openstack
/
monasca-agent
Code Issues Proposed changes
monasca-agent/monasca_agent/collector/checks
History
Jan Zerebecki dbb766218e Remove JMSAppender.class to avoid CVE-2021-4104, 
CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.

Though it does not contain a vulnerable configuration of log4j, to avoid
needing to prove that and false positives of security scanners, this
commit is the result of running the following commands:

zip -q -d monasca_agent/collector/checks/libs/jmxfetch-0.3.0-jar-with-dependencies.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
unzip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar
zip -q -d WORLDS-INF/lib/log4j.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*"
zip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar

Change-Id: Id47ba9397e7fef1ac8622abb2a1691a260f4bc9c
 		2022-01-27 09:05:15 +00:00
..
libs Remove JMSAppender.class to avoid CVE-2021-4104, 2022-01-27 09:05:15 +00:00
__init__.py Make forwarder and collector compatible with py35 2018-07-17 13:31:48 +02:00
check.py Stop to use the __future__ module. 2020-06-04 13:05:21 +02:00
collector.py Fix flake8 errors 2020-05-14 12:11:56 +02:00
services_checks.py Remove six 2020-11-13 16:16:58 +01:00
utils.py Merge "Enable unit tests for py36" 2019-07-22 15:03:24 +00:00