More tests

2025-01-01 18:56:44 +00:00 · 2023-04-06 11:53:13 +01:00 · 2023-04-06 11:53:13 +01:00 · e3440dc2f6
commit e3440dc2f6
parent a61dfd9195
4 changed files with 41 additions and 1 deletions
--- a/tools/aegis4j/build.gradle
+++ b/tools/aegis4j/build.gradle
@ -32,6 +32,7 @@ dependencies {
    }
    // testImplementation group: 'com.ea.agentloader', name: 'ea-agent-loader', version: '1.0.3'
    testImplementation "com.google.guava:guava:$guava_version"
+    testImplementation "org.yaml:snakeyaml:1.33"
 }

 sourceCompatibility = 8
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentSystemPropertyTest.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/AegisAgentSystemPropertyTest.java
@ -8,7 +8,7 @@ import org.junit.jupiter.api.Test;
 import static org.junit.jupiter.api.Assertions.assertEquals;

 /**
- * Tests {@link AegisAgent} monitoring via system properties.
+ * Tests {@link AegisAgent} extra args via system properties.
 */
 public class AegisAgentSystemPropertyTest {
    @AfterAll
--- a/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2022_1471.java
+++ b/tools/aegis4j/src/test/java/net/gredler/aegis4j/CVE_2022_1471.java
@ -0,0 +1,31 @@
+/* Copyright (c) 2022, Daniel Gredler. All rights reserved. */
+
+package net.gredler.aegis4j;
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Test;
+import org.yaml.snakeyaml.constructor.Constructor;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
+
+/**
+ * Tests SnakeYAML blocking.
+ */
+public class CVE_2022_1471 {
+    @AfterAll
+    public static void uninstallAgent() throws Exception {
+        System.clearProperty("aegis4j.additional.args");
+    }
+
+    @Test
+    public void test() throws Exception {
+        TestUtils.installAgent("path=../resources/test/snakeyaml-mods.properties");
+        try {
+            Constructor banned = new Constructor(this.getClass());
+            fail("Exception expected");
+        } catch (RuntimeException e) {
+            assertEquals("SnakeYAML Constructor blocked by aegis4j", e.getMessage());
+        }
+    }
+}
--- a/tools/aegis4j/src/test/resources/snakeyaml-mods.properties
+++ b/tools/aegis4j/src/test/resources/snakeyaml-mods.properties
@ -0,0 +1,8 @@
+# format: <feature>.<class-name>.<method-name>=<replacement-code>
+# CVE-2022-1471
+SNAKEYAML.org.yaml.snakeyaml.constructor.Constructor.Constructor=throw new java.lang.RuntimeException("SnakeYAML Constructor blocked by aegis4j");
+# CVE-2020-29582
+#KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempDir=throw new java.lang.RuntimeException("Kotlin createTempDir blocked by aegis4j");
+#KOTLIN.kotlin.io.FilesKt__UtilsKt.createTempFile=throw new java.lang.RuntimeException("Kotlin createTempFile blocked by aegis4j");
+# CVE-2020-8908
+#GUAVA.com.google.common.io.Files.createTempDir=throw new java.lang.RuntimeException("Guava createTempDir blocked by aegis4j");