generating hashes for the JndiLookup.class file to patch out

lunasec-io · Dec 23, 2021 · 7d30321 · 7d30321
1 parent 56c6375
commit 7d30321
Show file tree

Hide file tree

Showing 10 changed files with 151 additions and 796 deletions.
diff --git a/tools/log4shell/analyze/analyze.go b/tools/log4shell/analyze/analyze.go
@@ -97,7 +97,7 @@ func fileNameToSemver(fileNameNoExt string) string {
 	return semverVersion
 }
 
-func getJndiLookupHash(zipReader *zip.Reader, filePath string) (fileName, fileHash string, err error) {
+func GetJndiLookupHash(zipReader *zip.Reader, filePath string) (fileName, fileHash string, err error) {
 	fileName = "org/apache/logging/log4j/core/lookup/JndiLookup.class"
 
 	reader, err := zipReader.Open(fileName)
@@ -163,10 +163,15 @@ func ProcessArchiveFile(zipReader *zip.Reader, reader io.Reader, filePath, fileN
 		return
 	}
 
-	jndiLookupFileName, jndiLookupFileHash, err := getJndiLookupHash(zipReader, filePath)
-	if err != nil {
-		jndiLookupFileName = ""
-		jndiLookupFileHash = ""
+	jndiLookupFileName := ""
+	jndiLookupFileHash := ""
+
+	if versionIsInRange(fileNameNoExt, semverVersion, constants.JndiLookupPatchFileVersions) {
+		jndiLookupFileName, jndiLookupFileHash, err = GetJndiLookupHash(zipReader, filePath)
+		if err != nil {
+			jndiLookupFileName = ""
+			jndiLookupFileHash = ""
+		}
 	}
 
 	log.Log().
@@ -185,6 +190,7 @@ func ProcessArchiveFile(zipReader *zip.Reader, reader io.Reader, filePath, fileN
 		JndiLookupHash:        jndiLookupFileHash,
 		Version: semverVersion,
 		CVE: versionCve,
+		Severity: constants.CveSeverityLookup[versionCve],
 	}
 	return
 }
diff --git a/tools/log4shell/commands/patch.go b/tools/log4shell/commands/patch.go
@@ -117,7 +117,7 @@ func JavaArchivePatchCommand(c *cli.Context, globalBoolFlags map[string]bool) er
 		}
 		log.Debug().
 			Str("path", finding.Path).
-			Str("path", finding.Path).
+			Str("zipFilePath", finding.JndiLookupFileName).
 			Msg("Found file to remove")
 	}
 

diff --git a/tools/log4shell/constants/vulnerablehashes.go b/tools/log4shell/constants/vulnerablehashes.go
@@ -23,16 +23,20 @@ import (
 const (
 	Log4ShellCve = "CVE-2021-44228"
 	CtxCve       = "CVE-2021-45046"
+	RecursiveDosCve = "CVE-2021-45105"
 	Log4j1RceCve = "CVE-2019-17571"
 )
 
 var (
 	CveSeverityLookup = map[string]string {
 		Log4ShellCve: "10.0",
 		CtxCve:       "9.0",
+		RecursiveDosCve: "7.5",
 		Log4j1RceCve: "9.8",
 	}
 
+	JndiLookupPatchFileVersions = semver.MustParseRange(">=2.0.0")
+
 	FileVersionChecks = []types.LibraryFileVersionCheck{
 		{
 			Cve: Log4ShellCve,
@@ -41,12 +45,17 @@ var (
 		},
 		{
 			Cve: Log4ShellCve,
-			SemverRange: semver.MustParseRange(">=2.1.0 <=2.14.1"),
+			SemverRange: semver.MustParseRange(">=2.1.0 <2.15.0"),
 			LibraryFile: "JndiManager.class",
 		},
 		{
 			Cve: CtxCve,
-			SemverRange: semver.MustParseRange("=2.15.0"),
+			SemverRange: semver.MustParseRange(">=2.15.0 <2.16.0"),
+			LibraryFile: "JndiManager.class",
+		},
+		{
+			Cve: RecursiveDosCve,
+			SemverRange: semver.MustParseRange(">=2.16.0 <2.17.0"),
 			LibraryFile: "JndiManager.class",
 		},
 		{