diff --git a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_23463.java b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_23463.java new file mode 100644 index 0000000000..a4928d9174 --- /dev/null +++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2021_23463.java @@ -0,0 +1,142 @@ +/* Copyright (c) 2022, Daniel Gredler. All rights reserved. */ + +package net.gredler.aegis4j; + +import org.h2.command.CommandInterface; +import org.h2.engine.SessionInterface; +import org.h2.jdbc.JdbcConnection; +import org.h2.jdbc.JdbcSQLXML; +import org.h2.message.Trace; +import org.h2.store.DataHandler; +import org.h2.value.Value; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.Test; + +import javax.xml.transform.dom.DOMSource; +import java.util.ArrayList; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.fail; + +/** + * Tests H2 SQL XML blocking. + */ +public class CVE_2021_23463 { + @AfterAll + public static void uninstallAgent() throws Exception { + System.clearProperty("aegis4j.additional.args"); + } + + @Test + public void test() throws Exception { + TestUtils.installAgent("path=../resources/test/h2-mods.properties"); + try { + SessionInterface session = new SessionInterface() { + @Override + public ArrayList getClusterServers() { + return null; + } + + @Override + public CommandInterface prepareCommand(String sql, int fetchSize) { + return null; + } + + @Override + public void close() { + + } + + @Override + public Trace getTrace() { + return null; + } + + @Override + public boolean isClosed() { + return false; + } + + @Override + public int getPowerOffCount() { + return 0; + } + + @Override + public void setPowerOffCount(int i) { + + } + + @Override + public DataHandler getDataHandler() { + return null; + } + + @Override + public boolean hasPendingTransaction() { + return false; + } + + @Override + public void cancel() { + + } + + @Override + public boolean isReconnectNeeded(boolean write) { + return false; + } + + @Override + public SessionInterface reconnect(boolean write) { + return null; + } + + @Override + public void afterWriting() { + + } + + @Override + public boolean getAutoCommit() { + return false; + } + + @Override + public void setAutoCommit(boolean autoCommit) { + + } + + @Override + public void addTemporaryLob(Value v) { + + } + + @Override + public boolean isRemote() { + return false; + } + + @Override + public void setCurrentSchemaName(String schema) { + + } + + @Override + public String getCurrentSchemaName() { + return null; + } + + @Override + public boolean isSupportsGeneratedKeys() { + return false; + } + }; + JdbcConnection connection = new JdbcConnection(session, "user", "url"); + new JdbcSQLXML(connection, null, null, 0).getSource(DOMSource.class); + fail("Exception expected"); + } catch (RuntimeException e) { + assertEquals("H2 SQL XML blocked by aegis4j", e.getMessage()); + } + } +} diff --git a/tools/aegis4j/src/test/resources/h2-mods.properties b/tools/aegis4j/src/test/resources/h2-mods.properties index 0b39eec274..55500f746a 100644 --- a/tools/aegis4j/src/test/resources/h2-mods.properties +++ b/tools/aegis4j/src/test/resources/h2-mods.properties @@ -1,3 +1,5 @@ # format: ..= -# CVE-2018-10054, CVE-2021-42392, CVE-2018-14335 -H2.org.h2.server.web.WebServlet.WebServlet=throw new java.lang.RuntimeException("H2 Console blocked by aegis4j"); \ No newline at end of file +# CVE-2018-10054, CVE-2021-42392, CVE-2018-14335, CVE-2022-23221, CVE-2022-45868 +H2.org.h2.server.web.WebServlet.WebServlet=throw new java.lang.RuntimeException("H2 Console blocked by aegis4j"); +# CVE-2021-23463 +H2.org.h2.jdbc.JdbcSQLXML.getSource=throw new java.lang.RuntimeException("H2 SQL XML blocked by aegis4j"); diff --git a/tools/cliutils/src/main/resources/mods.properties b/tools/cliutils/src/main/resources/mods.properties index 071a219c47..a779ce8a28 100644 --- a/tools/cliutils/src/main/resources/mods.properties +++ b/tools/cliutils/src/main/resources/mods.properties @@ -64,5 +64,7 @@ KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempFile=throw new java.lang.RuntimeExce GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j"); # CVE-2019-16869 - HttpObjectDecoder was called HttpMessageDecoder back then NETTYHTTP.org.jboss.netty.handler.codec.http.HttpMessageDecoder.HttpMessageDecoder=throw new java.lang.RuntimeException("netty-codec-http HttpMessageDecoder blocked by aegis4j"); -# CVE-2018-10054, CVE-2021-42392, CVE-2018-14335 -H2.org.h2.server.web.WebServlet.WebServlet=throw new java.lang.RuntimeException("H2 Console blocked by aegis4j"); \ No newline at end of file +# CVE-2018-10054, CVE-2021-42392, CVE-2018-14335, CVE-2022-23221, CVE-2022-45868 +H2.org.h2.server.web.WebServlet.WebServlet=throw new java.lang.RuntimeException("H2 Console blocked by aegis4j"); +# CVE-2021-23463 +H2.org.h2.jdbc.JdbcSQLXML.getSource=throw new java.lang.RuntimeException("H2 SQL XML blocked by aegis4j");