Skip to content

Commit

Permalink
log4j:chore - update log4j min version to 2.17.1 (#907)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ian Cardoso <ian.cardoso@zup.com.br>
  • Loading branch information
@iancardosozup
iancardosozup authored Dec 29, 2021
1 parent 0cc95bc commit 7c6c6dd
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
10 changes: 5 additions & 5 deletions internal/services/engines/java/rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2606,11 +2606,11 @@ func NewVulnerableRemoteCodeInjectionApacheLog4j() text.TextRule {
},
Type: text.OrMatch,
Expressions: []*regexp.Regexp{
regexp.MustCompile(`compile.*group:.*org\.apache\.logging\.log4j.*name:.*log4j.*version:.*(('|")(2\.([0-9]\.|1[0-6]))|([0-1]\.[0-9]+\.[0-9]+)).*('|")`),
regexp.MustCompile(`compile.*log4j.*(:((2\.([0-9]\.|1[0-6]))|([0-1]\.[0-9]+\.[0-9]+))).*('|")`),
regexp.MustCompile(`<groupId>(.*|\n).*org\.apache\.logging\.log4j.*(.*|\n).*<artifactId>.*log4j.*</artifactId>(.*|\n)*(version>((2\.([0-9]\.|1[0-6]))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\n)*</version>`),
regexp.MustCompile(`<dependency.*org.*org\.apache\.logging\.log4j.*name.*log4j.*rev.*(2\.([0-9]\.|1[0-6]))|([0-1]\.[0-9]+\.[0-9]+).*/>`),
regexp.MustCompile(`<(log4j2|log4j)\.version>.*(2\.([0-9]\.|1[0-6]))|([0-1]\.[0-9]+\.[0-9]+).*</(log4j2|log4j)\.version>`),
regexp.MustCompile(`compile.*group:.*org\.apache\.logging\.log4j.*name:.*log4j.*version:.*(('|")(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)).*('|")`),
regexp.MustCompile(`compile.*log4j.*(:((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+))).*('|")`),
regexp.MustCompile(`<groupId>(.*|\n).*org\.apache\.logging\.log4j.*(.*|\n).*<artifactId>.*log4j.*</artifactId>(.*|\n)*(version>((2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+)))(.*|\n)*</version>`),
regexp.MustCompile(`<dependency.*org.*org\.apache\.logging\.log4j.*name.*log4j.*rev.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*/>`),
regexp.MustCompile(`<(log4j2|log4j)\.version>.*(2\.([0-9]\.|1[0-6]|17\.0))|([0-1]\.[0-9]+\.[0-9]+).*</(log4j2|log4j)\.version>`),
},
}
}
16 changes: 8 additions & 8 deletions internal/services/engines/java/sample_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -923,7 +923,7 @@ public class Foo {
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.17.0</version>
<version>2.17.1</version>
</dependency>
</dependencies>
</project>
Expand Down Expand Up @@ -973,9 +973,9 @@ repositories {
dependencies {
// SLF4J as a facade over Log4j2 required dependencies
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.0'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.0'
compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version: '2.17.0'
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.1'
compile group: 'org.apache.logging.log4j', name: 'log4j-slf4j-impl', version: '2.17.1'
// Bridges from other logging implementations to SLF4J. Be careful not to bridge SLF4J itself to
compile group: 'org.slf4j', name: 'jul-to-slf4j', version: '1.7.25' // JUL bridge
Expand Down Expand Up @@ -1042,7 +1042,7 @@ dependencies {
compile 'com.epam.reportportal:agent-java-testng:4.2.3'
compile 'com.epam.reportportal:logger-java-log4j:4.0.1'
compile 'org.slf4j:slf4j-log4j12:2.17.0'
compile 'org.slf4j:slf4j-log4j12:2.17.1'
}
Expand Down Expand Up @@ -1095,8 +1095,8 @@ test {
<dependency org="com.auth0" name="java-jwt" rev="3.3.0" />
<dependency org="com.zaxxer" name="HikariCP" rev="3.1.0" />
<dependency org="org.postgresql" name="postgresql" rev="42.2.2" />
<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.0" />
<dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.0" />
<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.1" />
<dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.1" />
Expand Down Expand Up @@ -1162,7 +1162,7 @@ test {
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<log4j2.version>2.17.0</log4j2.version>
<log4j2.version>2.17.1</log4j2.version>
</properties>
<dependencies>
Expand Down

0 comments on commit 7c6c6dd

Please sign in to comment.