Created
December 20, 2021 11:43
-
-
Save dogancankilment/4a60fdb7c56575a4d9292f2e407d12dd to your computer and use it in GitHub Desktop.
CVE-2021-45105-Code-Snippet for TR|EN Blog Post
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TR: StrSubstitutor.substitute() yöntemi, değiştirilecek değişkenle birlikte çağrılır | |
| // EN: The StrSubstitutor.substitute() method is called with the variable to be substituted | |
| protected boolean substitute(final LogEvent event, final StringBuilder buf, final int offset, final int length) { | |
| return substitute(event, buf, offset, length, null) > 0; | |
| } | |
| // EN: The StrSubstitutor.substitute() method is called with the original variable lookup (i.e., ctx.apiversion) | |
| // TR: StrSubstitutor.substitute() yöntemi, orijinal değişken aramasıyla (yani, ctx.apiversion) çağrılır; | |
| // found variable end marker | |
| if (nestedVarCount == 0) { | |
| String varNameExpr = new String(chars, startPos + startMatchLen, pos - startPos - startMatchLen); | |
| if (substitutionInVariablesEnabled) { | |
| final StringBuilder bufName = new StringBuilder(varNameExpr); | |
| substitute(event, bufName, 0, bufName.length()); | |
| varNameExpr = bufName.toString(); | |
| } | |
| pos += endMatchLen; | |
| final int endPos = pos; | |
| // EN: In this call to StrSubstitutor.substitute(), a call to StrSubstitutor. checkCyclicSubstitution() is made | |
| // TR: Bu StrSubstitutor.substitute() çağrısında, StrSubstitutor'a yapılan bir çağrı. checkCyclicSubstitution() yapılır: | |
| // on the first call initialize priorVariables | |
| if (priorVariables == null) { | |
| priorVariables = new ArrayList<>(); | |
| priorVariables.add(new String(chars, offset, length + lengthChange)); | |
| } | |
| // handle cyclic substitution | |
| checkCyclicSubstitution(varName, priorVariables); | |
| priorVariables.add(varName); | |
| // EN: Note that the method StrSubstitutor. checkCyclicSubstitution() attempts to detect | |
| // cyclic substitutions of variables by maintaining a priorVariables list and comparing the current variable to the list: | |
| // TR: StrSubstitutor yöntemine dikkat edin. checkCyclicSubstitution() bir öncekiVariables listesini koruyarak | |
| // ve mevcut değişkeni listeyle karşılaştırarak değişkenlerin döngüsel ifadeleri algılamaya çalışır: | |
| private void checkCyclicSubstitution(final String varName, final List<String> priorVariables) { | |
| if (!priorVariables.contains(varName)) { | |
| return; | |
| } | |
| final StringBuilder buf = new StringBuilder(BUF_SIZE); | |
| buf.append("Infinite loop in property interpolation of "); | |
| buf.append(priorVariables.remove(0)); | |
| buf.append(": "); | |
| appendWithSeparators(buf, priorVariables, "->"); | |
| throw new IllegalStateException(buf.toString()); | |
| } | |
| // EN: Later, the variable is resolved to its value (i.e., ${${ctx:apiversion}}) and a recursive call | |
| // to StrSubstitutor.substitute() is made | |
| // TR: Daha sonra, değişken değerine çözümlenir (yani, ${${ctx:apiversion}}) ve StrSubstitutor.substitute() | |
| // için yinelemeli bir çağrı yapılır | |
| // resolve the variable | |
| String varValue = resolveVariable(event, varName, buf, startPos, endPos); | |
| if (varValue == null) { | |
| varValue = varDefaultValue; | |
| } | |
| if (varValue != null) { | |
| // recursive replace | |
| final int varLen = varValue.length(); | |
| buf.replace(startPos, endPos, varValue); | |
| altered = true; | |
| int change = substitute(event, buf, startPos, varLen, priorVariables); | |
| change = change + (varLen - (endPos - startPos)); | |
| pos += change; | |
| bufEnd += change; | |
| lengthChange += change; | |
| chars = getChars(buf); // in case buffer was altered | |
| } | |
| // EN: Once again, we detect the variable in the value being parsed. | |
| // However, the recursive call to StrSubstitutor.substitute() does not include the priorVariables list. | |
| // Therefore, the StrSubstitutor. checkCyclicSubstitution() method will fail to detect the cyclic substitution | |
| // and an infinite recursion will occur: | |
| // TR: Bir kez daha, ayrıştırılan değerdeki değişkeni tespit ediyoruz. Ancak, yinelemeli StrSubstitutor.substitute() çağrısı, | |
| // önceki Variables listesini içermez. Bu nedenle, StrSubstitutor. checkCyclicSubstitution() yöntemi, döngüsel ifadeyi tespit | |
| // edemez ve sonsuz bir özyineleme (recursive) meydana gelir | |
| // found variable end marker | |
| if (nestedVarCount == 0) { | |
| String varNameExpr = new String(chars, startPos + startMatchLen, pos - startPos - startMatchLen); | |
| if (substitutionInVariablesEnabled) { | |
| final StringBuilder bufName = new StringBuilder(varNameExpr); | |
| substitute(event, bufName, 0, bufName.length()); | |
| varNameExpr = bufName.toString(); | |
| } | |
| pos += endMatchLen; | |
| final int endPos = pos; | |
| // EN: Note too that even if the cyclic substitution is caught by StrSubstitutor. checkCyclicSubstitution(), the exception thrown will | |
| // only be caught by AppenderControl.TryCallAppender(), resulting in a failed write to the log | |
| // TR: Ayrıca, döngüsel ifade StrSubstitutor tarafından yakalansa bile unutmayın. checkCyclicSubstitution(), atılan istisna yalnızca | |
| // AppenderControl.TryCallAppender() tarafından yakalanacak ve günlüğe başarısız bir yazma işlemine neden olacaktır | |
| private void tryCallAppender(final LogEvent event) { | |
| try { | |
| appender.append(event); | |
| } catch (final RuntimeException error) { | |
| handleAppenderError(event, error); | |
| } catch (final Exception error) { | |
| handleAppenderError(event, new AppenderLoggingException(error)); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // EN: Patch Analysis | |
| if (varValue != null) { | |
| // recursive replace | |
| final int varLen = varValue.length(); | |
| buf.replace(startPos, endPos, varValue); | |
| altered = true; | |
| int change = isRecursiveEvaluationAllowed() | |
| ? substitute(event, buf, startPos, varLen, priorVariables) | |
| : 0; | |
| change = change + (varLen - (endPos - startPos)); | |
| pos += change; | |
| bufEnd += change; | |
| lengthChange += change; | |
| chars = getChars(buf); // in case buffer was altered | |
| } | |
| // found variable end marker | |
| if (nestedVarCount == 0) { | |
| String varNameExpr = new String(chars, startPos + startMatchLen, pos - startPos - startMatchLen); | |
| if (substitutionInVariablesEnabled) { | |
| // initialize priorVariables if they're not already set | |
| if (priorVariables == null) { | |
| priorVariables = new ArrayList<>(); | |
| } | |
| final StringBuilder bufName = new StringBuilder(varNameExpr); | |
| substitute(event, bufName, 0, bufName.length(), priorVariables); | |
| varNameExpr = bufName.toString(); | |
| } | |
| pos += endMatchLen; | |
| final int endPos = pos; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment