Fix netty-codec-http

tools/aegis4j/build.gradle

@@ -34,6 +34,7 @@ dependencies {
     testImplementation "com.google.guava:guava:$guava_version"
     testImplementation "org.yaml:snakeyaml:1.33"
     testImplementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+    testImplementation "io.netty:netty:3.10.5.Final"
 }
 
 sourceCompatibility = 8

tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2019_16869.java

@@ -0,0 +1,31 @@
+/* Copyright (c) 2022, Daniel Gredler. All rights reserved. */
+
+package net.gredler.aegis4j;
+
+import org.jboss.netty.handler.codec.http.HttpRequestDecoder;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
+
+/**
+ * Tests netty-codec-http blocking.
+ */
+public class CVE_2019_16869 {
+    @AfterAll
+    public static void uninstallAgent() throws Exception {
+        System.clearProperty("aegis4j.additional.args");
+    }
+
+    @Test
+    public void test() throws Exception {
+        TestUtils.installAgent("path=../resources/test/netty-mods.properties");
+        try {
+            new HttpRequestDecoder();
+            fail("Exception expected");
+        } catch (RuntimeException e) {
+            assertEquals("netty-codec-http HttpMessageDecoder blocked by aegis4j", e.getMessage());
+        }
+    }
+}

tools/aegis4j/src/test/resources/netty-mods.properties

@@ -0,0 +1,3 @@
+# format: <feature>.<class-name>.<method-name>=<replacement-code>
+# CVE-2019-16869 - HttpObjectDecoder was called HttpMessageDecoder back then
+NETTYHTTP.org.jboss.netty.handler.codec.http.HttpMessageDecoder.HttpMessageDecoder=throw new java.lang.RuntimeException("netty-codec-http HttpMessageDecoder blocked by aegis4j");