diff --git a/internal/services/engines/java/rules.go b/internal/services/engines/java/rules.go index eebf6d8cf..c1d7febd5 100644 --- a/internal/services/engines/java/rules.go +++ b/internal/services/engines/java/rules.go @@ -2608,7 +2608,7 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule { Expressions: []*regexp.Regexp{ regexp.MustCompile(`compile.*group:.*org\.apache\.logging\.log4j.*name:.*log4j.*version:.*(('|")(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)).*('|")`), regexp.MustCompile(`compile.*log4j.*(:((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+))).*('|")`), - regexp.MustCompile(`(.*|\n).*org\.apache\.logging\.log4j.*(.*|\n).*.*log4j.*(.*|\n)*(version>((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\n)*`), + regexp.MustCompile(`(.|\n)*org\.apache\.logging\.log4j(.|\n)*.*log4j.*(.|\n)*(version>((2\.([0-9]\.[0-9]|1[0-6]\.[0-9]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\s*)?`), regexp.MustCompile(``), regexp.MustCompile(`<(log4j2|log4j)\.version>.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*`), },