search

logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
851 stars 174 forks source link

Spring boot applications that has been fixed can´t be runned #61

Closed maol74 closed 2 years ago

maol74 commented 2 years ago

When invoking with --fix parameter on a spring boot app the application can not be runned in the default way again due to compressed inner jars

Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry BOOT-INF/lib/spring-boot-2.6.1.jar
        at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:120)
        at org.springframework.boot.loader.archive.JarFileArchive$NestedArchiveIterator.adapt(JarFileArchive.java:274)
        at org.springframework.boot.loader.archive.JarFileArchive$NestedArchiveIterator.adapt(JarFileArchive.java:265)
        at org.springframework.boot.loader.archive.JarFileArchive$AbstractIterator.next(JarFileArchive.java:226)
        at org.springframework.boot.loader.ExecutableArchiveLauncher.createClassLoader(ExecutableArchiveLauncher.java:87)
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:55)
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)
Caused by: java.io.IOException: Unable to open nested jar file 'BOOT-INF/lib/spring-boot-2.6.1.jar'
        at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:306)
        at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:292)
        at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:116)
        ... 6 more
Caused by: java.lang.IllegalStateException: Unable to open nested entry 'BOOT-INF/lib/spring-boot-2.6.1.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
        at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(JarFile.java:332)
        at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(JarFile.java:314)
        at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:303)
        ... 8 more
xeraph commented 2 years ago

Oh.. Thank you for bug reporting!

maol74 commented 2 years ago

I created a demo app with https://start.spring.io/ and then run the app before and after running the logpresso --fix - this show the bug

xeraph commented 2 years ago

@maol74 Would you test v1.5.0 release?

maol74 commented 2 years ago

Worked perfect for me, thanks for a quick fix on this!!