ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-17 02:09:50 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix netty-codec-http, and make classes that are not present less intrusive.

Browse Source
This commit is contained in:
rick.parker 2023-04-06 14:55:25 +01:00
parent 79abb8d7eb
commit b7ac0504f3
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/aegis4j/src/main/java/net/gredler/aegis4j/Patcher.java
View File

@ -49,7 +49,7 @@ public final class Patcher implements ClassFileTransformer {
* @param instr the instrumentation instance to add a new patcher to
* @param block the features to block
*/
public static void start(Instrumentation instr, Set<String> block, Properties props) {
public static void start(Instrumentation instr, Set<String> block, Properties props) throws IOException {
System.out.println("Aegis4j patching starting");
if (patcher != null) instr.removeTransformer(patcher);
patcher = new Patcher(block, props);
@ -57,11 +57,14 @@ public final class Patcher implements ClassFileTransformer {
for (String className : patcher.modifications.keySet()) {
try {
System.out.println("Aegis4j patching " + className + "...");
System.out.print("Aegis4j patching " + className + "...");
Class<?> clazz = Class.forName(className);
instr.retransformClasses(clazz);
} catch (ClassNotFoundException | UnmodifiableClassException e) {
e.printStackTrace();
System.out.println();
} catch (ClassNotFoundException e) {
System.out.println("not present.");
} catch (UnmodifiableClassException e) {
throw new IOException("Problems transforming class", e);
}
}

4
tools/cliutils/src/main/resources/mods.properties
View File

@ -60,4 +60,6 @@ SNAKEYAML.org.yaml.snakeyaml.constructor.Constructor.Constructor=throw new java.
KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempDir=throw new java.lang.RuntimeException("Kotlin createTempDir blocked by aegis4j");
KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempFile=throw new java.lang.RuntimeException("Kotlin createTempFile blocked by aegis4j");
# CVE-2020-8908
GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j");
GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j");
# CVE-2019-16869 - HttpObjectDecoder was called HttpMessageDecoder back then
NETTYHTTP.org.jboss.netty.handler.codec.http.HttpMessageDecoder.HttpMessageDecoder=throw new java.lang.RuntimeException("netty-codec-http HttpMessageDecoder blocked by aegis4j");