mirror of
https://github.com/corda/corda.git
synced 2025-01-19 19:26:27 +00:00
Re-enable all but unsafe test
This commit is contained in:
parent
6bf1587cf6
commit
2ed10bb0e9
@ -2,21 +2,25 @@
|
||||
|
||||
package net.gredler.aegis4j;
|
||||
|
||||
import org.junit.jupiter.api.AfterAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
/**
|
||||
* Tests {@link AegisAgent} monitoring via system properties.
|
||||
*/
|
||||
public class AegisAgentMonitoringTest {
|
||||
/*
|
||||
@AfterAll
|
||||
public static void uninstallAgent() throws Exception {
|
||||
TestUtils.installAgent("unblock=unsafe,serialization");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSystemProperty() throws Exception {
|
||||
assertNull(System.getProperty("aegis4j.blocked.features"));
|
||||
TestUtils.installAgent("unblock=jndi,rmi,unsafe,scripting");
|
||||
assertEquals("serialization,jshell,process,httpserver", System.getProperty("aegis4j.blocked.features"));
|
||||
assertEquals("serialization,process,httpserver", System.getProperty("aegis4j.blocked.features"));
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
@ -2,11 +2,14 @@
|
||||
|
||||
package net.gredler.aegis4j;
|
||||
|
||||
import static net.gredler.aegis4j.TestUtils.OWNED;
|
||||
import static net.gredler.aegis4j.TestUtils.installAgent;
|
||||
import static net.gredler.aegis4j.TestUtils.toBytes;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
import org.apache.commons.collections4.FunctorException;
|
||||
import org.apache.commons.collections4.Transformer;
|
||||
import org.apache.commons.collections4.comparators.TransformingComparator;
|
||||
import org.apache.commons.collections4.functors.ChainedTransformer;
|
||||
import org.apache.commons.collections4.functors.ConstantTransformer;
|
||||
import org.apache.commons.collections4.functors.InvokerTransformer;
|
||||
import org.junit.jupiter.api.AfterAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
@ -15,14 +18,11 @@ import java.nio.file.Path;
|
||||
import java.util.Comparator;
|
||||
import java.util.PriorityQueue;
|
||||
|
||||
import jdk.nashorn.internal.ir.annotations.Ignore;
|
||||
import org.apache.commons.collections4.FunctorException;
|
||||
import org.apache.commons.collections4.Transformer;
|
||||
import org.apache.commons.collections4.comparators.TransformingComparator;
|
||||
import org.apache.commons.collections4.functors.ChainedTransformer;
|
||||
import org.apache.commons.collections4.functors.ConstantTransformer;
|
||||
import org.apache.commons.collections4.functors.InvokerTransformer;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import static net.gredler.aegis4j.TestUtils.OWNED;
|
||||
import static net.gredler.aegis4j.TestUtils.installAgent;
|
||||
import static net.gredler.aegis4j.TestUtils.toBytes;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
/**
|
||||
* Tests mitigation of CVE-2015-7501, both at the process execution level and at the serialization level.
|
||||
@ -35,10 +35,13 @@ import org.junit.jupiter.api.Test;
|
||||
* @see <a href="https://github.com/frohoff/ysoserial/blob/master/src/main/java/ysoserial/payloads/CommonsCollections6.java">Exploit POC</a>
|
||||
*/
|
||||
public class CVE_2015_7501 {
|
||||
@AfterAll
|
||||
public static void uninstallAgent() throws Exception {
|
||||
TestUtils.installAgent("unblock=unsafe,serialization");
|
||||
}
|
||||
|
||||
/*
|
||||
@Test
|
||||
@SuppressWarnings({ "rawtypes", "unchecked" })
|
||||
@SuppressWarnings({"rawtypes", "unchecked"})
|
||||
public void test() throws Exception {
|
||||
|
||||
Path temp = Files.createTempFile("aegis4j-", ".tmp");
|
||||
@ -79,7 +82,7 @@ public class CVE_2015_7501 {
|
||||
assertEquals("", TestUtils.fileReadString(temp), path);
|
||||
|
||||
// install aegis4j agent
|
||||
installAgent(null);
|
||||
installAgent("unblock=unsafe");
|
||||
|
||||
// trigger again directly, verify not owned
|
||||
try {
|
||||
@ -103,5 +106,4 @@ public class CVE_2015_7501 {
|
||||
assertEquals("Java deserialization blocked by aegis4j", e.getMessage());
|
||||
}
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
@ -2,13 +2,12 @@
|
||||
|
||||
package net.gredler.aegis4j;
|
||||
|
||||
import static net.gredler.aegis4j.TestUtils.testLdap;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.apache.log4j.receivers.db.JNDIConnectionSource;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.function.Executable;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import static net.gredler.aegis4j.TestUtils.testLdap;
|
||||
|
||||
/**
|
||||
* Tests mitigation of CVE-2019-17531. No setup is required besides starting the LDAP server that
|
||||
@ -23,7 +22,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
* @see <a href="https://swapneildash.medium.com/understanding-insecure-implementation-of-jackson-deserialization-7b3d409d2038">Understanding Jackson deserialization</a>
|
||||
*/
|
||||
public class CVE_2019_17531 {
|
||||
/*
|
||||
@Test
|
||||
public void test() throws Throwable {
|
||||
|
||||
@ -40,5 +38,4 @@ public class CVE_2019_17531 {
|
||||
|
||||
testLdap(setup, trigger, SerializableDataSource.class, true);
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
@ -2,9 +2,6 @@
|
||||
|
||||
package net.gredler.aegis4j;
|
||||
|
||||
import static net.gredler.aegis4j.TestUtils.testLdap;
|
||||
|
||||
import jdk.nashorn.internal.ir.annotations.Ignore;
|
||||
import org.apache.logging.log4j.Level;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
@ -18,6 +15,8 @@ import org.apache.logging.log4j.core.config.builder.impl.BuiltConfiguration;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.function.Executable;
|
||||
|
||||
import static net.gredler.aegis4j.TestUtils.testLdap;
|
||||
|
||||
/**
|
||||
* Tests mitigation of CVE-2021-44228 (a.k.a. Log4Shell). During setup we simply configure log4j to
|
||||
* perform basic logging, and set up our LDAP server to serve serialized {@link SerializablePojo}
|
||||
@ -28,8 +27,6 @@ import org.junit.jupiter.api.function.Executable;
|
||||
* @see <a href="https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/">log4j-jndi-be-gone</a>
|
||||
*/
|
||||
public class CVE_2021_44228 {
|
||||
|
||||
/*
|
||||
@Test
|
||||
public void test() throws Throwable {
|
||||
|
||||
@ -64,5 +61,4 @@ public class CVE_2021_44228 {
|
||||
|
||||
Configurator.initialize(builder.build());
|
||||
}
|
||||
*/
|
||||
}
|
||||
|
@ -2,9 +2,15 @@
|
||||
|
||||
package net.gredler.aegis4j;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import com.google.common.base.Charsets;
|
||||
import com.google.common.io.ByteStreams;
|
||||
import com.unboundid.ldap.listener.InMemoryDirectoryServer;
|
||||
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
|
||||
import com.unboundid.ldap.listener.InMemoryListenerConfig;
|
||||
import com.unboundid.ldap.sdk.DN;
|
||||
import com.unboundid.ldap.sdk.Entry;
|
||||
import com.unboundid.ldap.sdk.LDAPException;
|
||||
import org.junit.jupiter.api.function.Executable;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
@ -20,16 +26,9 @@ import java.util.jar.JarEntry;
|
||||
import java.util.jar.JarOutputStream;
|
||||
import java.util.jar.Manifest;
|
||||
|
||||
import com.google.common.base.Charsets;
|
||||
import com.google.common.io.ByteStreams;
|
||||
import org.junit.jupiter.api.function.Executable;
|
||||
|
||||
import com.unboundid.ldap.listener.InMemoryDirectoryServer;
|
||||
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
|
||||
import com.unboundid.ldap.listener.InMemoryListenerConfig;
|
||||
import com.unboundid.ldap.sdk.DN;
|
||||
import com.unboundid.ldap.sdk.Entry;
|
||||
import com.unboundid.ldap.sdk.LDAPException;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
/**
|
||||
* Base test class which makes it easy to set up an embedded LDAP server, trigger an LDAP-related
|
||||
@ -53,7 +52,7 @@ public final class TestUtils {
|
||||
System.clearProperty(OWNED);
|
||||
assertNull(System.getProperty(OWNED));
|
||||
|
||||
installAgent(null);
|
||||
installAgent("unblock=unsafe");
|
||||
|
||||
try {
|
||||
trigger.execute();
|
||||
@ -66,6 +65,7 @@ public final class TestUtils {
|
||||
}
|
||||
|
||||
ldapServer.shutDown(true);
|
||||
TestUtils.installAgent("unblock=unsafe,serialization");
|
||||
}
|
||||
|
||||
// https://docs.oracle.com/javase/jndi/tutorial/objects/representation/ldap.html
|
||||
|
Loading…
Reference in New Issue
Block a user