Eclipse中【Maven下载时,下载源码】设定方法
作者:互联网
目录
■Eclipse中设定方法
Maven
Download Artifact Sources
■效果
---
■扩展
可以查看查看Log4j2的漏洞,JNDI注入 相关的 源码了。
●2.14.1 存在漏洞
JndiLookup.java
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache license, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the license for the specific language governing permissions and
* limitations under the license.
*/
package org.apache.logging.log4j.core.lookup;
import java.util.Objects;
import javax.naming.NamingException;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.Marker;
import org.apache.logging.log4j.MarkerManager;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.net.JndiManager;
import org.apache.logging.log4j.status.StatusLogger;
/**
* Looks up keys from JNDI resources.
*/
@Plugin(name = "jndi", category = StrLookup.CATEGORY)
public class JndiLookup extends AbstractLookup {
private static final Logger LOGGER = StatusLogger.getLogger();
private static final Marker LOOKUP = MarkerManager.getMarker("LOOKUP");
/** JNDI resource path prefix used in a J2EE container */
static final String CONTAINER_JNDI_RESOURCE_PATH_PREFIX = "java:comp/env/";
/**
* Looks up the value of the JNDI resource.
* @param event The current LogEvent (is ignored by this StrLookup).
* @param key the JNDI resource name to be looked up, may be null
* @return The String value of the JNDI resource.
*/
@Override
public String lookup(final LogEvent event, final String key) {
if (key == null) {
return null;
}
final String jndiName = convertJndiName(key);
try (final JndiManager jndiManager = JndiManager.getDefaultManager()) {
return Objects.toString(jndiManager.lookup(jndiName), null);
} catch (final NamingException e) {
LOGGER.warn(LOOKUP, "Error looking up JNDI resource [{}].", jndiName, e);
return null;
}
}
/**
* Convert the given JNDI name to the actual JNDI name to use.
* Default implementation applies the "java:comp/env/" prefix
* unless other scheme like "java:" is given.
* @param jndiName The name of the resource.
* @return The fully qualified name to look up.
*/
private String convertJndiName(final String jndiName) {
if (!jndiName.startsWith(CONTAINER_JNDI_RESOURCE_PATH_PREFIX) && jndiName.indexOf(':') == -1) {
return CONTAINER_JNDI_RESOURCE_PATH_PREFIX + jndiName;
}
return jndiName;
}
}
---
AbstractLookup.java
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache license, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the license for the specific language governing permissions and
* limitations under the license.
*/
package org.apache.logging.log4j.core.lookup;
/**
* A default lookup for others to extend.
*
* @since 2.1
*/
public abstract class AbstractLookup implements StrLookup {
/**
* Calls {@code lookup(null, key)} in the super class.
*
* @see StrLookup#lookup(LogEvent, String)
*/
@Override
public String lookup(final String key) {
return lookup(null, key);
}
}
---
●2.15.0 漏洞修复
---
---
标签:String,Eclipse,JNDI,源码,apache,org,jndiName,final,下载 来源: https://blog.csdn.net/sxzlc/article/details/122225894