minecraft**
 Please read [Mojang's response](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition)
-to the matter to determine if you need this patcher.
+to determine if you might need this patcher.
 
 - Client:
     1. Go to the *Installations* tab in the launcher
     2. Click on the **three dots** on the **right** side of the version you'd like to use
     3. Click *Edit*
     4. Scroll down and click on *More Options*
-    5. Add `-javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar` to the *JVM Arguments* text-field
-        - `-javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar -Xms2G -Xms2G...`
+    5. Add `-javaagent:path/to/log4noshell-0.5.jar` to the *JVM Arguments* text-field
+        - `-javaagent:path/to/log4noshell-0.5.jar -Xms2G -Xms2G...`
     6. Click *Save*
 - Server:
-    1. Add `-javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar` somewhere before the `-jar` in your launch/start/run command
-       - `java -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar -jar minecraft_server.jar`
+    1. Add `-javaagent:path/to/log4noshell-0.5.jar` somewhere before the `-jar` in your launch/start/run command
+       - `java -javaagent:path/to/log4noshell-0.5.jar -jar minecraft_server.jar`
diff --git a/log4noshell-0.4-SNAPSHOT-shaded.jar b/log4noshell-0.4-SNAPSHOT-shaded.jar
diff --git a/log4noshell-0.5.jar b/log4noshell-0.5.jar
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>io.github.winnpixie</groupId>
     <artifactId>log4noshell</artifactId>
-    <version>0.4-SNAPSHOT</version>
+    <version>0.5</version>
 
     <properties>
         <maven.compiler.source>1.8</maven.compiler.source>
@@ -17,12 +17,12 @@
         <dependency>
             <groupId>org.ow2.asm</groupId>
             <artifactId>asm</artifactId>
-            <version>9.4</version>
+            <version>9.7</version>
         </dependency>
         <dependency>
             <groupId>org.ow2.asm</groupId>
             <artifactId>asm-tree</artifactId>
-            <version>9.4</version>
+            <version>9.7</version>
         </dependency>
     </dependencies>
 
@@ -31,7 +31,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.4.1</version>
                 <configuration>
                     <archive>
                         <manifestFile>src/main/resources/META-INF/MANIFEST.MF</manifestFile>
@@ -41,17 +41,15 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
-                <version>3.2.4</version>
+                <version>3.5.3</version>
                 <executions>
                     <execution>
                         <phase>package</phase>
                         <goals>
                             <goal>shade</goal>
                         </goals>
                         <configuration>
-                            <shadedArtifactAttached>true</shadedArtifactAttached>
-                            <createDependencyReducedPom>false</createDependencyReducedPom>
-                            <minimizeJar>false</minimizeJar>
+                            <shadedArtifactAttached>false</shadedArtifactAttached>
                             <filters>
                                 <filter>
                                     <artifact>org.ow2.asm:asm</artifact>

diff --git a/src/main/java/io/github/winnpixie/log4noshell/JndiLookupTransformer.java b/src/main/java/io/github/winnpixie/log4noshell/JndiLookupTransformer.java
@@ -10,7 +10,7 @@
 import java.security.ProtectionDomain;
 
 public class JndiLookupTransformer implements ClassFileTransformer {
-    public static final String TARGET_CLASS_NAME = "org.apache.logging.log4j.core.lookup.JndiLookup";
+    private static final String TARGET_CLASS_NAME = "org.apache.logging.log4j.core.lookup.JndiLookup";
     private static final String TARGET_METHOD_NAME = "lookup";
     private static final String TARGET_METHOD_DESC = "(Lorg/apache/logging/log4j/core/LogEvent;Ljava/lang/String;)Ljava/lang/String;";
 
@@ -39,10 +39,11 @@ public byte[] transform(ClassLoader loader, String className, Class<?> classBein
             ClassWriter classWriter = new ClassWriter(classReader, ClassWriter.COMPUTE_FRAMES);
             classNode.accept(classWriter);
 
-            Log4NSAgent.LOGGER.info("Patching class");
+            Log4NoShellAgent.LOGGER.info("Patching class");
             return classWriter.toByteArray();
         } catch (IllegalStateException | ClassTooLargeException | MethodTooLargeException e) {
-            Log4NSAgent.LOGGER.severe("ERROR PATCHING METHOD OR CLASS");
+            Log4NoShellAgent.LOGGER.severe("ERROR PATCHING METHOD OR CLASS");
+
             e.printStackTrace();
         }
 

diff --git a/src/main/java/io/github/winnpixie/log4noshell/Log4NSAgent.java b/src/main/java/io/github/winnpixie/log4noshell/Log4NSAgent.java
diff --git a/src/main/java/io/github/winnpixie/log4noshell/Log4NoShellAgent.java b/src/main/java/io/github/winnpixie/log4noshell/Log4NoShellAgent.java
@@ -0,0 +1,15 @@
+package io.github.winnpixie.log4noshell;
+
+import java.lang.instrument.Instrumentation;
+import java.util.logging.LogManager;
+import java.util.logging.Logger;
+
+public class Log4NoShellAgent {
+    public static final Logger LOGGER = LogManager.getLogManager().getLogger(Log4NoShellAgent.class.getName());
+
+    public static void premain(String args, Instrumentation inst) {
+        LOGGER.info("Log4NoShell, a Java agent to mitigate CVE-2021-44228 (\"Log4Shell\")");
+
+        inst.addTransformer(new JndiLookupTransformer());
+    }
+}
diff --git a/src/main/resources/META-INF/MANIFEST.MF b/src/main/resources/META-INF/MANIFEST.MF
@@ -1,2 +1,2 @@
 Manifest-Version: 1.0
-Premain-Class: io.github.winnpixie.log4noshell.Log4NSAgent
+Premain-Class: io.github.winnpixie.log4noshell.Log4NoShellAgent