From 1266a3af6dfe61042a73ee6e6b63e04c14dc0beb Mon Sep 17 00:00:00 2001
From: IzzelAliz <csh2001331@126.com>
Date: Fri, 10 Dec 2021 10:58:49 +0800
Subject: [PATCH] Workaround for log4j security exploits

---
 .../application/ApplicationBootstrap.java     | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java b/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java
index 2fe45d9e..8241aa27 100644
--- a/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java
+++ b/arclight-forge/src/main/java/io/izzel/arclight/boot/application/ApplicationBootstrap.java
@@ -10,6 +10,8 @@
 import org.objectweb.asm.ClassWriter;
 import org.objectweb.asm.MethodVisitor;
 import org.objectweb.asm.Opcodes;
+import org.objectweb.asm.tree.ClassNode;
+import org.objectweb.asm.tree.InsnNode;
 
 import java.util.ServiceLoader;
 import java.util.function.Consumer;
@@ -25,6 +27,7 @@ public void accept(String[] args) {
         System.setProperty("java.util.logging.manager", "org.apache.logging.log4j.jul.LogManager");
         System.setProperty("log4j.jul.LoggerAdapter", "io.izzel.arclight.boot.log.ArclightLoggerAdapter");
         System.setProperty("log4j.configurationFile", "arclight-log4j2.xml");
+        this.hackLog4j();
         ArclightLocale.info("i18n.using-language", ArclightConfig.spec().getLocale().getCurrent(), ArclightConfig.spec().getLocale().getFallback());
         try {
             int javaVersion = (int) Float.parseFloat(System.getProperty("java.class.version"));
@@ -51,6 +54,29 @@ public void accept(String[] args) {
         }
     }
 
+    private void hackLog4j() {
+        try (var in = getClass().getClassLoader().getResourceAsStream("org/apache/logging/log4j/core/lookup/JndiLookup.class")) {
+            var cw = new ClassWriter(ClassWriter.COMPUTE_MAXS);
+            var cr = new ClassReader(in);
+            var node = new ClassNode();
+            cr.accept(node, 0);
+            for (var method : node.methods) {
+                if (method.name.equals("lookup")) {
+                    method.instructions.clear();
+                    method.instructions.add(new InsnNode(Opcodes.ACONST_NULL));
+                    method.instructions.add(new InsnNode(Opcodes.ARETURN));
+                    method.tryCatchBlocks.clear();
+                    method.localVariables.clear();
+                }
+            }
+            node.accept(cw);
+            var bytes = cw.toByteArray();
+            Unsafe.defineClass(cr.getClassName(), bytes, 0, bytes.length, getClass().getClassLoader(), getClass().getProtectionDomain());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     private void hackModlauncher() throws Exception {
         try (var in = getClass().getClassLoader().getResourceAsStream("cpw/mods/modlauncher/TransformerClassWriter$SuperCollectingVisitor.class")) {
             var cw = new ClassWriter(0);