jody
commented
2 years ago Transcript
% log4shell_1.1.2 scan lib
5:37PM INF identified vulnerable path
cve: CVE-2021-45046
fileName: org/apache/logging/log4j/core/lookup/JndiLookup.class
path: lib/spotbugs/lib/log4j-core-2.16.0.jar
severity: 3.7
versionInfo: "log4j 2.15.0"
% ant clean spotbugs
Buildfile: redistricting/build.xml
check-pmd:
pmdClean:
jacocoClean:
testClean:
[delete] Deleting directory redistricting/reports/test
clean:
[delete] Deleting directory redistricting/build
[delete] Deleting directory redistricting/reports
init:
[mkdir] Created dir: redistricting/build
[mkdir] Created dir: redistricting/reports/test
compile:
[mkdir] Created dir: redistricting/build/classes
[javac] Compiling 18 source files to redistricting/build/classes
[javac] Creating empty redistricting/build/classes/swdmt/redistricting/package-info.class
jar:
[mkdir] Created dir: redistricting/build/jar
[jar] Building jar: redistricting/build/jar/Redistricting.jar
[echo] Jar file has been created, and can be found at: redistricting/build/jar/Redistricting.jar
spotbugs:
[spotbugs] Executing SpotBugs FindBugsTask from ant task
[spotbugs] Running SpotBugs...
[spotbugs] Java Result: 1
[spotbugs] Output saved to redistricting/reports/spotbugs.html
BUILD SUCCESSFUL
Total time: 5 seconds
% ls -l reports/spotbugs.html
-rw-r--r--@ 1 jody staff 7304 Dec 15 10:33 reports/spotbugs.html
%
SpotBugs release 4.5.2 uses patched version of log4j Advisories: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q https://github.com/advisories/GHSA-7rjr-3q55-vv33 SpotBugs: https://github.com/spotbugs/spotbugs
Resolves #162