engine/java:chore - updating log4j rule to avoid false positives

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
ZupIT · Feb 10, 2022 · 3293564 · 3293564
1 parent 22acb2b
commit 3293564
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go
@@ -2608,7 +2608,7 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule {
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`compile.*group:.*org\.apache\.logging\.log4j.*name:.*log4j.*version:.*(('|")(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)).*('|")`),
 			regexp.MustCompile(`compile.*log4j.*(:((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+))).*('|")`),
-			regexp.MustCompile(`<groupId>(.*|\n).*org\.apache\.logging\.log4j.*(.*|\n).*<artifactId>.*log4j.*</artifactId>(.*|\n)*(version>((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\n)*</version>`),
+			regexp.MustCompile(`<groupId>(.|\n)*org\.apache\.logging\.log4j(.|\n)*<artifactId>.*log4j.*</artifactId>(.|\n)*(version>((2\.([0-9]\.[0-9]|1[0-6]\.[0-9]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\s*)?</version>`),
 			regexp.MustCompile(`<dependency.*org.*org\.apache\.logging\.log4j.*name.*log4j.*rev.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*/>`),
 			regexp.MustCompile(`<(log4j2|log4j)\.version>.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*</(log4j2|log4j)\.version>`),
 		},