@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
COLOR 1F
CLS
REM ###########################################################
REM #
REM # log4jShell 취약점 패치
REM #
REM # 대상: Fortify SCA 4.3~21.1
REM # 선행조건: zip 커맨드가 설치되어 있어야 한다.
REM #
REM # CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
REM #
REM # Author: hasu0707@esvali.com (2021.12.13)
REM #
REM ###########################################################
SET "ZIP_CMD=zip"
REM ###########################################################
REM # 전역 변수 설정
REM ###########################################################
SET TIMESTAMP_VAL=%DATE:~0,4%%DATE:~5,2%%DATE:~8,2%_%TIME:~0,2%%TIME:~3,2%%TIME:~6,2%
SET TIMESTAMP_VAL=%TIMESTAMP_VAL: =0%
SET /A FILESIZE1=0
SET /A FILESIZE2=0
REM ###########################################################
REM # 타이틀 출력
REM ###########################################################
ECHO ###########################################################
ECHO #
ECHO # Fortify SCA log4jShell 취약점 패치 스크립트
ECHO #
ECHO # (주)이씨큐밸리
ECHO #
ECHO ###########################################################
ECHO.
ECHO ###########################################################
ECHO # Fortify SCA 경로 입력
ECHO # (공백이 포함되어 있으면 오류가 날 수 있습니다.)
ECHO ###########################################################
ECHO Fortify SCA 경로를 입력해 주세요.
ECHO 예) C:\fortify_sca_20.2.0
:LABEL_1
SET /P SCA_PATH="SCA PATH: "
IF NOT EXIST "%SCA_PATH%\Core\lib" (
ECHO ERROR: %SCA_PATH%는 Fortify SCA 폴더가 아닙니다.
GOTO LABEL_1
)
ECHO.
FOR /F "tokens=* USEBACKQ" %%F IN (`DIR /B "%SCA_PATH%\Core\lib\log4j-core-*.jar"`) DO (
SET JAR_FILE=%%F
)
IF NOT DEFINED JAR_FILE (
ECHO ERROR: JAR 파일이 발견되지 않습니다.
EXIT /B
)
FOR /F "tokens=* USEBACKQ" %%F IN (`DIR /B "%SCA_PATH%\Core\lib\log4j-core-*.jar"`) DO (
ECHO ###########################################################
ECHO # 패치대상 JAR파일: "%SCA_PATH%\Core\lib\%%F"
ECHO ###########################################################
ECHO.
ECHO ###########################################################
ECHO # 백업 실행
ECHO # "%SCA_PATH%\Core\lib\%%F -> %%F.%TIMESTAMP_VAL%"
ECHO ###########################################################
COPY /B /Y "%SCA_PATH%\Core\lib\%%F" %%F.%TIMESTAMP_VAL%
ECHO.
CALL :GETFILESIZE "%SCA_PATH%\Core\lib\%%F" FILESIZE1
ECHO ###########################################################
ECHO # 패치 실행
ECHO ###########################################################
ECHO %ZIP_CMD% -q -d "%SCA_PATH%\Core\lib\%%F" org/apache/logging/log4j/core/lookup/JndiLookup.class
%ZIP_CMD% -q -d "%SCA_PATH%\Core\lib\%%F" org/apache/logging/log4j/core/lookup/JndiLookup.class
CALL :GETFILESIZE "%SCA_PATH%\Core\lib\%%F" FILESIZE2
ECHO.
ECHO ###########################################################
ECHO # 파일 권한 설정
ECHO ###########################################################
ICACLS "%SCA_PATH%\Core\lib\%%F" /t /grant:r Administrators:F > NUL
ICACLS "%SCA_PATH%\Core\lib\%%F" /t /grant:r Users:F > NUL
ICACLS "%SCA_PATH%\Core\lib\%%F" /t /grant:r Everyone:F > NUL
ECHO.
IF "!FILESIZE1!" EQU "!FILESIZE2!" (
ECHO ###########################################################
ECHO # File: %SCA_PATH%\Core\lib\%%F
ECHO # Before size: !FILESIZE1!
ECHO # After size: !FILESIZE2!
ECHO #
ECHO # ERROR!!: 패치 전과 패치 후의 파일 사이즈가 같아 중복
ECHO # 패치 또는 패치가 실패 했습니다.
ECHO ###########################################################
) ELSE (
ECHO ###########################################################
ECHO # File: %SCA_PATH%\Core\lib\%%F
ECHO # Before size: !FILESIZE1!
ECHO # After size: !FILESIZE2!
ECHO #
ECHO # 패치 성공 !!
ECHO ###########################################################
)
PAUSE
)
ENDLOCAL
GOTO :EOF
REM ###########################################################
REM # 파일 사이즈를 구하는 함수
REM ###########################################################
:GETFILESIZE
SET %~2=%~Z1
GOTO :EOF
@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
COLOR 1F
CLS
REM ###########################################################
REM #
REM # log4jShell 취약점 패치
REM #
REM # 대상: Fortify SSC 4.3~21.1
REM # 선행조건: zip 커맨드가 설치되어 있어야 한다.
REM #
REM # CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
REM #
REM # Author: hasu0707@esvali.com (2021.12.13)
REM #
REM ###########################################################
SET "ZIP_CMD=zip"
REM ###########################################################
REM # 전역 변수 설정
REM ###########################################################
SET TIMESTAMP_VAL=%DATE:~0,4%%DATE:~5,2%%DATE:~8,2%_%TIME:~0,2%%TIME:~3,2%%TIME:~6,2%
SET TIMESTAMP_VAL=%TIMESTAMP_VAL: =0%
SET /A FILESIZE1=0
SET /A FILESIZE2=0
REM ###########################################################
REM # 타이틀 출력
REM ###########################################################
ECHO ###########################################################
ECHO #
ECHO # Fortify SSC log4jShell 취약점 패치 스크립트
ECHO #
ECHO # (주)이씨큐밸리
ECHO #
ECHO ###########################################################
ECHO.
ECHO ###########################################################
ECHO # Fortify SSC 경로 입력
ECHO # (공백이 포함되어 있으면 오류가 날 수 있습니다.)
ECHO ###########################################################
ECHO Fortify SSC 경로를 입력해 주세요.
ECHO 예) D:\apache-tomcat\webapps\ssc
:LABEL_1
SET /P SSC_PATH="SSC PATH: "
IF NOT EXIST "%SSC_PATH%\flex" (
ECHO ERROR: %SSC_PATH%는 Fortify SSC 폴더가 아닙니다.
GOTO LABEL_1
)
ECHO.
FOR /F "tokens=* USEBACKQ" %%F IN (`DIR /B "%SSC_PATH%\WEB-INF\lib\log4j-core-*.jar"`) DO (
SET JAR_FILE=%%F
)
IF NOT DEFINED JAR_FILE (
ECHO ERROR: JAR 파일이 발견되지 않습니다.
EXIT /B
)
FOR /F "tokens=* USEBACKQ" %%F IN (`DIR /B "%SSC_PATH%\WEB-INF\lib\log4j-core-*.jar"`) DO (
ECHO ###########################################################
ECHO # 패치대상 JAR파일: "%SSC_PATH%\WEB-INF\lib\%%F"
ECHO ###########################################################
ECHO.
ECHO ###########################################################
ECHO # 백업 실행
ECHO # "%SSC_PATH%\WEB-INF\lib\%%F -> %%F.%TIMESTAMP_VAL%"
ECHO ###########################################################
COPY /B /Y "%SSC_PATH%\WEB-INF\lib\%%F" %%F.%TIMESTAMP_VAL%
ECHO.
CALL :GETFILESIZE "%SSC_PATH%\WEB-INF\lib\%%F" FILESIZE1
ECHO ###########################################################
ECHO # 패치 실행
ECHO ###########################################################
ECHO %ZIP_CMD% -q -d "%SSC_PATH%\WEB-INF\lib\%%F" org/apache/logging/log4j/core/lookup/JndiLookup.class
%ZIP_CMD% -q -d "%SSC_PATH%\WEB-INF\lib\%%F" org/apache/logging/log4j/core/lookup/JndiLookup.class
CALL :GETFILESIZE "%SSC_PATH%\WEB-INF\lib\%%F" FILESIZE2
ECHO.
ECHO ###########################################################
ECHO # 파일 권한 설정
ECHO ###########################################################
ICACLS "%SSC_PATH%\WEB-INF\lib\%%F" /t /grant:r Administrators:F > NUL
ICACLS "%SSC_PATH%\WEB-INF\lib\%%F" /t /grant:r Users:F > NUL
ICACLS "%SSC_PATH%\WEB-INF\lib\%%F" /t /grant:r Everyone:F > NUL
ECHO.
IF "!FILESIZE1!" EQU "!FILESIZE2!" (
ECHO ###########################################################
ECHO # File: %SSC_PATH%\WEB-INF\lib\%%F
ECHO # Before size: !FILESIZE1!
ECHO # After size: !FILESIZE2!
ECHO #
ECHO # ERROR!!: 패치 전과 패치 후의 파일 사이즈가 같아 중복
ECHO # 패치 또는 패치가 실패 했습니다.
ECHO ###########################################################
) ELSE (
ECHO ###########################################################
ECHO # File: %SSC_PATH%\WEB-INF\lib\%%F
ECHO # Before size: !FILESIZE1!
ECHO # After size: !FILESIZE2!
ECHO #
ECHO # 패치 성공 !!
ECHO ###########################################################
)
PAUSE
)
ENDLOCAL
GOTO :EOF
REM ###########################################################
REM # 파일 사이즈를 구하는 함수
REM ###########################################################
:GETFILESIZE
SET %~2=%~Z1
GOTO :EOF
#!/bin/sh
###########################################################
#
# log4jShell 취약점 패치
#
# 대상: Fortify SCA Server 4.3~21.1
# 선행조건: zip 커맨드가 설치되어 있어야 한다.
#
# CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
#
# Author: hasu0707@esvali.com (2021.12.13)
#
###########################################################
TIMESTAMP_VAL=`date "+%Y%m%d_%H%M%S"`
CURRENT_DIR=`pwd -P`
SCA_LIBDIR="Core/lib"
###########################################################
#
# Fortify SCA 경로를 입력 받는다.
#
###########################################################
func_input_install_path() {
echo "EX) /opt/Fortify/Fortify_SCA_and_Apps_20.2.1"
while read -p "Fortify SCA Path: " SCA_PATH
do
if [ ! -d ${SCA_PATH}/Core/lib ]
then
echo "${SCA_PATH} is not Fortify SCA Path."
else
break
fi
done
}
###########################################################
#
# 패치를 실행한다.
#
###########################################################
func_patch_log4j_core() {
echo "###########################################################"
echo "#"
echo "# SCA_PATH: ${SCA_PATH}"
echo "#"
echo "###########################################################"
JAR_FULLPATH=`ls -1 ${SCA_PATH}/${SCA_LIBDIR}/log4j-core-*.jar`
for LOG4J2CORE in ${JAR_FULLPATH}
do
JAR_FILE=$(basename -- ${LOG4J2CORE})
echo "###########################################################"
echo "# JAR FILE: ${LOG4J2CORE}"
echo "###########################################################"
if [ ! -f ${LOG4J2CORE} ]
then
echo "ERROR: log4j-core.jar not found."
exit 1
fi
echo ">>Backup ${LOG4J2CORE} -> ${CURRENT_DIR}/${JAR_FILE}.${TIMESTAMP_VAL}"
cp -f ${LOG4J2CORE} ${CURRENT_DIR}/${JAR_FILE}.${TIMESTAMP_VAL}
cp -f ${LOG4J2CORE} ${LOG4J2CORE}.${TIMESTAMP_VAL}
echo
echo "zip -q -d ${LOG4J2CORE} org/apache/logging/log4j/core/lookup/JndiLookup.class"
FILESIZE1=$(stat -c%s ${LOG4J2CORE})
zip -q -d ${LOG4J2CORE} org/apache/logging/log4j/core/lookup/JndiLookup.class
sync
FILESIZE2=$(stat -c%s ${LOG4J2CORE})
# 파일 사이즈로 정상적으로 패치가 되었는지 검사한다.
echo ">> File name: ${LOG4J2CORE}"
echo ">> Before file size: ${FILESIZE1}"
echo ">> After file size: ${FILESIZE2}"
echo "-----------------------------"
if [ "$FILESIZE1" -eq "$FILESIZE2" ]; then
echo "*** ERROR: FAILED TO PATCH. (same filesize) ***"
else
echo "*** SUCCESSED TO PATCH. ***"
fi
echo
done
}
###########################################################
#
# main
#
###########################################################
func_input_install_path
func_patch_log4j_core
# Debug
#cp -f /opt/Fortify/log4j-core-2.10.0.jar /opt/Fortify/Fortify_SCA_and_Apps_20.2.1/Core/lib/
#cp -f /opt/Fortify/log4j-core-2.13.2.jar /opt/Fortify/Fortify_SCA_and_Apps_20.2.1/Core/lib/
#!/bin/sh
###########################################################
#
# log4jShell 취약점 패치
#
# 대상: Fortify SSC Server 4.3~21.1
# 선행조건: zip 커맨드가 설치되어 있어야 한다.
#
# CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
#
# Author: hasu0707@esvali.com (2021.12.13)
#
###########################################################
TIMESTAMP_VAL=`date "+%Y%m%d_%H%M%S"`
CURRENT_DIR=`pwd -P`
SSC_LIBDIR="WEB-INF/lib"
###########################################################
#
# Fortify SSC 경로를 입력 받는다.
#
###########################################################
func_input_install_path() {
echo "EX) /opt/tomcat/apache-tomcat-9.0.55/webapps/ssc"
while read -p "Fortify SSC Path: " SSC_PATH
do
if [ ! -d ${SSC_PATH}/flex ]
then
echo "${SSC_PATH} is not Fortify SSC Path."
else
break
fi
done
}
###########################################################
#
# 패치를 실행한다.
#
###########################################################
func_patch_log4j_core() {
echo "###########################################################"
echo "#"
echo "# SSC_PATH: ${SSC_PATH}"
echo "#"
echo "###########################################################"
JAR_FULLPATH=`ls -1 ${SSC_PATH}/${SSC_LIBDIR}/log4j-core-*.jar`
for LOG4J2CORE in ${JAR_FULLPATH}
do
JAR_FILE=$(basename -- ${LOG4J2CORE})
echo "###########################################################"
echo "# JAR FILE: ${LOG4J2CORE}"
echo "###########################################################"
if [ ! -f ${LOG4J2CORE} ]
then
echo "ERROR: log4j-core.jar not found."
exit 1
fi
echo ">>Backup ${LOG4J2CORE} -> ${CURRENT_DIR}/${JAR_FILE}.${TIMESTAMP_VAL}"
cp -f ${LOG4J2CORE} ${CURRENT_DIR}/${JAR_FILE}.${TIMESTAMP_VAL}
cp -f ${LOG4J2CORE} ${LOG4J2CORE}.${TIMESTAMP_VAL}
echo
echo "zip -q -d ${LOG4J2CORE} org/apache/logging/log4j/core/lookup/JndiLookup.class"
FILESIZE1=$(stat -c%s ${LOG4J2CORE})
zip -q -d ${LOG4J2CORE} org/apache/logging/log4j/core/lookup/JndiLookup.class
sync
FILESIZE2=$(stat -c%s ${LOG4J2CORE})
# 파일 사이즈로 정상적으로 패치가 되었는지 검사한다.
echo ">> File name: ${LOG4J2CORE}"
echo ">> Before file size: ${FILESIZE1}"
echo ">> After file size: ${FILESIZE2}"
echo "-----------------------------"
if [ "$FILESIZE1" -eq "$FILESIZE2" ]; then
echo "*** ERROR: FAILED TO PATCH. (same filesize) ***"
else
echo "*** SUCCESSED TO PATCH. ***"
fi
echo
done
}
###########################################################
#
# main
#
###########################################################
func_input_install_path
func_patch_log4j_core
