update to dynamic attach

Contrast-Security-OSS · Dec 17, 2021 · 996c9c5 · 996c9c5
1 parent b22bc43
commit 996c9c5
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ Safelog4j is an instrumentation-based tool to help you discover, verify, and sol
 
 Safelog4j doesn't rely on version numbers or filenames. Instead, it instruments the application to find log4j and perform an internal test to prove the app is exploitable. Safelog4j also uses instrumentation to disable the JNDI lookup code used by the attack. This is the most effective way to inoculate an otherwise vulnerable application or API.
 
-![safelog4j-screenshot](https://github.com/Contrast-Security-OSS/safelog4j/blob/main/src/main/resources/safelog4j-screenshot.png?raw=true)
+![safelog4j-screenshot](https://github.com/Contrast-Security-OSS/safelog4j/blob/resources/safelog4j-screenshot.png?raw=true)
 
 
 ## Why should you use this

diff --git a/src/main/resources/safelog4j-screenshot.png → resources/safelog4j-screenshot.png b/src/main/resources/safelog4j-screenshot.png → resources/safelog4j-screenshot.png
diff --git a/src/main/java/com/contrastsecurity/App.java b/src/main/java/com/contrastsecurity/App.java
@@ -21,7 +21,7 @@ public static void main(String[] args){
             try{
                 String pid = args[0];
                 String options = args.length>=2 ? args[1] : null;
-                String agentFilePath = "safelog4j-1.0.1.jar";
+                String agentFilePath = "safelog4j-1.0.2.jar";
                 File agentFile = new File(agentFilePath);
                 ByteBuddyAgent.attach(agentFile.getAbsoluteFile(), pid, options);
                 System.out.println("Attached to target jvm and loaded agent successfully");

diff --git a/src/main/java/com/contrastsecurity/LookupAdvice.java b/src/main/java/com/contrastsecurity/LookupAdvice.java
@@ -6,7 +6,8 @@ public class LookupAdvice {
 
     @Advice.OnMethodEnter( skipOn = String.class )
     public static String onEnter() {
-        // is this a test log?
+
+        // is this a synthetic security test log message?
         if ( SafeLog4J.testScope.inScope() ) {
             SafeLog4J.log4ShellFound = true;
             return "attack blocked by safelog4j";
@@ -16,13 +17,12 @@ public static String onEnter() {
             return "attack blocked by safelog4j";
         }
 
-        // in check mode so don't skip to the return
+        // the following line means to return original method return - see skipOn
         return null;
     }
 
     @Advice.OnMethodExit
     public static void onExit( @Advice.Enter String enter, @Advice.Return(readOnly = false) String ret) {
-        ret = enter;
     }
 
 }
diff --git a/src/main/java/com/contrastsecurity/SafeLog4J.java b/src/main/java/com/contrastsecurity/SafeLog4J.java
@@ -41,7 +41,7 @@ public static void transform(String args, Instrumentation inst) {
 		switch(args) {
 			case "block" : checkMode = false; break;
 			case "check" : blockMode = false; break;
-			case "none"  : checkMode = false; blockMode = false; break;
+			case "none"  : return;
 		}
 
 		Loggers.log( "SafeLog4J from Contrast Security" );
@@ -61,8 +61,8 @@ public static void transform(String args, Instrumentation inst) {
 		Loggers.log( "" );
 
 		new AgentBuilder.Default()
-		.with(AgentBuilder.Listener.StreamWriting.toSystemError().withTransformationsOnly())
-		.with(AgentBuilder.Listener.StreamWriting.toSystemError().withErrorsOnly())
+		// .with(AgentBuilder.Listener.StreamWriting.toSystemError().withTransformationsOnly())
+		// .with(AgentBuilder.Listener.StreamWriting.toSystemError().withErrorsOnly())
 		.with(new InstListener(new StringMatcher(".log4j.core.lookup.JndiLookup", StringMatcher.Mode.ENDS_WITH)))
 		.with(RedefinitionStrategy.RETRANSFORMATION)
 		.with(InitializationStrategy.NoOp.INSTANCE)