openstack
/
monasca-agent
Code Issues Proposed changes
monasca-agent/monasca_agent
History
Jan Zerebecki dbb766218e Remove JMSAppender.class to avoid CVE-2021-4104, 
CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.

Though it does not contain a vulnerable configuration of log4j, to avoid
needing to prove that and false positives of security scanners, this
commit is the result of running the following commands:

zip -q -d monasca_agent/collector/checks/libs/jmxfetch-0.3.0-jar-with-dependencies.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
unzip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar
zip -q -d WORLDS-INF/lib/log4j.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
zip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar

Change-Id: Id47ba9397e7fef1ac8622abb2a1691a260f4bc9c
 		2022-01-27 09:05:15 +00:00
..
collector Remove JMSAppender.class to avoid CVE-2021-4104, 2022-01-27 09:05:15 +00:00
common Merge "Use importlib to take place of imp module" 2020-11-23 23:45:21 +00:00
forwarder Remove six 2020-11-13 16:16:58 +01:00
hacking Update hacking for Python3 2020-03-31 06:49:33 +00:00
statsd Fix parsing of StatsD metrics with Py3 2020-05-22 21:08:28 +01:00
__init__.py Renaming agent packages to reflect monasca 2014-12-19 09:22:03 -07:00
version.py Check version using pbr module 2017-06-19 10:25:04 +02:00