engine/java:chore - updating log4j rule to avoid false positives (#980)

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>

internal/services/engines/java/rules.go

@@ -2608,7 +2608,7 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() *text.Rule {
 		Expressions: []*regexp.Regexp{
 			regexp.MustCompile(`compile.*group:.*org\.apache\.logging\.log4j.*name:.*log4j.*version:.*(('|")(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)).*('|")`),
 			regexp.MustCompile(`compile.*log4j.*(:((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+))).*('|")`),
-			regexp.MustCompile(`<groupId>(.*|\n).*org\.apache\.logging\.log4j.*(.*|\n).*<artifactId>.*log4j.*</artifactId>(.*|\n)*(version>((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\n)*</version>`),
+			regexp.MustCompile(`<groupId>\s*org\.apache\.logging\.log4j\s*</groupId>\s*<artifactId>.*\s*log4j.*\s*</artifactId>\s*(<version>\s*((2\.([0-9]\.[0-9]|1[0-6]\.[0-9]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)).*)\s*</version>`),
 			regexp.MustCompile(`<dependency.*org.*org\.apache\.logging\.log4j.*name.*log4j.*rev.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*/>`),
 			regexp.MustCompile(`<(log4j2|log4j)\.version>.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*</(log4j2|log4j)\.version>`),
 		},

internal/services/engines/java/sample_test.go

@@ -1179,7 +1179,7 @@ test {
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>3.8.1</version>
+            <version>2.8.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>