Brutex
/
XServices
1
0
Fork 0
Code Issues 2 Pull Requests Actions Projects Releases 4 Wiki Activity

Update Log4j2 dependency to 2.17.1 to resolve log4jshell vulnerability 

git-svn-id: https://brutex.net/svn/xservices/trunk@197 e7e49efb-446e-492e-b9ec-fcafc1997a86
master
Brian Rosenberger 2022-01-14 14:35:55 +00:00
parent 7ee16eb26c
commit 9d95f5194a
9 changed files with 72 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
ivy.xml
View File

@ -34,7 +34,7 @@
<dependencies defaultconf="master"> <dependencies defaultconf="master">
<dependency org="org.apache.commons" name="commons-lang3" rev="3.7"/> <dependency org="org.apache.commons" name="commons-lang3" rev="3.7"/>
<dependency org="org.apache.commons" name="commons-configuration2" rev="2.2" /> <dependency org="org.apache.commons" name="commons-configuration2" rev="2.7" />
<dependency org="commons-net" name="commons-net" rev="3.2"/> <dependency org="commons-net" name="commons-net" rev="3.2"/>
@ -59,15 +59,15 @@
<dependency org="org.quartz-scheduler" name="quartz" rev="2.3.0"/> <dependency org="org.quartz-scheduler" name="quartz" rev="2.3.0"/>
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core --> <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.11.0"/> <dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.17.1"/>
<dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.11.0"/> <dependency org="org.apache.logging.log4j" name="log4j-core" rev="2.17.1"/>
<dependency org="org.apache.logging.log4j" name="log4j-web" rev="2.11.0"/> <dependency org="org.apache.logging.log4j" name="log4j-web" rev="2.17.1"/>
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-1.2-api --> <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-1.2-api -->
<dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.11.0"/> <dependency org="org.apache.logging.log4j" name="log4j-1.2-api" rev="2.17.1"/>
<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl --> <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl -->
<dependency org="org.apache.logging.log4j" name="log4j-slf4j-impl" rev="2.11.0" /> <dependency org="org.apache.logging.log4j" name="log4j-slf4j-impl" rev="2.17.1" />
<!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api --> <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
<!-- <dependency org="org.slf4j" name="slf4j-api" rev="1.7.25" />--> <!-- <dependency org="org.slf4j" name="slf4j-api" rev="1.7.25" />-->
@ -79,9 +79,12 @@
<dependency org="commons-beanutils" name="commons-beanutils" rev="1.9.3"/> <dependency org="commons-beanutils" name="commons-beanutils" rev="1.9.3"/>
<!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api -->
<dependency org="javax.servlet" name="javax.servlet-api" rev="4.0.1"/>
<dependency org="org.apache.ws.commons.axiom" name="axiom-api" rev="1.2.20" conf="compile,master"> <dependency org="org.apache.ws.commons.axiom" name="axiom-api" rev="1.2.20" conf="compile,master">
<!-- <artifact name="axiom-api" ext="jar"/>--> <!-- <artifact name="axiom-api" ext="jar"/>-->
<exclude name="axiom-api-1.2.20-tests" ext="jar"/> <exclude name="axiom-api-1.2.20-tests" ext="jar"/>
@ -96,9 +99,9 @@
<dependency org="org.apache.shiro" name="shiro-core" rev="1.4.0" /> <dependency org="org.apache.shiro" name="shiro-core" rev="1.8.0" />
<dependency org="org.apache.shiro" name="shiro-root" rev="1.4.0" /> <dependency org="org.apache.shiro" name="shiro-root" rev="1.8.0" />
<dependency org="org.apache.shiro" name="shiro-web" rev="1.4.0" /> <dependency org="org.apache.shiro" name="shiro-web" rev="1.8.0" />
@ -140,8 +143,35 @@
<dependency org="lib" name="lib.xservices-scmtypes" rev="20131001" conf="*->default"> <dependency org="lib" name="lib.xservices-scmtypes" rev="20131001" conf="*->default">
<artifact name="lib.xservices-scmtypes" type="jar" /> <artifact name="lib.xservices-scmtypes" type="jar" />
</dependency> </dependency>
<dependency org="lib" name="MgmtDataModel" rev="20131001" conf="*->default">
<artifact name="MgmtDataModel" type="jar" />
</dependency>
<!--
<dependency org="lib" name="OADocGenerator" rev="20131001" conf="*->default">
<artifact name="OADocGenerator" type="jar" />
</dependency>
-->
<dependency org="lib" name="DocBuilder" rev="20131001" conf="*->default">
<artifact name="DocBuilder" type="jar" />
</dependency>
<!-- Micro Focus/ Serena Software Dimensions CM 14.1 API -->
<dependency org="lib" name="serena.darius" rev="14.1" conf="*->default">
<artifact name="serena.darius" type="jar" />
</dependency>
<dependency org="lib" name="serena.dmclient" rev="14.1" conf="*->default">
<artifact name="serena.dmclient" type="jar" />
</dependency>
<dependency org="lib" name="serena.dmfile" rev="14.1" conf="*->default">
<artifact name="serena.dmfile" type="jar" />
</dependency>
<dependency org="lib" name="serena.dmnet" rev="14.1" conf="*->default">
<artifact name="serena.dmnet" type="jar" />
</dependency>
<dependency org="lib" name="serena.dmtpi" rev="14.1" conf="*->default">
<artifact name="serena.dmtpi" type="jar" />
</dependency>
<conflict manager="latest-revision"/> <conflict manager="latest-revision"/>
</dependencies> </dependencies>
</ivy-module> </ivy-module>

2
ivysettings.xml
View File

@ -2,7 +2,7 @@
<ivysettings> <ivysettings>
<settings defaultResolver="defaultchain" /> <settings defaultResolver="defaultchain" />
<resolvers> <resolvers>
<ibiblio name="apache-maven" m2compatible="true" usepoms="true" root="http://repo.maven.apache.org/maven2/" /> <ibiblio name="apache-maven" m2compatible="true" usepoms="true" root="https://repo.maven.apache.org/maven2/" />
<ibiblio name="java" m2compatible="true" usepoms="true" root="http://download.java.net/maven/2/" /> <ibiblio name="java" m2compatible="true" usepoms="true" root="http://download.java.net/maven/2/" />
<filesystem name="local-filesystem"> <filesystem name="local-filesystem">

BIN
lib/DocBuilder-20131001.jar Normal file
View File

Binary file not shown.

24
src/java/net/brutex/xservices/security/XServicesRealm.java
View File

@ -17,30 +17,14 @@
package net.brutex.xservices.security; package net.brutex.xservices.security;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.apache.shiro.config.Ini;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.util.Nameable;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL;
import javax.servlet.ServletContext;
import org.apache.catalina.core.ApplicationContext;
import org.apache.logging.log4j.LogManager;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.config.Ini;
import org.apache.shiro.io.ResourceUtils;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.realm.text.TextConfigurationRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.Nameable;
import org.apache.shiro.web.env.IniWebEnvironment;
import org.apache.shiro.web.util.WebUtils;
// TODO: Auto-generated Javadoc // TODO: Auto-generated Javadoc
/* /*

2
src/java/net/brutex/xservices/types/StringMatchType.java
View File

@ -29,7 +29,7 @@ import javax.xml.bind.annotation.XmlType;
@XmlType @XmlType
public class StringMatchType public class StringMatchType
{ {
public final List<StringMatchDetails> stringlist = new ArrayList(); public final List<StringMatchDetails> stringlist = new ArrayList<StringMatchDetails>();
public int size = 0; public int size = 0;
public synchronized void addStringMatch(StringMatchDetails match) public synchronized void addStringMatch(StringMatchDetails match)

6
src/java/net/brutex/xservices/util/BrutexHSQLQuartzConnectionProvider.java
View File

@ -177,11 +177,7 @@ public class BrutexHSQLQuartzConnectionProvider implements ConnectionProvider {
return false; return false;
} }
@Override
public void initialize() throws SQLException {
// TODO Auto-generated method stub
}
} }

5
src/java/net/brutex/xservices/util/BrutexQuartzConnectionProvider.java
View File

@ -177,11 +177,6 @@ public class BrutexQuartzConnectionProvider implements ConnectionProvider {
return false; return false;
} }
@Override
public void initialize() throws SQLException {
// TODO Auto-generated method stub
}
} }

14
src/java/net/brutex/xservices/util/OpenAirConnection.java
View File

@ -3,10 +3,14 @@
*/ */
package net.brutex.xservices.util; package net.brutex.xservices.util;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL; import java.net.URL;
import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration; import org.apache.commons.configuration2.PropertiesConfiguration;
import org.apache.commons.jcs.JCS; import org.apache.commons.jcs.JCS;
import org.apache.commons.jcs.access.exception.CacheException; import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
@ -29,7 +33,9 @@ public final class OpenAirConnection {
final URL configloc = OpenAirConnection.class.getClassLoader().getResource(config); final URL configloc = OpenAirConnection.class.getClassLoader().getResource(config);
logger.debug("Loading Open Air connection details from {}", configloc.toString()); logger.debug("Loading Open Air connection details from {}", configloc.toString());
props = new PropertiesConfiguration(configloc); props = new PropertiesConfiguration();
props.read( new InputStreamReader( new BufferedInputStream(configloc.openStream())) );
final String user = props.getString("user"); final String user = props.getString("user");
final String password = props.getString("password"); final String password = props.getString("password");
final String company = props.getString("company"); final String company = props.getString("company");
@ -46,6 +52,8 @@ public final class OpenAirConnection {
} catch (ConfigurationException e) { } catch (ConfigurationException e) {
logger.error(e.getMessage(), e); logger.error(e.getMessage(), e);
e.printStackTrace(); e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally { } finally {
} }

13
src/java/net/brutex/xservices/ws/impl/OpenAirProxyServiceImpl.java
View File

@ -15,6 +15,9 @@
*/ */
package net.brutex.xservices.ws.impl; package net.brutex.xservices.ws.impl;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL; import java.net.URL;
import java.time.format.DateTimeFormatter; import java.time.format.DateTimeFormatter;
import java.util.ArrayList; import java.util.ArrayList;
@ -27,8 +30,8 @@ import javax.activation.DataHandler;
import javax.jws.WebParam; import javax.jws.WebParam;
import javax.jws.WebService; import javax.jws.WebService;
import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration; import org.apache.commons.configuration2.PropertiesConfiguration;
import org.apache.commons.jcs.JCS; import org.apache.commons.jcs.JCS;
import org.apache.commons.jcs.access.exception.CacheException; import org.apache.commons.jcs.access.exception.CacheException;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
@ -464,7 +467,8 @@ public class OpenAirProxyServiceImpl implements OpenAirProxyService {
final URL configloc = this.getClass().getClassLoader().getResource(config); final URL configloc = this.getClass().getClassLoader().getResource(config);
props = new PropertiesConfiguration(configloc); props = new PropertiesConfiguration();
props.read( new InputStreamReader( new BufferedInputStream( configloc.openStream() )));
final String user = props.getString("user"); final String user = props.getString("user");
final String password = props.getString("password"); final String password = props.getString("password");
final String company = props.getString("company"); final String company = props.getString("company");
@ -481,6 +485,9 @@ public class OpenAirProxyServiceImpl implements OpenAirProxyService {
} catch (ConfigurationException e) { } catch (ConfigurationException e) {
logger.error(e); logger.error(e);
e.printStackTrace(); e.printStackTrace();
} catch (IOException e) {
logger.error(e);
e.printStackTrace();
} finally { } finally {
} }