Removing incorrectly flagged class files due to revert in log4j project

CodeShield-Security · Dec 22, 2021 · a63ec5a · a63ec5a
1 parent 834d880
commit a63ec5a
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 13 deletions.
diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
 
     <groupId>de.codeshield.log4shell</groupId>
     <artifactId>Log4JDetector</artifactId>
-    <version>0.5.1</version>
+    <version>0.6.1</version>
 
     <name>cve-2021-44228-detector</name>
     <url>https://codeshield.io</url>

diff --git a/src/main/resources/VulnerableClassSHAs.csv b/src/main/resources/VulnerableClassSHAs.csv
@@ -1,15 +1,4 @@
 ClassName,VulnerableClassSHA
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,08340b54695eed65e463c01ccd0a495be2d65a2fefa16591b876e841186834d0
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,0fd381c4d9583f17548fc5080253a877393ca3d02d90c770bdfb3bff840ec15f
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,14b25b2aacf8ff36f225d08e5fa6f32c4307efb88b4285f9c36fca55d2cfa805
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,22bcb9fc3988440f811f6532cf66c7f2bf6c611d1d71b142721a3ccf280c0dae
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,453341a1c570f7b7fe4d35a08e30e94d33db85ed17ad558de5ddcd69ba262106
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,525af7f270c17d94228db1fe6335cc9756a7b7f69ac50dab854d25cc1474369a
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,7e70dd32b2d17eb2f86aa8bbc79eb59a13a9d710abe88c78ab5c9453b499fe7c
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,a838b0b7cd0bdf7d35313e41d070b7709cb179b62f916a27fcd9c54a90bb9336
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,c9e31795266a76cbb23a0d699355808f1286316d4d15df9843abc90c7acab0ad
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,fa5241309b432617b3b269cffb46bcf8076ded26f00fe80ab8a31fbfe05243d5
-org.apache.logging.log4j.core.appender.mom.JmsAppender$Builder,fd0790b6dcaaf0548c3b3f16b843d914e1294b5ab19bd8e72bce3c4a3da3b77a
 org.apache.logging.log4j.core.net.JndiManager$JndiManagerFactory,1584b839cfceb33a372bb9e6f704dcea9701fa810a9ba1ad3961615a5b998c32
 org.apache.logging.log4j.core.net.JndiManager$JndiManagerFactory,1fa92c00fa0b305b6bbe6e2ee4b012b588a906a20a05e135cbe64c9d77d676de
 org.apache.logging.log4j.core.net.JndiManager$JndiManagerFactory,293d7e83d4197f0496855f40a7745cfcdd10026dc057dfc1816de57295be88a6

diff --git a/src/test/java/de/codeshield/log4jshell/Log4JDetectorTests.java b/src/test/java/de/codeshield/log4jshell/Log4JDetectorTests.java
@@ -16,12 +16,14 @@ public void checkVulnerables() throws IOException, URISyntaxException {
     assertTrue(checkResourceFile("/en16931-xml-validator-2.0.0-b2-jar-with-dependencies.jar"));
     assertTrue(checkResourceFile("/log4j-core-2.12.1.jar"));
     assertTrue(checkResourceFile("/log4j-core-2.14.1.jar"));
+    assertTrue(checkResourceFile("/log4j-core-2.15.0.jar"));
   }
 
   @Test
   public void checkSecure() throws IOException, URISyntaxException {
     assertFalse(checkResourceFile("/spring-boot-2.5.7.jar"));
-    assertTrue(checkResourceFile("/log4j-core-2.15.0.jar"));
+    assertFalse(checkResourceFile("/log4j-core-2.16.0.jar"));
+    assertFalse(checkResourceFile("/log4j-core-2.17.0.jar"));
   }
 
   private boolean checkResourceFile(String url) throws IOException, URISyntaxException {

diff --git a/src/test/resources/log4j-core-2.16.0.jar b/src/test/resources/log4j-core-2.16.0.jar
diff --git a/src/test/resources/log4j-core-2.17.0.jar b/src/test/resources/log4j-core-2.17.0.jar