ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-29 15:43:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix netty-codec-http, and make classes that are not present less intrusive.

Browse Source
This commit is contained in:
rick.parker 2023-04-06 14:55:25 +01:00
parent 79abb8d7eb
commit b7ac0504f3
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/aegis4j/src/main/java/net/gredler/aegis4j/Patcher.java
View File

@ -49,7 +49,7 @@ public final class Patcher implements ClassFileTransformer {
* @param instr the instrumentation instance to add a new patcher to * @param instr the instrumentation instance to add a new patcher to
* @param block the features to block * @param block the features to block
*/ */
public static void start(Instrumentation instr, Set<String> block, Properties props) { public static void start(Instrumentation instr, Set<String> block, Properties props) throws IOException {
System.out.println("Aegis4j patching starting"); System.out.println("Aegis4j patching starting");
if (patcher != null) instr.removeTransformer(patcher); if (patcher != null) instr.removeTransformer(patcher);
patcher = new Patcher(block, props); patcher = new Patcher(block, props);
@ -57,11 +57,14 @@ public final class Patcher implements ClassFileTransformer {
for (String className : patcher.modifications.keySet()) { for (String className : patcher.modifications.keySet()) {
try { try {
System.out.println("Aegis4j patching " + className + "..."); System.out.print("Aegis4j patching " + className + "...");
Class<?> clazz = Class.forName(className); Class<?> clazz = Class.forName(className);
instr.retransformClasses(clazz); instr.retransformClasses(clazz);
} catch (ClassNotFoundException | UnmodifiableClassException e) { System.out.println();
e.printStackTrace(); } catch (ClassNotFoundException e) {
System.out.println("not present.");
} catch (UnmodifiableClassException e) {
throw new IOException("Problems transforming class", e);
} }
} }

2
tools/cliutils/src/main/resources/mods.properties
View File

@ -61,3 +61,5 @@ KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempDir=throw new java.lang.RuntimeExcep
KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempFile=throw new java.lang.RuntimeException("Kotlin createTempFile blocked by aegis4j"); KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempFile=throw new java.lang.RuntimeException("Kotlin createTempFile blocked by aegis4j");
# CVE-2020-8908 # CVE-2020-8908
GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j"); GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j");
# CVE-2019-16869 - HttpObjectDecoder was called HttpMessageDecoder back then
NETTYHTTP.org.jboss.netty.handler.codec.http.HttpMessageDecoder.HttpMessageDecoder=throw new java.lang.RuntimeException("netty-codec-http HttpMessageDecoder blocked by aegis4j");