#! /bin/bash

. /usr/src/k_framework/main.sh

# ---- VARS -----

VERSION="1.0.1"
SCRIPT_NAME="Log4j1.x vulnerability fix"

# ---- FUNCTIONS -----

# ---- MAIN -----
# Log4j 1.x vulnerability "fix"
# https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
# https://access.redhat.com/security/cve/CVE-2021-4104

# Note this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, 
# or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JMS Broker.

# MOR/M2/M4 is not affected, but remove JMSAppender just to be sure

k_start

if [[ -d /usr/share/elasticsearch/lib/ ]]; then
    cd /usr/share/elasticsearch/lib/ || { report "Failed to cd to /usr/share/elasticsearch/lib/" && k_exit 1; }
    if unzip -l log4j-1.* | grep -Fq JMSAppender.class; then
        zip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class
        if ! unzip -l log4j-1.* | grep -Fq JMSAppender.class; then
           report "log4j-1.x vulnerability has been \"fixed\" - JMSAppender.class removed" 3
        else
           report "Failed to remove JMSAppender.class" 1
           EXIT_CODE=1
        fi
    else
        report "log4j-1.x vulnerability does not exit - JMSAppender.class already has been removed" 0
    fi
else
    report "/usr/share/elasticsearch/lib/ does not exit, log4j-1.x is not present in the system" 0 
fi

k_exit $EXIT_CODE